EXPLORE THE PAST TO KNOW THE FUTURE OF “DATA”DR. JOE CICCONE

CJ 317 – Computer Forensics

Last Week & This Week

Questions and Comments of last week ~This chapter explains data acquisition. You will

learn about digital evidence storage formats and how to determine the best acquisition method. The chapter will address contingency planning for data acquisitions and how to use acquisition tools. Chapter 4 also explains how to validate data acquisitions, reviews various RAID acquisition methods and how to use remote network acquisition tools. Finally, Chapter 4 lists other forensic tools available for data acquisitions.

History of Technological Advances

The history of technology and policing can be categorized within four stages.

Be sure that when you begin to use ProDiscover that they have enough hard drive space. On the larger drive images, they will need at least 20 GB or more free after they have copied the image to their working drive.

The Second Stage: 1946-1959

The world of digital forensics is changing quickly and it is a relatively new field. As a result, a lot of tools are on the market, some of which are compatible with each other, some are not. It is critical for you as an investigator to verify any tool you use and to validate any image you take of a digital device.

What IT tools did I have here?

Digital Forensics

Documentation of what you do is extremely important. You need to note what software you use and what version. In many cases, it may be several years before you go to court. Most of us are not going to remember exactly what we did on each individual case without our notes.

What Does History Tell Us?

Technology Facilitated the Reactive Model of Policing. Advances of technology has allowed for a more proactive approach.

Criminals Get Smarter and New Crimes Emerge Questionable Homicides Rapist more knowledgeable about physical evidence Computer Crime

Technology Enhances Law Enforcement but Law Enforcement misuses Technology. - Taser Again?

Who am I?

Project 4-1

Your supervisor has asked you to research current acquisition tool. Using your preferred Internet search engine and the vendors listed in this chapter, prepare a report containing the following information for each tool and stating which tool you would prefer to use: Computer forensics vendor name Acquisition tool name and latest version number

Features of the vendor's product With this data collected, prepare a spreadsheet listing the vendors in the

rows. For the column headings, list the following features: Raw format

Proprietary formatAFF formatOther proprietary formats the tool can readCompression of image filesRemote network acquisition capabilitiesMethod used to validate (MD5, SHA-1, and so on)

Your Questions & Comments

What Questions do you have? Suggestions for next weeks Seminar