±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36312
New Yesterday: 7 Visitors: 203

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

future challenges and trends

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2, 3, 4  Next 
  

arashiryu
Senior Member
 

Re: future challenges and trends

Post Posted: Mar 30, 06 19:22

Harlan, thank you for pointing out the prodiscover tip. I was not aware of it.  
 
  

keydet89
Senior Member
 

Re: future challenges and trends

Post Posted: Mar 31, 06 01:32

arashiryu...

It's not so much a ProDiscover tip, as it is a "need for live acquisition" tip. ProDiscover has a proprietary means of acquiring an image, but can use dd format, as well.  
 
  

ifindstuffucantfind
Newbie
 

Re: future challenges and trends

Post Posted: Mar 31, 06 02:33

i feel that a challenge for the industry is first, the ever growing complexity of operating systems, and devices that are used to interact with the system.

many registry keys contain evidence that can tell you who was sitting at that machine when the illegal act happened, which is what everyone wants to know.

Second a standardization in the industry both in certifications and tools are a real issue. There are more certifications for computer forensics than i care to count and what makes one so much better from the other from the other.

Also tool use and validation. As we all know one tool doesnt do everything and each tool may interpret data differently. Especially in a court setting when you are trying to explain things and you say well, encase found this... uhh, ok how the hell did encase get that data. tools arent perfect. the fbi knows this, as they have quality assurance teams that certify their tools before they are even allowed to use them, and that process can take up to a year just to certify a single tool.

i dont know how other people feel on these issues, but i think those are a few challenges we face as a community in the future.  
 
  

armresl
Senior Member
 

Re: future challenges and trends

Post Posted: Mar 31, 06 02:54

Could you please further explain this statement?

"many registry keys contain evidence that can tell you who was sitting at that machine when the illegal act happened, which is what everyone wants to know."
_________________
Why order a taco when you can ask it politely?

Alan B. "A man can live a good life, be honorable, give to charity, but in the end, the number of people who come to his funeral is generally dependent on the weather. " 
 
  

arashiryu
Senior Member
 

Re: future challenges and trends

Post Posted: Mar 31, 06 02:56

Harlan, gotcha. I'll test with dd and netcat. Thanks again.  
 
  

keydet89
Senior Member
 

Re: future challenges and trends

Post Posted: Mar 31, 06 03:29

armresl,

I think ifindstuffucantfind (correct me if I'm wrong here) may be referring to the keys found in the NTUSER.DAT and SAM files.

"...they have quality assurance teams that certify their tools..."

Right. And ILook 7.x was certified, though it wasn't Unicode compliant. Objects with Cyrillic characters in their names didn't appear in that version of ILook (I got that from a CART guy). The "quality assurance" is only as good as the requirements.

Re: the certifications. Yes, this is a big issue, but one that won't be solved easily. There are security professionals who believe that unless you understand assembly language on the x86 platform, you shouldn't be in security. Then there's the ISC^2 and the CISSP cert, which is management level.  
 
  

darren_q
Member
 

Re: future challenges and trends

Post Posted: Mar 31, 06 04:40

A big issue we are seeing is with mobile/cell phones and the varying proprietory formats they use. The rapid increase in storage on the latest phones results in a vast amount of information being carried around. Add to that the increased functionality of the devices and where the manufacturers are heading with future development. A sound forensic process which can image and analyse all of the phones available is something that is needed now and in the future.  
 

Page 2 of 4
Page Previous  1, 2, 3, 4  Next