X hits on this document

PDF document

Hassel Stacy Jr. Dr. Philip Lunsford ICTN4040 601 04/16/06 - page 4 / 8





4 / 8

Stacy 4

may be susceptible to damage or alteration from electromagnetic fields such as those generated by

static electricity, magnets, radio transmitters and other devices. Keep electronic evidence away from

magnetic sources. Avoid storing forensic evidence in vehicles for prolonged periods of time.

Excessive heat, cold, or humidity can damage forensic evidence. Verify that computers and other

electronic components that are not packaged in containers are secured in the vehicle to prevent shock

and potentially damaging vibrations.

In response to the need to analyze, preserve, protect and defend forensic evidence, an

initiative was begun in 1999 to build and staff Regional Computer Forensic Laboratories (RCFLs)

Thirteen RCFLs are available for use by more than 1,000 law enforcement agencies, spanning fifteen

states. The New Jersey RCFL provides free computer forensic training services for law enforcement

investigators and computer forensic specialists, who can also receive FBI digital forensic examiner

certification through participation in a twelve to eighteen month training regiment that includes

coursework, backed by forensic labs and on the job training.

Computer forensic investigations may involve dead or live analysis techniques. Live analysis

techniques use software which existed on the system during the time slot being investigated This is in

comparison to dead analysis techniques, which uses no software which existed on the system during

that time slot. “Rootkits” provide the most common source of false data during live analysis. Rootkits

are backdoor tools which modify existing operating system software so an attacker can keep access to

and hide on a computer. There are several countermeasures which exist to deal with rootkits. To

counter application level rootkits, an investigator can us a CD of trusted tools that he or she knows

have not been modified. Library level rootkits, may be countered by an investigator using a CD of

trusted tools which are statically compiled so they do not use Trojan libraries. Live analysis may not

produce reliable results, but is useful in some cases. Some computer forensic investigations will be too

Document info
Document views26
Page views26
Page last viewedWed Jan 18 08:30:01 UTC 2017