Information Technology Reference
In-Depth Information
I.received.hundreds.of.hours.of.training.in.the.area.of.com-
puter.forensics,.computer.hardware.and.software,.and.gen-
eral.investigations..I.hold.certiicates.in.Information.Security.
(CISSP,. GSEC),. Computer. Forensics. and. Recovery,. A+.
Software. and. Hardware,. and. speciic. training. in. forensics.
software.tools.(Forensics.Toolkit.[FTK],.and.X-Ways/WinHex.
Forensics)..I.have.also.had.on-the-job.training.
On. . . . . . . . we. received. a. verbal. request. for. digital.
investigation.of.the.computer.belonging.to. . . . . . . .of.
the. [Department ]. . . . . . .. The. request. was. made.
by. . . . . . . ,. (a. written. request. was. received.
on. . . . . . . ).. I. interviewed. . . . . . . . over. the.
phone. and. . . . . . . . requested. that. we. analyze. the.
user's.hard.drive.for.any.evidence.of.misuse.of.the.organiza-
tion's.equipment.
Another. person. on. my. team. who. is. currently. certiied. and.
able. to. complete. investigations. was. able. to. obtain. a. foren-
sics.image.of.the.hard.drive.on. . . . . . . ,.using.Forensic.
ToolKit.(FTK).Imager.Version.2.4.on.the.suspect.computer.
# . . . . . . . (see. attached. Case. Information. Document.
for. speciics. and. Hash. checksums).. To. ensure. the. integrity.
of.the.evidence,.he.used.a.hardware.write.blocker.attached.
between.his.acquiring.computer.and.the.suspect.hard.drive.
A. write. blocker. is. a. hardware. device. that. provides. power.
and.connectivity.to.the.source.drive.(evidence.drive).and.uses.
hardware.write.blocking.to.ensure.that.the.source.drive.is.not.
altered.in.any.way.during.the.imaging.process.
The.image.is.then.placed.on.a.target.drive.for.processing.and.
analysis..The.forensics.image.of.the.source.drive.is.an.exact.
binary.copy.of.the.source.drive.and.identical.in.every.way.to.
the.source.drive..Before,.during,.and.after.the.imaging.pro-
cess.is.complete,.several.checks.are.made.to.ensure.the.integ-
rity. of. both. the. image. and. the. source. drive.. During. those.
processes,. FTK. runs. Cyclic. Redundancy. Checks. (CRC). of.
the.data.stream.as.it.is.copied.to.the.target.drive..The.CRC.
Previous Page
Next Page
Electronically Stored Information
Search WWH ::




Custom Search
Home