Computer Forensics 101

The following contains my summary of the Computer Forensics 101 presentation at the the 2010 Technology & Homeland Security Forum in Niagara Falls, NY.  First blog here.

This was a level 101 type presentation

  • 350 new HR related cased filed in the US every day.
  • 90% of all biz records today only exist in eformat.

Best Quote: Think of data as evidence

I learned that Computer Forensics as we know it started in the mid-90’s by police officers. The practice is now recognized by the scientific community.

The ex-NYC police officer who gave presentation provided examples of the gallons of information left on a personal computers that the police can uncover or recover during criminal investigations. Windows writes the status of seeming virtually everything all over the disk. Your browser is recording all your travels. It can be determined if you manually typed in a URL, or was opened via a link.

The ex-officer talked about the valuable metadata generated by Word. In a Word doc the (e.g.) last printed, last edited and by whom, and what the changes were made represent data that may be helpful in an investigation. He recommended never sharing a native file format, always share PDFs, to thereby reduce your metadata footprint.

To protect the employer for departing staff, he also recommended taking forensic copy of all hardware for departing employees, or employees over a certain level, for possible future needs. Consider this part of your employee exit and ediscovery procedures. If that departing employee start litigation against his former employer, or if the former employer discovers the ex-employee has broken the non-compete agreement, the employer will want to review all the ex-employees files to build it’s case.

Advertisements

One thought on “Computer Forensics 101

  1. Pingback: 2010 Technology & Homeland Security Forum, Niagara Falls NY, Part 2 « Rick Stomphorst Welcomes You

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s