TechnoSecurity's Guide to E-Discovery and Digital Forensics (eBook)

Cover 1
Contents 15
Foreword 27
Chapter 1: Authentication: Are You Investigating the Right Person? 29
Introduction 30
Authentication: What Is It? 30
An Authentication War Story from 20 Years Ago: The Outside Job 33
A Second Authentication War Story 35
Let’s Do Something about This Authentication Problem 37
A Third Authentication War Story 39
Security Threats in the Future 41
The Inside Job 42
A Final Authentication War Story 43
Key Loggers 101 49
Some 21st Century Solutions to Authentication 51
Security Awareness Training 52
The Rest of the Book 53
Chapter 2: Digital Forensics: An Overview 61
Introduction 62
Digital Forensic Principles 62
Digital Environments 71
Digital Forensic Methodologies 73
Chapter 3: Working with Other Agencies 93
Introduction 94
Building the Relationship 96
Building Your Package of Information 98
Don’t Shop Your Cases 101
A Discussion of Agencies 102
The Big Two: The U.S. Secret Service and the FBI 103
Other Federal Cyber Crime Investigations Agencies 118
Chapter 4: Developing an Enterprise Digital Investigative/ Electronic Discovery Capability 123
Introduction 124
Identifying Requirements for an Enterprise Digital Investigative/ Electronic Discovery Capability 125
Administrative Considerations for an Enterprise Digital Investigative/Electronic Discovery Capability 131
Identifying Resources (Software/Hardware/Facility) for Your Team 145
Chapter 5: Forensic Examination in a Terabyte World 157
Introduction 158
Volume Challenges 158
Network and Hardware Challenges 161
Future Digital Forensic Solutions 162
The FTK 2.x Model 168
Chapter 6: Selecting Equipment for a Computer Forensic Laboratory 175
Introduction 176
Forensic Workstations for the Laboratory 176
Forensic Workstations for the Mobile or Field Laboratory 186
Hardware Write-Protection Devices 188
Data Storage 194
Miscellaneous Items 195
Chapter 7: Integrating a Quality Management System in a Digital Forensic Laboratory 203
Introduction 204
Quality Planning, Quality Reviews, and Continuous Quality Improvement 205
Other Challenges: Ownership, Responsibility, and Authority 223
Chapter 8: Balancing E-discovery Challenges with Legal and IT Requirements 235
Introduction 236
Drivers of E-discovery Engineering 236
Locations, Forms, and Preservation of Electronically Stored Information 240
Legal and IT Team Considerations for Electronic Discovery 244
Are You Litigation Ready? 250
E-discovery Tools 260
Chapter 9: E-mail Forensics 265
Introduction 266
Where to Start 266
Forensic Acquisition 274
Processing Local Mail Archives 275
Chapter 10: Murder and Money: The Story of Standards, Accreditation, and Certification in Computer Forensics 289
Introduction 290
Standards 290
Accreditation 291
Certification 291
Rough Beginnings 292
Money to the Rescue 294
Standards and Computer Forensics 294
Certification Options for the Digital Evidence Analyst 298
Another Standards Option 299
Chapter 11: Starting a Career in the Field of Techno Forensics 305
Introduction 306
Occupations 306
Professional Organizations 308
Professional Certifications 309
Degree Programs 316
Appendix A: Death by a Thousand Cuts By Johnny Long with Anthony Kokocinski 343
Appendix B: Credibility Is Believability— Success in the Courtroom 397
Introduction 398
First Impressions 398
Appearance 399
Body Language 407
Speech 415
Index 423