Guidelines for HD forensics

Greetings,

Forgive me for being snarky, but have you looked at the five page thread talking about EnCase case processing guidelines here

http//www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=4975&postdays=0&postorder=asc&start=0

?

Not only does it have a specific suggested set of guidelines, it has a huge amount of commentary on additions and guidelines in general.

*sigh* I clearly woke up on the wrong side of the bed, but come on people, do some searches and reading before you post, ok?

-David

bmaree,

I am not sure exactly how technical you are trying to go with this project but in terms of guidelines, here are the guidelines that forensic practitioners in the UK adhere to from the Association of Chief Police Officers (ACPO) wrapped up in a nice document in collaboration with 7safe
http//www.7safe.com/electronic_evidence/ACPO_guidelines_computer_evidence_v4_web.pdf

I believe these represent good practice guidelines for all digital forensics work regardless of jurisdiction.

The US Department of Justice also has guidelines similar to the ACPO.

Greetings,

Forgive me for being snarky, but have you looked at the five page thread talking about EnCase case processing guidelines here

http//www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=4975&postdays=0&postorder=asc&start=0

?

Not only does it have a specific suggested set of guidelines, it has a huge amount of commentary on additions and guidelines in general.

*sigh* I clearly woke up on the wrong side of the bed, but come on people, do some searches and reading before you post, ok?

-David

David, thank you for the first part of your answer. As for the rest plz be assured that replying, on forums, is not mandatory.

David, thank you for the first part of your answer. As for the rest plz be assured that replying, on forums, is not mandatory.

Yes but it is good forum etiquette to make some effort to search at least the forum first to see if your answer is already there rather than expecting people to repeatedly answer the same questions.

There have been a number of terse replies by regular posters to single figure posters who seem to join the forum just for the purpose of asking someone else to do their homework.

So, as you have taken to dispensing advice to David perhaps you could graciously accept some yourself.

It is good form for anyone (i.e. not just you) posting a query in a forum to have first searched the forum and a done a ——– search (insert Favourite Internet Engine).

Indicating that you have done this by qualifying your query with some informed comment to show you have made some effort to educate yourself first will lead to a more positive response from the many helpful and highly experienced people here who are just busting to help those that show some signs of helping themselves.

(I accept that you gave a slight indication you had done a some research)

I do agree that replying is not mandatory and that is becoming my favoured option.

H

I won't bore anyone with a lecture but my thoughts are pretty much summed up in a couple of blog posts back in 2007

http//forensicfocus.blogspot.com/2007/11/sharing-knowledge.html
http//forensicfocus.blogspot.com/2007/11/sharing-knowledge-part-two.html

David, you were probably a little quick to criticise, I'm not sure that the bulk of the EnCase thread is exactly what the OP was after.

bmaree, as a new member asking busy practitioners to give up their valuable time to help you with your own project, sarcasm is probably not your friend. Harry's suggestions will get you further.

Jamie

I won't bore anyone with a lecture but my thoughts are pretty much summed up in a couple of blog posts back in 2007

http//forensicfocus.blogspot.com/2007/11/sharing-knowledge.html
http//forensicfocus.blogspot.com/2007/11/sharing-knowledge-part-two.html

David, you were probably a little quick to criticise, I'm not sure that the bulk of the EnCase thread is exactly what the OP was after.

bmaree, as a new member asking busy practitioners to give up their valuable time to help you with your own project, sarcasm is probably not your friend. Harry's suggestions will get you further.

Jamie

Jamie, Firstly I mean no disrespect for the forum and hence will ignore H's offensive and improper reply.Knowing less, under any circumstances, doesn't justify verbal attacks.
As for my op, I do have a set of documents but am seeking more substance. I didn't want or expect more than a link or a doc title for an answer. BTW Dave's thread is similar to what I need although in a more official form.

OP bmaree,

I can tell you that if someone like Harry leaves the forensic community we have all lost something. The guy is a pillar on most forums and has probably forgotten more than we have learned.

Guess I missed the improper and offensive reply, all I see is someone saying what is said quite a lot, do a simple search, it doesn't even have to be on this forum, google, yahoo, jeeves, etc. and your answer will pop right up.

I for one don't want to lose Harry because a new poster comes on and accuses him of being improper.

Pretty sure I can speak for lots of people Harry, your posts are appreciated.

Guess I missed the improper and offensive reply, all I see is someone saying what is said quite a lot, do a simple search,

With that stated benefit, I'm sure you did.
The relationship between you and Harry is none of my concerns.
All what I'm asking for is some respect in dialogue.
Calling what I do "homework" indicating "a some research", hinting that my purpose is let others do it for me can hardly be called respect. Member forensicakb, apparently you did miss the improper and offensive reply.