Collection & Processing of Electronic Information
description
Transcript of Collection & Processing of Electronic Information
![Page 1: Collection & Processing of Electronic Information](https://reader035.fdocuments.net/reader035/viewer/2022062301/56815b47550346895dc924b3/html5/thumbnails/1.jpg)
Collection & Processing of
Electronic Information
25th, January; 2011
![Page 2: Collection & Processing of Electronic Information](https://reader035.fdocuments.net/reader035/viewer/2022062301/56815b47550346895dc924b3/html5/thumbnails/2.jpg)
EDRM
![Page 3: Collection & Processing of Electronic Information](https://reader035.fdocuments.net/reader035/viewer/2022062301/56815b47550346895dc924b3/html5/thumbnails/3.jpg)
Know Your Landscape
Questions:
Who are the “Players”? Secretaries/Executive Assistants? Network type Devices/Media Corporate Issue vs. Personal?
![Page 4: Collection & Processing of Electronic Information](https://reader035.fdocuments.net/reader035/viewer/2022062301/56815b47550346895dc924b3/html5/thumbnails/4.jpg)
CollectionTraditional
Original HD
Bit-stream Imaging
Forensic Copy
Password Recovery
HASH
Signature Analysis
History
Extraction
Email Internet History Passwords
![Page 5: Collection & Processing of Electronic Information](https://reader035.fdocuments.net/reader035/viewer/2022062301/56815b47550346895dc924b3/html5/thumbnails/5.jpg)
Network
Examples:
File Servers Server Farms
Issues:
Dynamic Geographical
Locations Size Use
![Page 6: Collection & Processing of Electronic Information](https://reader035.fdocuments.net/reader035/viewer/2022062301/56815b47550346895dc924b3/html5/thumbnails/6.jpg)
Archival Media
Examples:
Tapes Hard Drives
Issues:
Reliability Archival Schemes Costs
![Page 7: Collection & Processing of Electronic Information](https://reader035.fdocuments.net/reader035/viewer/2022062301/56815b47550346895dc924b3/html5/thumbnails/7.jpg)
Mobile Devices
Examples:
Cellular Phones Tablets GPS
Issues:
Ownership Channels
![Page 8: Collection & Processing of Electronic Information](https://reader035.fdocuments.net/reader035/viewer/2022062301/56815b47550346895dc924b3/html5/thumbnails/8.jpg)
Cloud Computing
Examples:
Google Mail Google Docs MS Office Web Apps
Issues:
Ownership Geographical Collection
![Page 9: Collection & Processing of Electronic Information](https://reader035.fdocuments.net/reader035/viewer/2022062301/56815b47550346895dc924b3/html5/thumbnails/9.jpg)
Social Media
Examples:
Facebook Twitter LinkedIn
Issues:
Ownership Geographical Collection
![Page 10: Collection & Processing of Electronic Information](https://reader035.fdocuments.net/reader035/viewer/2022062301/56815b47550346895dc924b3/html5/thumbnails/10.jpg)
Forensic Imaging
Forensic Imaging:
the entire drive contents are imaged to a file and checksum values are calculated to verify the integrity (in court cases) of the image file (often referred to as a “hash value”).
Forensic images are acquired with the use of software tools. (Some hardware cloning tools have added forensic functionality.) – EnCase, FTK, DD, etc.
HASH – MD5 or SHA
![Page 11: Collection & Processing of Electronic Information](https://reader035.fdocuments.net/reader035/viewer/2022062301/56815b47550346895dc924b3/html5/thumbnails/11.jpg)
Forensic Imaging
Data are stored in “bucket” like storage
Empty Empty EmptyData Data DataData Data
Data
UASpace
![Page 12: Collection & Processing of Electronic Information](https://reader035.fdocuments.net/reader035/viewer/2022062301/56815b47550346895dc924b3/html5/thumbnails/12.jpg)
Forensic Imaging
Advantages Disadvantages
Relatively Inexpensive Intrusive
Complete Picture High Volumes
Essential to Investigation Privacy Issue
![Page 13: Collection & Processing of Electronic Information](https://reader035.fdocuments.net/reader035/viewer/2022062301/56815b47550346895dc924b3/html5/thumbnails/13.jpg)
Forensic Imaging
![Page 14: Collection & Processing of Electronic Information](https://reader035.fdocuments.net/reader035/viewer/2022062301/56815b47550346895dc924b3/html5/thumbnails/14.jpg)
Collection
Covert vs. Office Hour
Forensic Imaging vs. Logical File Imaging vs. Manual Collection
Chain of Custody
![Page 15: Collection & Processing of Electronic Information](https://reader035.fdocuments.net/reader035/viewer/2022062301/56815b47550346895dc924b3/html5/thumbnails/15.jpg)
Collection
Media Collection Method
Desktop & Laptops Forensic Imaging
Server Computers Logical Copy
Online Data (Cloud Computing)
Hybrid?