1 / 16

Comprehensive Guide to Electronic Information Collection and Processing

This resource, based on the 2011 EDRM event, explores the complexities of collecting and processing electronic information. It covers critical players, devices, and types of networks involved, as well as corporate versus personal issues. Key topics include traditional collection methods, password recovery, forensic imaging, and geographic considerations. The guide addresses challenges associated with different media types, including mobile devices, cloud computing, and social media. Strategies for ensuring data integrity and managing chain of custody are also discussed, providing valuable insights for professionals in the field.

noel
Télécharger la présentation

Comprehensive Guide to Electronic Information Collection and Processing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Collection & Processing of Electronic Information 25th, January; 2011

  2. EDRM

  3. Know Your Landscape • Questions: • Who are the “Players”? • Secretaries/Executive Assistants? • Network type • Devices/Media • Corporate Issue vs. Personal?

  4. Collection Traditional Password Recovery Bit-stream Imaging HASH Original HD Forensic Copy Signature Analysis Extraction History Email Internet History Passwords

  5. Network • Examples: • File Servers • Server Farms • Issues: • Dynamic • Geographical Locations • Size • Use

  6. Archival Media • Examples: • Tapes • Hard Drives • Issues: • Reliability • Archival Schemes • Costs

  7. Mobile Devices • Examples: • Cellular Phones • Tablets • GPS • Issues: • Ownership • Channels

  8. Cloud Computing • Examples: • Google Mail • Google Docs • MS Office Web Apps • Issues: • Ownership • Geographical • Collection

  9. Social Media • Examples: • Facebook • Twitter • LinkedIn • Issues: • Ownership • Geographical • Collection

  10. Forensic Imaging • Forensic Imaging: • the entire drive contents are imaged to a file and checksum values are calculated to verify the integrity (in court cases) of the image file (often referred to as a “hash value”). • Forensic images are acquired with the use of software tools. (Some hardware cloning tools have added forensic functionality.) – EnCase, FTK, DD, etc. • HASH – MD5 or SHA

  11. Forensic Imaging Data are stored in “bucket” like storage Empty Data Data Empty Data Data Empty Data UA Space Data

  12. Forensic Imaging

  13. Forensic Imaging

  14. Collection • Covert vs. Office Hour • Forensic Imaging vs. Logical File Imaging vs. Manual Collection • Chain of Custody

  15. Collection

  16. Q&A Kevin Lo Email: klo@ffpl.ca Twitter: kevin_lo Phone: +1 (416) 926-4215

More Related