Hello Everyone,
I doing informal research on a project for my Forensic's class. Since this group appears to have a wide range of professionals. I figured that I could obtain a fairly realistic sampling.
I created the following search categories [Specific, General and Complete]. These are based primarily upon the type of data and general techniques used in isolating or locating potential evidence. If your experience is different please PM me. I'm currently interested in the search types specific, general and complete. If anyone is compelled to provide more detailed info - I will be happy to except your contribution! Such as type of crime type of search - number of investigations.
Child Porn pecific-30,[G]eneral-15,[C]omplete-5.
Child Porn S-30, G-15, C-5
Specific searches - generally limited to specific file content/types
Crimes in which E-mail is the prime source of evidence – E-mail text
Child pornography - image files, internet activity files, registry searches
Fraud/ID theft/IP theft - primary text, internet activity files, registry
Corporate/Govt policy compliance - specific targeted files
General searches – usually entire harddrive / specifics not known
Illegal activity/suspicious activity
Intrusion - victim - hacked computer(s)
Hacking - suspected hacker - hackers computer(s)
Corporate/Govt policy activity audits/ AUP verification.
Complete searches – entire harddirve - know good files are eliminated and resulting files are verified for content and categorized, and analzyed.
All above mentioned examples.
Please provide numbers upon you experience in each search category for primary investigation and if you performed an additional verification ivestigation. The below numbers are completely fabricated for demostration purposes.
S-29 G-4 C-1
I performed 29 investigations that were specific information based,
of those 4 were verified by General searches and 1 required a complete harddrive search.
G-10 S-9 C-1
I performed 10 investigation that were general searches. 9 specific verification searches were performed and 1 required a complete search.
C-3 C-3 S-3
I performed 3 investigation that were complete searches looknig for evidence. 3 complete verification searches were peformed. 3 Specific verification searches were additionally performed.
Please PM me your numbers.
If you are uncomfortable with specific number you can provide percentages - verifcation percentages should equal 100% per 1st category. All 1st categories should equal 100%
S-75% – G-50% – S-50%
C-25% – C-75% – S-25%
Thanks - I will summarized and post results only!