The process side of forensic investigations Patrick Green Network and Security Manager.

Slides:



Advertisements
Similar presentations
Practical Application of Computer Forensics Lisa Outlaw, CISA, CISSP, ITIL Certified.
Advertisements

Complex Recovery/ Data Reduction DFRWS Technical Issues Lots of info to be recovered in in deleted file space Partial data recovery: does this give.
2:05 sec Today you will be learning about how to conduct and participate in a mock trial. You will become familiar with some basic courtroom procedures.
Outline of Topics  Introduction  CPR, law and expectations  IT issues  Disclosure process.
COEN 252 Computer Forensics
Evidence Collection & Admissibility Computer Forensics BACS 371.
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
We’ve got what it takes to take what you got! NETWORK FORENSICS.
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
BACS 371 Computer Forensics
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Legal, Regulations, Compliance and Investigations.
Computer Forensics Principles and Practices
Computer Forensics Mr.PRAWEE PROMPONMUANG M.Sc(Forensic Science) NO
By Drudeisha Madhub Data Protection Commissioner Date:
Security+ All-In-One Edition Chapter 20 – Forensics Brian E. Brzezicki.
COEN 152 Computer Forensics Introduction to Computer Forensics.
Introduction to Data Forensics CIS302 Harry R. Erwin, PhD School of Computing and Technology University of Sunderland.
Guide to Computer Forensics and Investigations, Second Edition
Guide to Computer Forensics and Investigations, Second Edition Chapter 2 Understanding Computer Investigation.
3Digital Evidence in the Courtroom Dr. John P. Abraham Professor of Computer Science UTPA.
Forensic Science Types of Evidence. What is Forensic Science? The use of science in the examination of evidence associated with crime.
7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA.
 An orderly analysis, investigation, inquiry, test, inspection, or examination along a “paper trail” in the search for fraud, embezzlement, or hidden.
Use it or lose it. Know the Rules  T.R.Cr.P. 5.1  Evidence- hearsay not allowed ( except proof of ownership or expert reports)  Defense right to cross.
Undergraduate Technology Programs John Baker Johns Hopkins University Carey Business School
Professional Development: Group 1 Career Topic COMPUTER FORENSICS.
Computer Forensics Principles and Practices
Investigation & Arrest – BIG PICTURE CRIME Police are notified 911 POLICE investigate ensure public safety protect & preserve crime scene collect & identify.
The Trial. I. Procedures A. Jury Selection 1. Impanel (select) a jury 2. Prosecutors and Defense lawyers pose questions to potential jurors (VOIR DIRE)
Sketching a Crime Scene. The crime scene sketch is the simplest and most effective method of recording the positions of physical evidence, the placement.
© Sapphire 2006 Computer Misuse in the Workplace You only get one chance..... David Horn You only get one chance...
Preparing for the worst,
Forensic Procedures 1. Assess the situation and understand what type of incident or crime is to be investigated. 2. Obtain senior management approval to.
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
Chapter 2 Understanding Computer Investigations Guide to Computer Forensics and Investigations Fourth Edition.
Test Yourself: Introduction to Law. State for each of the following terms whether they are to be found in criminal law or civil law or both.
CJ 317 – Computer Forensics
Crime Scene Investigator. About Crime scene investigators (CSIs) go by many names, including: –evidence technician, –crime scene technician, –forensic.
 Forensics  Application of scientific knowledge to a problem  Computer Forensics  Application of the scientific method in reconstructing a sequence.
Computer Forensics Presented By:  Anam Sattar  Anum Ijaz  Tayyaba Shaffqat  Daniyal Qadeer Butt  Usman Rashid.
Review Internet Safety. Definition Phishing is fishing for personal and financial information disguised at legitimate business .
Chapter 7 Volume versus Partition. Cylinder, Head, and Sector (CHS) Hard or fixed disks store information on a revolving platter of metal or glass coated.
Belleville High School Law Related Education Program.
COURTS, JUDGES AND THE LAW Key Terms on Judicial Branch.
ONLINE COURSES - SIFS FORENSIC SCIENCE PROGRAMME - 2 Our online course instructors are working professionals handling real-life cases related to various.
Computer Forensics Tim Foley COSC 480 Nov. 17, 2006.
Cell Phone Forensics Investigator - ICFECI
Chapter One: Observation Skills
Forensic Science: Fundamentals & Investigations, 2e Chapter 1 1 All rights Reserved Cengage/NGL/South-Western © 2016.
Observation Skills.
All rights Reserved Cengage/NGL/South-Western © 2016.
Chapter One: Observation Skills
Computer Forensics By: Chris Rozic.
Chapter 3: Observation Skills
Chapter One: Observation Skills
Criminal Legal Process
Using the Scientific Method to Solve Crimes
Belleville High School Law Related Education Program
All rights Reserved Cengage/NGL/South-Western © 2016.
CHAPTER 1 – OBSERVATION SKILLS
Warm Up Who is the most important person in a courtroom? Why?
OBSERVATION SKILLS.
Steps to Solving a Crime
Steps to Solving a Crime
Scientific Processes Scientific Method.
Forensics Week 2.
Belleville High School Law Related Education Program
Belleville High School Law Related Education Program
Digital Forensics Chris Rozic.
Ninth Annual Prescription for Criminal Justice Forensics Program Department of Justice Forensic Science Projects to Support the Adversarial Process Kira.
Presentation transcript:

The process side of forensic investigations Patrick Green Network and Security Manager

NB IANAL Advice based on experience Every time you think it finished, the goal posts move

What is forensics? scientific tests or techniques used in connection with the detection of crime. Court ready

Its not just about technology The defense needs to be able to repeat the process You have to prove no alteration Beyond reasonable doubt

It is about people You are not proving guilt (or innocence) Providing evidence for the court to determine guilt or innocence Presenting facts Expert opinion

It is about process Good process underlines forensics Who does what

Technology is used To back up the process To help the investigator As an audit trail To do the work

What does process look like? Understand the case What are you investigating What data sources will you need What do you need to provide

Step 1 Define the scope "All s going to "All s from "All files on the hard drive which are of AVI format”

Step 2 Identify where data will come from How do you ensure they are secure How do you analyze them Prove secure after analysis What about virtual machines?

Step 3 Get sign off Legal HR Head of Department Anyone else?

NB (2) Have the right paperwork And kit

Thoughts Some of the systems you will use will depend on what you are analysing Read only is always better - “read reply” s Test first

Remember to Checksum everything Document each step taken

Oh, and… Analyze the data!

Then Write your report It’s a defense of every step Shows no tampering Highlights any conflicts of interest

Be aware of the law No fishing expeditions Think about who you are investigating Stick to the scope Document what you did Write down your process Make sure you have sign off

Get certified? M812 Digital forensics Certified Forensic Investigation Practitioner (CFIP) qualification GIAC Certified Forensic Analyst (GCFA)

Prepare Create a kit bag with everything in it Update software Practice techniques Its *always* urgent

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.