Digital Forensics Investigator (DFI) - Useful links
-
@Ben-Coyle Thanks so much for putting together the links list for this series of shows. I so wish I could attend live but work gets in the way ;)
-
ITProTV family!
Great job keeping each other informed!
Cordially,
Ronnie Wong
Host, ITProTV -
@Ben-Coyle Here's another one for your list based on the comment about Sean's books: https://www.goodreads.com/author/list/4511669.Sean_Philip_Oriyano
-
In the UK forensic investigators have to follow the ACPO Good Practice Guide for Digital Evidence (2011). These core principles apply:
Principle 1: Data stored in a computer or storage media must not be altered or changed, as those data may be later presented in the court.
Principle 2: A person must be competent enough in handling the original data held on a computer or storage media if it is necessary, and he/she also shall be able to give the evidence explaining the relevance and course of their actions.
Principle 3: An audit trail or other documentation of all processes applied to computer-based electronic evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result.
Principle 4: A person who is responsible for the investigation must have overall responsibility for accounting that the law and the ACPO principles are adhered to.
-
@Ben-Coyle Another one for your list. Today I came across the 'Forensic Acquisition of Websites Project' tool which not only captures the website but records a video and takes a packet trace a the same time. It saves it all into a folder. Pretty neat - not sure if acceptable in court or not.
-
@Ben-Coyle Last one for today, I've been playing with an all in one suite 'OS Forensics' which seems okay. It logs your actions and can generate a report of signifcant findings that you flag - take a look and waste some more time playing with tools :)
-
I like the links you put together. I will investigate deeper.
I would also like to point out a investigative tool that focuses on Apple products call Black Light from Black Bag Technologies.
We have more Apple devices than Windows so it made sense for us to go with this tool. Like Encase or FTK it can analyze and carve other system but it has that apple look.
-
I've not looked at these in depth but this guy has put together a pretty impressive list that he calls "Forensic Challenges."
http://www.amanhardikar.com/mindmaps/ForensicChallenges.html