[olug] OT: Local PC Forensics Experts
Hurley, Rod
RHurley at TENASKA.com
Fri May 9 15:38:33 CDT 2014
And if you decide to take this on: enable logging for everything, before you touch a single file. Audit trails must be available at a moment's notice, or nothing you present will be usable.
Rod
-----Original Message-----
From: olug-bounces at olug.org [mailto:olug-bounces at olug.org] On Behalf Of Kevin Lane
Sent: Friday, May 09, 2014 9:35 AM
To: Omaha Linux User Group
Subject: Re: [olug] OT: Local PC Forensics Experts
Correct, in order to do this correctly, and avoid the case getting thrown out, you haveto maintain a chain of evidence.Everything has to be documented meticulouslyand, you have to also prove that you did not alter the data in any way,which usually means the first thing you do is make a read-only copy or imageof the data.There are specialized tools to do this, some freeware, most VERY costly.Not to mention the hardware required in order to be able to copyevery medium out there, the disk space requirements (you have to save the datafor a period of time as well), etc...
It can be a rewarding en devour ($$$), but the up front costs, detailed documentationand time involved is not a trivial matter.
http://forensiccontrol.com/resources/beginners-guide-computer-forensics/
Kevin
> From: RHurley at TENASKA.com
> To: olug at olug.org
> Date: Fri, 9 May 2014 14:25:01 +0000
> Subject: Re: [olug] OT: Local PC Forensics Experts
>
> By "nudging this request along" he means run like the wind away from this one. ;o) I've been involved with a couple of these, and they get pretty hairy.
>
> Rod
>
> -----Original Message-----
> From: olug-bounces at olug.org [mailto:olug-bounces at olug.org] On Behalf
> Of Matthew G. Marsh
> Sent: Friday, May 09, 2014 9:11 AM
> To: Omaha Linux User Group
> Subject: Re: [olug] OT: Local PC Forensics Experts
>
>
> If the person asking is an attorney then I would only refer them to accredited services. You can get into serious trouble otherwise depending on the context of the reference.
>
> If the asker is a member of the Nebraska Bar Association then they would be best served by seeing what organizations are listed for those services with the bar. As a member of the Iowa Bar Association I know there are several organizations listed as providing those type of services.
>
> That being said, I suspect your asker is trying to determine if they can/should take a particular case and is looking for an inexpensive method of determining if the client's claims of impropriety are suitable.
>
> Unless you are really interested in playing around in the legal system I would advise nudging this request along.
>
> Just my opinion of course, and no transactions have occurred herein...
>
> mgm
>
> (Disclaimer: Matthew G. Marsh, JD, NSA, CISA, CISSP, etc.)
>
> On Thu, 8 May 2014, jregier at cox.net wrote:
>
> > This is a bit off topic.
> >
> > I was asked if I know of anyone locally that can "determine if a PC
> > has been hacked." I don't have much detail except that its probably
> > a Windows machine. I know I have seen some of you talk about
> > getting some security certifications from time to time. Is there
> > anyone here that would want to take this on? Do you know of any? I
> > don't want to do this myself but I would like to make a referral if possible.
> >
> > The person asking is a lawyer so take that into account. Things
> > could get "legal." You may need some experience/credentials. I'm
> > not sure if this would end up in a court or not.
> >
> > Thanks
> >
> > Jesse Regier
>
> --------------------------------------------------
> Matthew G. Marsh
> Special Email Addr for OLUG ;-}
> Phone: (402) 932-7250
> Email: olug4mgm at paktronix.com
> WWW: http://www.paksecured.org
> --------------------------------------------------
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
_______________________________________________
OLUG mailing list
OLUG at olug.org
https://lists.olug.org/mailman/listinfo/olug
More information about the OLUG
mailing list