This book includes a plain text version that is designed for high accessibility. To use this version please follow this link.
/ FEATURE
FORENSIC EXAMINATION
OF A COMPUTER SYSTEM
A generic technical security procedure
by Gary Hinson and Robert Slade
/ INTERMEDIATE
T
his paper explains the procedure involved in forensi- / Prepare in advance for forensic
cally examining digital evidence such as a hard drive investigations
obtained from a computer system allegedly involved • Prepare a ‘grab bag’ for use by the forensic investigation
in a crime. It does not cover “live forensics” – the forensic team when called out, containing suitable tools, storage me-
analysis of running systems - which requires special skills and dia, notes on procedure, etc.
techniques beyond the scope of this procedure. It is extremely Ensure the investigators are adequately trained to use
important that the procedure is followed carefully and sys- the tools, and the processes are repeatable and sustain-
tematically, since even minor improvisations or mistakes can able, regardless of which direction the investigation takes
compromise (i.e. damage or call into question) the evidence (e.g. whether the analysis is overt or covert).
or the analysis. That, in turn, could lead to a court case being • Your in-house resources and expertise may not fully cover all
dismissed. This is not the place to cut corners. aspects of digital forensic analysis (e.g. live forensics); or you
may not be sure of always having enough resources to respond
/ The procedure immediately. If so, consider identifying and perhaps contracting
Figure 1 shows the key activities in the overall process, in the with external specialists so that you can call them in at short
form of a fl owchart. The following sections explain the activi- notice, or send properly collected evidence offsite for further
ties in more detail and include pragmatic guidance. analysis in a secure manner. This kind of prearrangement (a form
Figure 1
21
DF1_21-26_3rd Feature.indd 21 29/10/09 5:07:57 pm
Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52
Produced with Yudu - www.yudu.com