[olug] OT: Local PC Forensics Experts

Jesse Regier jregier at cox.net
Fri May 9 22:42:07 CDT 2014 

Thanks everyone. I will pass this along. 


Jesse Regier


> On May 9, 2014, at 4:36 PM, "Aric Aasgaard" <aric at omahax.com> wrote:
> 
> A good way to get good or at least get lots of free advice is to post bad
> advice in an internet discussion.  :)
> 
> I have heard that some companies handle the chain of custody thing by making
> two clones of the drive and hashing them and putting one in a secure place
> that no one has access to.
> 
> 
> -----Original Message-----
> From: olug-bounces at olug.org [mailto:olug-bounces at olug.org] On Behalf Of
> Hurley, Rod
> Sent: Friday, May 09, 2014 9:39 AM
> To: Omaha Linux User Group
> Subject: Re: [olug] OT: Local PC Forensics Experts
> 
> And if you decide to take this on: enable logging for everything, before you
> touch a single file.  Audit trails must be available at a moment's notice,
> or nothing you present will be usable.
> 
> Rod
> 
> -----Original Message-----
> From: olug-bounces at olug.org [mailto:olug-bounces at olug.org] On Behalf Of
> Kevin Lane
> Sent: Friday, May 09, 2014 9:35 AM
> To: Omaha Linux User Group
> Subject: Re: [olug] OT: Local PC Forensics Experts
> 
> Correct, in order to do this correctly, and avoid the case getting thrown
> out, you haveto maintain a chain of evidence.Everything has to be documented
> meticulouslyand, you have to also prove that you did not alter the data in
> any way,which usually means the first thing you do is make a read-only copy
> or imageof the data.There are specialized tools to do this, some freeware,
> most VERY costly.Not to mention the hardware required in order to be able to
> copyevery medium out there, the disk space requirements (you have to save
> the datafor a period of time as well), etc...
> It can be a rewarding en devour ($$$), but the up front costs, detailed
> documentationand time involved is not a trivial matter.
> http://forensiccontrol.com/resources/beginners-guide-computer-forensics/
> Kevin
> 
>> From: RHurley at TENASKA.com
>> To: olug at olug.org
>> Date: Fri, 9 May 2014 14:25:01 +0000
>> Subject: Re: [olug] OT: Local PC Forensics Experts
>> 
>> By "nudging this request along" he means run like the wind away from this
> one.  ;o)  I've been involved with a couple of these, and they get pretty
> hairy.
>> 
>> Rod
>> 
>> -----Original Message-----
>> From: olug-bounces at olug.org [mailto:olug-bounces at olug.org] On Behalf 
>> Of Matthew G. Marsh
>> Sent: Friday, May 09, 2014 9:11 AM
>> To: Omaha Linux User Group
>> Subject: Re: [olug] OT: Local PC Forensics Experts
>> 
>> 
>> If the person asking is an attorney then I would only refer them to
> accredited services. You can get into serious trouble otherwise depending on
> the context of the reference.
>> 
>> If the asker is a member of the Nebraska Bar Association then they would
> be best served by seeing what organizations are listed for those services
> with the bar. As a member of the Iowa Bar Association I know there are
> several organizations listed as providing those type of services.
>> 
>> That being said, I suspect your asker is trying to determine if they
> can/should take a particular case and is looking for an inexpensive method
> of determining if the client's claims of impropriety are suitable.
>> 
>> Unless you are really interested in playing around in the legal system I
> would advise nudging this request along.
>> 
>> Just my opinion of course, and no transactions have occurred herein...
>> 
>> mgm
>> 
>> (Disclaimer: Matthew G. Marsh, JD, NSA, CISA, CISSP, etc.)
>> 
>>> On Thu, 8 May 2014, jregier at cox.net wrote:
>>> 
>>> This is a bit off topic.
>>> 
>>> I was asked if I know of anyone locally that can "determine if a PC 
>>> has been hacked."  I don't have much detail except that its probably 
>>> a Windows machine.  I know I have seen some of you talk about 
>>> getting some security certifications from time to time.  Is there 
>>> anyone here that would want to take this on?  Do you know of any?  I 
>>> don't want to do this myself but I would like to make a referral if
> possible.
>>> 
>>> The person asking is a lawyer so take that into account.  Things 
>>> could get "legal."  You may need some experience/credentials.  I'm 
>>> not sure if this would end up in a court or not.
>>> 
>>> Thanks
>>> 
>>> Jesse Regier
>> 
>> --------------------------------------------------
>> Matthew G. Marsh
>> Special Email Addr for OLUG ;-}
>> Phone: (402) 932-7250
>> Email: olug4mgm at paktronix.com
>> WWW:  http://www.paksecured.org
>> --------------------------------------------------
>> _______________________________________________
>> OLUG mailing list
>> OLUG at olug.org
>> https://lists.olug.org/mailman/listinfo/olug
>> _______________________________________________
>> OLUG mailing list
>> OLUG at olug.org
>> https://lists.olug.org/mailman/listinfo/olug
>                         
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
> 
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug

More information about the OLUG mailing list