[olug] OT: Local PC Forensics Experts

Aric Aasgaard aric at omahax.com
Fri May 9 22:36:03 CDT 2014


A good way to get good or at least get lots of free advice is to post bad
advice in an internet discussion.  :)

I have heard that some companies handle the chain of custody thing by making
two clones of the drive and hashing them and putting one in a secure place
that no one has access to.


-----Original Message-----
From: olug-bounces at olug.org [mailto:olug-bounces at olug.org] On Behalf Of
Hurley, Rod
Sent: Friday, May 09, 2014 9:39 AM
To: Omaha Linux User Group
Subject: Re: [olug] OT: Local PC Forensics Experts

And if you decide to take this on: enable logging for everything, before you
touch a single file.  Audit trails must be available at a moment's notice,
or nothing you present will be usable.

Rod

-----Original Message-----
From: olug-bounces at olug.org [mailto:olug-bounces at olug.org] On Behalf Of
Kevin Lane
Sent: Friday, May 09, 2014 9:35 AM
To: Omaha Linux User Group
Subject: Re: [olug] OT: Local PC Forensics Experts

Correct, in order to do this correctly, and avoid the case getting thrown
out, you haveto maintain a chain of evidence.Everything has to be documented
meticulouslyand, you have to also prove that you did not alter the data in
any way,which usually means the first thing you do is make a read-only copy
or imageof the data.There are specialized tools to do this, some freeware,
most VERY costly.Not to mention the hardware required in order to be able to
copyevery medium out there, the disk space requirements (you have to save
the datafor a period of time as well), etc...
It can be a rewarding en devour ($$$), but the up front costs, detailed
documentationand time involved is not a trivial matter.
http://forensiccontrol.com/resources/beginners-guide-computer-forensics/
Kevin

> From: RHurley at TENASKA.com
> To: olug at olug.org
> Date: Fri, 9 May 2014 14:25:01 +0000
> Subject: Re: [olug] OT: Local PC Forensics Experts
> 
> By "nudging this request along" he means run like the wind away from this
one.  ;o)  I've been involved with a couple of these, and they get pretty
hairy.
> 
> Rod
> 
> -----Original Message-----
> From: olug-bounces at olug.org [mailto:olug-bounces at olug.org] On Behalf 
> Of Matthew G. Marsh
> Sent: Friday, May 09, 2014 9:11 AM
> To: Omaha Linux User Group
> Subject: Re: [olug] OT: Local PC Forensics Experts
> 
> 
> If the person asking is an attorney then I would only refer them to
accredited services. You can get into serious trouble otherwise depending on
the context of the reference.
> 
> If the asker is a member of the Nebraska Bar Association then they would
be best served by seeing what organizations are listed for those services
with the bar. As a member of the Iowa Bar Association I know there are
several organizations listed as providing those type of services.
> 
> That being said, I suspect your asker is trying to determine if they
can/should take a particular case and is looking for an inexpensive method
of determining if the client's claims of impropriety are suitable.
> 
> Unless you are really interested in playing around in the legal system I
would advise nudging this request along.
> 
> Just my opinion of course, and no transactions have occurred herein...
> 
> mgm
> 
> (Disclaimer: Matthew G. Marsh, JD, NSA, CISA, CISSP, etc.)
> 
> On Thu, 8 May 2014, jregier at cox.net wrote:
> 
> > This is a bit off topic.
> >
> > I was asked if I know of anyone locally that can "determine if a PC 
> > has been hacked."  I don't have much detail except that its probably 
> > a Windows machine.  I know I have seen some of you talk about 
> > getting some security certifications from time to time.  Is there 
> > anyone here that would want to take this on?  Do you know of any?  I 
> > don't want to do this myself but I would like to make a referral if
possible.
> >
> > The person asking is a lawyer so take that into account.  Things 
> > could get "legal."  You may need some experience/credentials.  I'm 
> > not sure if this would end up in a court or not.
> >
> > Thanks
> >
> > Jesse Regier
> 
> --------------------------------------------------
> Matthew G. Marsh
> Special Email Addr for OLUG ;-}
> Phone: (402) 932-7250
> Email: olug4mgm at paktronix.com
> WWW:  http://www.paksecured.org
> --------------------------------------------------
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
 		 	   		  
_______________________________________________
OLUG mailing list
OLUG at olug.org
https://lists.olug.org/mailman/listinfo/olug
_______________________________________________
OLUG mailing list
OLUG at olug.org
https://lists.olug.org/mailman/listinfo/olug



More information about the OLUG mailing list