Thanks a lot issue solved.
Edited due to sensitive date
that's up to your laws
but im curious why you removed the password, or how you did it?
One would expect that if evidence is found and used as part of a legal/criminal proceeding then some sort of destruction order on the device could be appended to the matter - certainly this could be the case in the UK.
To be honest though, you should ask one of the lawyers or legal advisors in your Government Organisation. They will be better placed to advise you on this matter.
Thanks a lot issue solved.
Edited due to sensitive date
Rule #1 NEVER work on the original SSD, work on a binary copy!
At this point your evidence is void, because it's data was modified after the date of the seizure! How can you prove now that whatever is found on the disk, it wasn't you who put it there ?!
Thanks a lot issue solved.
Edited due to sensitive date
Thanks a lot,
got advice from outside ,It seems its not an issue afterall. (since all this happened after the imaging process)
Are you sure ?! If you could been imaging the damn thing at the first place and use the image for further analysis, it wouldn't make much sense to use a password removal tool, no ?!
I feel that you just try to use the idea to "escape" somehow from the situation you created, your explanation is "bleeding" )
Thanks a lot issue solved.
Edited due to sensitive date
Yeah, sure, November 19 is a very touchy date roll .
jaclaz
…
Whatever you say - so be it )
Whatever you say - so be it )
I Heard this forum would be professional and helpful. Joined just to ask this,
Monika, this forum _has_ been professional and helpful.
These are experienced examiners and industry professionals - don't mistake a casual typing style for a lack of skill or an attempt to assist when _your_ question has been less than clear in detail. Remember that they are helping you out in their own time when you possibly made a mess of something …
Now I, for one, am not adverse to the idea of cracking / removing the password in order to image - but the process would need to be well documented and understood, and your evidence handling would have to be beyond reproach otherwise the very realistic possibility of claims of modification post seizure would become an issue.
This certainly wouldn't be an issue in a UK court if it was done correctly, nor is there a risk of being sued by the defendant …