Results 1 to 7 of 7

Thread: Uk Business Urged to swat up on forencics

  1. #1
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668

    Uk Business Urged to swat up on forencics

    According to an article on the Reg: http://www.theregister.co.uk/2005/09...rensics_guide/

    Brit firms are failing to capture vital evidence and need some guidance. Which is available here: http://www.iaac.org.uk/Default.aspx?tabid=65

    Aspman,

    This may interest you if you haven't seen it.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  2. #2
    Computer Forensics
    Join Date
    Jul 2001
    Posts
    672
    It's not just in the UK A lot of places in the US are doing this as well.
    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust

  3. #3
    Frustrated Mad Scientist
    Join Date
    Dec 2004
    Posts
    1,152
    Nice link Jinxy.

    I was on a briefing course last week. They were selling Encase and training to go with it. I (and other there) were of the opinion that if something was so bad to warrant forensic investigation then our priority should be preservation of evidence and that the evidence should be later examined by a forensics expert.

    We were told that Encase is easy to use blah blah blah. I'm sure it is but interpretation of the results gained from Encase is a seriously difficult task requiring a lot of experience.

    Now I could get encase in and do the training but there is no way I'd be competant to produce evidence worthy of a court. Computer evidence is a minefield.

    Preservation of evidence should be promoted as the key step. If companies can preserve the evidence they've then got breathing space to pass that to an expert to get the results.

    [quickly flicks through pdf] 'ere that doesn't look too shabby. Looks like it covers a lot of the briefing I was at. Good stuff.

  4. #4
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Nice link Foxy.
    Is this a case of mistaken identity, or are you saying that i'm extreemly attractive
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  5. #5
    Frustrated Mad Scientist
    Join Date
    Dec 2004
    Posts
    1,152
    Don't know what you're on about <shuffles feet, looks at ground>

    Sorry Jinx, heads up my arse today.

    I've never had a good memory for faces

  6. #6
    Originally posted here by Aspman
    Sorry Jinx, heads up my arse today.

    I've never had a good memory for faces
    Geez, Aspman, nothing like a backhanded compliment.

    Jinxy, where _have_ you been?



    EDIT:

    Educating businesses and public agencies in the processes and needs of forensics is critical, but they should not be encouraged to try to perform forensics. The role of the organizational IT should be to preserve and isolate the scene, and nothing more. Chain of custody for digital evidence is critical, and the process used to gather and capture the evidence will determine whether it is accepted as more than "hearsay" evidence in court.

    Just because you may be using enCase to perform forensics on a system doesn't guarantee that the court will accept the evidence. A qualified, professional forensics tech with dd and some free tools will probably put together a more acceptable evidence package than a systems tech with enCase and a week of training.

    I'm inclined to think enCase is more market hype than anything. I know law enforcement types who swear by any number of tools and don't consider enCase worth the price. But, these are the guys who go "call-to-call" in their jobs and need tools that will nail the case.

  7. #7
    Frustrated Mad Scientist
    Join Date
    Dec 2004
    Posts
    1,152
    The forensics guy running the briefing I was at was very experience in criminal and civil cases.
    His argument for using Encase rather than anything else (and I asked him about Helix specifically) was that

    1)Encase does the job
    2)More importantly Encase is court proved and less likely to be subject to detailed argument about whether the evidence produced by it and related tools (fastblocker etc) was sound.
    3)The Encase developer have a standing offer to defend their product in court where required.

    Even if the open source tools were better (and I'm not saying they are or not) he would not shift away from Encase for reasons 2 and 3.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •