Myth
You must have special forensic's software. No other tools will be able to find the evidence.
One of the myths/misconceptions that I come across almost weekly is the belief by counsel and others that there's an "evidence button", and that when I push it, the answers they need just appear and can be provided for their case in no time.
Forensics is WYSIWYG.
i.e. an IP address in an e-mail header always points to a criminal; images on a device, by default, put there by the owner; aliases are never compromised and used by others; having an alias is clear indication of malfeasance.
Data can be recovered after a drive is completely overwritten with zeros or random data, unless it was overwritten exactly 35 times in a specific pattern.
"No worries…we've got a signed warrant!" wink
You must do a multi-pass wipe of a hard drive or else the data can still be recovered.
http//
Thank you all, I am having so much laugh.
Let me add this one, the belief that people working in a 'big' company which offers forensic services, they can work as forensic investigators/analysts/specialist with the only requirement to be classified as 'seniors/experienced' within this company.
Who cares about the fact that their degrees/knowledge may be in business administration or finance, all it takes is a company seminar on imaging and a trademarked tool (EnCase) and you are good to go… besides all cases are the same (actually I heard this quote… same as the 'evidence button')..
O.o
I guess same concept for computer forensic exists among many people (new students, lawyers, company managers)… 'its easy, sounds cool and is a trend now'… no no don't worry about the hours of studying, reading, playing with new tools and constantly keeping your skills updated.
Being a Computer Forensic expert does not mean that you can hack.
Forensic examiners working for LE get paid loads of money….!!!! |
Forensic examiners working for LE get paid loads of money….!!!! |
*