Build Your Own Digital Evidence Collection Kit

by David Kovar, NetCerto, Inc.

Collecting evidence accurately is clearly a foundational element for any ediscovery or forensics analysis project. The equipment required is important, but so are the supporting items – office supplies, forms, and documentation tools. And if you cannot find the items, or get them to the destination, it doesn't matter how great your tools are.

This kit, and the thoughts and processes behind it, attempt to address concerns I've encountered while doing collections all over the world. That said, it isn't perfect, even for my own needs. Treat this as a framework for building your own kit and if you can improve on this, please let me know how so I can improve my own processes.

Bear in mind that, in addition to this kit, I carry a laptop backpack everywhere. The backpack has my primary laptop for note taking and Internet research with WiFi and a cellular modem, cell phone cables, spare USB thumb drives, food, reading materials, and other basic necessities of any computer forensics analyst...

Read more at http://www.forensicfocus.com/build-your-own-digital-evidence-collection-kit

This year's Digital Safety Conference

by Jan Collie

Cyberstalking is the new urban terror – the message rang home loud and clear at the Digital Safety Conference in London.

For although, in Cyberspace, no-one hears you scream, increasing numbers of people are getting off on imagining it.

The evils of instant communication – texting, live chat, social networking – were laid out in lurid detail before delegates meeting in a brick-lined space known as The Brewery, near the city’s Barbican.

Tales of horror: physical threats and psychological manipulation, poured out. The family pursued relentlessly via emails, bulletin board postings and websites dedicated to damaging their names for more than five years. The teenager who suffered Post Traumatic Stress Syndrome following a campaign of anonymous texts. The Information Age exposed in all its gory.

This, said former Scotland Yard detective, Hamish Brown, was the intimidation that kills lives, the silent terror that dogs every waking moment for harassed victims. Who stalks and why is the subject of ongoing research but the trend is that more men stalk women than the other way around. The style of mental torture is similar to that shown in cases of domestic violence, Brown asserted, and the perpetrator often has no previous convictions.

As the first police officer to charge an offender with Grievous Bodily Harm of the mind, Brown passionately believes that victims of cyber violence should be taken more seriously.

“It’s not right that you should have to be punched on the nose for something to happen,” he commented, and asked for a campaign to educate the public on the issue.

Two alarming presentations based on personal experience followed. Graham Brown-Martin described how he, his wife and small child ran from Jamaica to London after enduring a series of death threats and vicious slanders posted on the Internet. The virtual bullying followed them and has continued for five years. Despite continued threats, including an invitation to all-comers to murder the family published with a map of their whereabouts, the authorities have been unable to help. Differences in international law were quoted as the main difficulty

More at http://www.forensicfocus.com/digital-safety-conference-review-230609

UK members - Can you HACK it?

Forensic Focus is pleased to support The National Society for the Prevention of Cruelty to Children (NSPCC), a charity which will be familiar to many UK members, especially those involved with child protection issues. The NSPCC's annual HACK (Hike Against Cruelty to Kids) is now in its fifth year and has so far raised over £250,000. After four successful years in the north this summer there are five 25 mile HACKS taking place in some of the most stunning locations across the UK: Yorkshire 5 September, Northern Ireland 5 September, Wales 12 September and Devon 27 September. And just in case you need any further motivation, there's a Forensic Focus T-Shirt for everyone who completes the hike - what more could you ask for?

More details here

Message from Nick Furneaux

Thought it might be useful to reproduce Nick's recent welcome message in the new live/network forensics forum:

"Hi everyone and welcome to the new forum covering Live and Network forensics.

My name is Nick Furneaux from CSITech and if you don't know me or have never sat in a classroom with me, then hello! Jamie has kindly asked if I would assist in the moderation of this forum and I was delighted to accept. If you are truly bored you can waste 90 seconds of your life and find out more about me on my poorly used blog at nickfurneaux.blogspot.com.

In the past 3 years or so the subject of so called live forensics has become an increasingly discussed topic and most investigators now believe that a live response to a running machine constitutes best evidence, often ahead of pulling the plug and continuing with a traditional disk image.

Whereas disk imaging has a certain accepted methodology and protocol associated with it, live response still has the feeling of the Wild West about it and as much work as possible needs to be done by the community to work towards a generally accepted method and process. Hopefully this forum, broken out from the melee of other topics will assist with that process.

This, of course, is not to ignore the vital area of network investigations that tends not to get such a 'following' in respect to forum postings, hopefully that will change.

We are fortunate to have some leading lights in these subjects contributing to Forensic Focus (you know who you are) and we welcome your continued positive contribution and input.

I look forward to reading your ideas, thoughts and comments.

Nick Furneaux"

The original message can be read here.

New forum (Live and Network Forensics) and new moderator

Hi everyone,

We now have a new forum dedicated to live and network forensics (e.g. memory analysis, running process enumeration, network traffic analysis etc.) If you want to discuss something related to volatile data collection before or without pulling the plug then this is the right place.

That's only half the good news. I'm also delighted to announce that Nick Furneaux has agreed to be the moderator of this new forum which is a huge coup for all Forensic Focus members (for a recent interview with Nick, click here.)

Nick joins Greg Smith (our mobile forensics forum moderator) as another highly regarded and influential name in the forensics world willing to share their knowledge and experience in these forums - my thanks to them both!

Jamie

Interview with Graham Brown-Martin, Digital Safety Conference

An interview with Graham Brown-Martin, organiser of the upcoming Digital Safety Conference in London, is now online at http://www.forensicfocus.com/graham-brown-martin-interview-120609

There's a link within the interview to a documentary about the event which inspired Graham to put this conference together, and while there's nothing "technical" in it I think it's worth viewing for the perspective it gives of someone who's been a victim of computer crime (surprisingly, perhaps, something we don't discuss very often at Forensic Focus).

Interview with Lee Whitfield, Forensic 4cast

An interview with Lee Whitfield of Forensic 4cast is now online at http://www.forensicfocus.com/lee-whitfield-interview-100609

It's always interesting to learn more about one of the voices behind a podcast and Lee doesn't disappoint!

Interview with Robert Botchek, President and Founder – Tableau, LLC

An interview with Robert Botchek, President and Founder of Tableau, LLC is now online at http://www.forensicfocus.com/robert-botchek-interview-090609

This is a fairly lengthy interview and Robert goes into a lot of detail in his responses - I highly recommend taking the time to make your way through it, it's well worth it.

Huge thanks to Robert for taking the time to share his thoughts!

Digital Safety Conference, 19th June 2009, London

The inaugural Digital Safety Conference brings together thought leaders, policy makers, legal professionals, law enforcement agencies, government representatives, educators, industry leaders and those committed to protecting civil liberties to consider the health, reputation and environment of the digital world.

Speakers include:

• Tom Watson MP
• Tanya Byron
• Anthony Lilley
• Dr Richard Clayton, Cambridge University
• Dr Tim Watson, De Montfort University
• Prof Mike Short, President, Mobile Data Association
• Hamish Brown, MBE (UK's leading expert on stalking)

Delegate places from £95 (students), education and charities £145 and FF members £170 if using the code dsg via online registration at:

http://www.digitalsafety.com/conference/registration

A supporting television documentary concerning one of the organisers as a case study can be viewed here:

www.digitalsafety.com/cyberstalking

Two men guilty of student murders

So, after five weeks Sonnex and Farmer have been found guilty of the appalling murders of Gabriel Ferez and Laurent Bonomo. I was actually at the Old Bailey on the first day of the trial (in the public gallery) and had hoped to return at a later date to see if there was any mobile forensics expert witness testimony - as seemed likely given the use of mobile phones on the date in question - but unfortunately my plans changed and I didn't have the chance. If anyone knows what part this evidence played in the trial please feel free to email me.