A light diversion for the weekend - what do you think are the biggest computer forensics myths?
Jamie
I'll kick things off
An old classic - pulling the plug is always the right thing to do.
A modern TV classic - detectives need about 30 seconds to find evidence on a laptop in someone's bedroom 😉
That the purist approach to computer forensics (ie, pull and image the drive(s) from the system…) is the standard.
That all deleted files can be recovered.
That answers can be derived even in the absence of pertinent data.
That a forensic analyst can determine the intent of an intruder by doing nothing more than analyzing an acquired image of a compromised system.
I'm good with computers so I should be able to get a job in forensics.
Forensics is exciting and easy.
RIPA means that everyone in the UK must divulge their passwords if asked.
It only takes minutes to image a terabyte drive.
You can crack a password for a secure system in a few seconds as long as you consume mass quantities of Mountain Dew, Twinkies and Hot Pockets.
- We all have really cool CSI-type equipment
- All our Agencies/Companies are super well funded to get us that really cool equipment
- With a few keystrokes, we can tell WHO was at the computer, WHAT they did, HOW they did it - *FOR EVERY CASE WITHIN AN HOUR OR LESS*
- All our software has really cool animation like you see used by the forensic folks on TV.
Oh CSI (insert city here), you have made life so interesting for the rest of us! LOL
-=ART=-
As soon as we bypass the security of a system we say, "We're In!"
Oh wait… we do that…
A server can not be acquired to a thumb drive. Thanks to JJ Abrams and 'Alias' for that one!