January 2001 NETWORK ICE 1

Forensics

January 2001 NETWORK ICE 2

What is Computer Forensics?

• Acquisition of Computer Evidence• Preservation• Analysis• Court Presentation

January 2001 NETWORK ICE 3

Why Computer Forensics?• U.S. businesses will generate 17.5 trillion

electronic documents as compared to only about 7.5 trillion paper documents by 2005.

• Computer evidence is fragile by nature and can be easily erased or otherwise compromised without special handling.

• Forensic tools should promoted the non-invasive recovery of deleted, hidden and temporary files that are normally invisible to the user.

January 2001 NETWORK ICE 4

Computer Forensics and the Law

• Courts in the US and other jurisdictions mandate that computer evidence be collected in a forensically sound manner -Gates Rubber Co. v. Bando Chemical Indus.,

Ltd., 167 F.R.D. 90 (D.C. Col., 1996); Simon Property Group v. mySimon, Inc. 2000 WL 963035

• Proper Preservation and Chain of Custody of Computer Evidence must be Established

January 2001 NETWORK ICE 5

Forensic Type cases• theft of intellectual property • destruction of/misappropriation of data • alteration of data, alteration/misuse of programs • use of unlicensed software • illegal duplication of software • unauthorized access to a computer system • unauthorized use of a company's computer for private gain • unofficial access to confidential data • downloading/distribution of pornographic material • e-mail mis-use • blackmail • money laundering • murder • rape • insurance fraud

January 2001 NETWORK ICE 6

Extreme Forensics

January 2001 NETWORK ICE 7

Evidence Display