haha no i probably will, by the time i get around to it it'll probably be useless though
> by the time i get around to it it'll probably be useless though
Wow, you don't even know what's in it and you're saying this?
joke
Hi,
I felt the need to wade in part way myself.
I see a danger in the approach you are taking Add0. That being you are relying on the say so of forum members you have never met or on scripts written by forum members you have never met. How can you know if what they are saying is right or if the script they provide actually does work in the way it should and is suitable for your particular circumstances?
As it is Harlan is probably one of the best sources on these forums for advice but I would never stand in the witness box under cross exaimnation unless I could state how I knew what I was saying was right.
If you cannot satisfy yourself what data is held within a particular hive and it is central to the investigation then you must request more time so that you can analyse this and if necessary perform tests to resolve any oddities.
Anything less and you are relying on others being correct or having to make a best guess.
Steve
steve826 i totally see your point and i am not so naive as to stand up in a witness box and give evidence that i acquired by using methods suggested on a forum. However from what i have read on this forum so far, i can say that it is a good source of information and i don't think there is any harm in learning from it as long as you test the methodologies, scripts and tools for yourself rather than blindly assuming they work in the way somebody else told you they do. I would not do this.
Add0,
Just as a brief reply.
Some of the verfiying knowledge and scripts you pick up can take longer than the finding out yourself. I was just concerned that if you were too busy to find something out you wouldn't have enough time to verify the validity of a script.
Steve
Thats a good point, as it happens the case i was working on, which i started this topic for is now complete. It wasn't essential, due to the strange nature of the case, that i did do what i posted this topic for in the first place. Lets just say it would just have been nice.
Yeah this case was really weird though, and it isn't going to court.
Steve,
Excellent point. However, I see an issue with every examiner having to learn everything themselves…this will slow the entire process down. As a community, we should be producing documentation on topics of importance and interest, and having that documentation subject to peer review. This way, others such as Add0 can read the documentation, test and verify that the data is correct, and have enough information to take the evidence to court with confidence.
Also, keep in mind…forensic examiners don't walk into court one day and go right on the stand to testify. Their potential testimony is vetted by the prosecution before the examiner ever says a word.
I've talked with others…mostly LEOs here in the US…that a great way to provide this sort of thing is to develop PDFs that can be downloaded and put into a binder. There's also the ForensicWiki
http//
The idea is to produce clear, concise documentation that addresses issues in enough detail as to be credible, and reproduceable.
H
Harlan,
Certainly within our own lab we have different specialties. Mine is making the tea. D
Sources such as this forum and ForensicWiki are excellent. I do use those and each of us in our lab produce a few papers a year within the Metropolitan Police covering particular areas of research.
I just like to emphasise your own words when you say " This way other []users can read the documentation, test and verify that the data is correct".
Steve