Forensics-CollectEvidenceRunComputer

Forensics-CollectEvi - Collecting Evidence from a Running Computer A Technical and Legal Primer for the Justice Community By Todd G Shipley CFE

Info iconThis preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Collecting Evidence from a Running Computer: A Technical and Legal Primer for the Justice Community By Todd G. Shipley, CFE, CFCE and Henry R. Reeve, Esq. SEARCH THE NATIONAL CONSORTIUM FOR JUSTICE INFORMATION AND STATISTICS 2 This report was prepared by SEARCH, The National Consortium for Justice Information and Statistics, Francis X. Aumand III, Chairman, and Ronald P. Hawley, Executive Director. This report was produced as a product of a project funded by the Of¡ce of Juvenile Justice and Delinquency Prevention (OJJDP), Of¡ce of Justice Programs, U.S. Department of Justice, under Cooperative Agreement No. 2005-MC-CX-K021, awarded to SEARCH Group, Incorporated, 7311 Greenhaven Drive, Suite 145, Sacramento, California 95831. Contents of this document do not necessarily re¢ect the views or policies of the OJJDP or the U.S. Department of Justice. Copyright © SEARCH Group, Incorporated, dba SEARCH, The National Consortium for Justice Information and Statistics, 2006. Acknowledgments This primer was prepared by Todd G. Shipley, CFE, CFCE, Director of Systems Security and High Tech Crime Training for SEARCH, The National Consortium for Justice Information and Statistics, and Henry R. “Dick” Reeve, General Counsel and Deputy District Attorney, Denver, Colorado. This paper was written under the direction of the Legal Committee of the Working Group of the Internet Crimes Against Children Task Forces. SEARCH THE NATIONAL CONSORTIUM FOR JUSTICE INFORMATION AND STATISTICS 7311 Greenhaven Drive, Suite 145 Sacramento, California 95831 Phone: (916) 392-2550 Fax: (916) 392-8440 www.search.org 3 The traditional method for law enforcement when dealing with the search and seizure of computers at a crime scene is to simply unplug the computer and book it into the evidence facility. From there, the investigator requests that the computer be examined by a trained digital evidence examiner. The examiner then makes a “forensically sound” copy of the computer’s hard drive(s) 1 and reviews the copy for evidence or contraband. Upon completion, the examiner reports the ¡ndings back to the investigator. Traditional Computer Search and Seizure Methodology Traditionally, computer forensics has focused on researching, develop- ing, and implementing proper techniques, tools, and methodologies to collect, store, and preserve sensitive data that is left on a system’s hard drive(s). —First Responders Guide to Computer Forensics (CERT Training and Education Handbook) 1 A forensically sound copy of a computer hard drive is one that is a bit-for-bit copy. This methodology was developed in the early days of computer forensics to ensure that the data was not changed in any way....
View Full Document

This note was uploaded on 04/06/2011 for the course CS 6963 taught by Professor Walterbruehs during the Spring '10 term at NYU Poly.

Page1 / 12

Forensics-CollectEvi - Collecting Evidence from a Running Computer A Technical and Legal Primer for the Justice Community By Todd G Shipley CFE

This preview shows document pages 1 - 4. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online