Archive for September, 2010


Role of the Computer Forensics Expert Witness in the Litigation Process

Wednesday, September 22nd, 2010

Computer Forensics

Computer forensics are used in criminal investigation, civil litigation, hacking, embezzlement, industrial espionage, insurance fraud and law enforcement or Internet/company property abuse.

Computer forensics focuses on acquisition, restoration and analysis of digital data. In business world, computer forensics can be used to restore corrupted or lost data, resurrect outdated software environment, and analyze common security breach activities.

A Computer Forensics Expert

A computer forensics expert is an experienced personnel who can access a compromised computer, duplicate all files and directories and document all steps taken during the recovery and discovery process. A computer forensics expert is an experienced personnel who can maintain the integrity of data, preserving the chain of control and following a proven methodology of review. A computer forensics expert can track deleted files, hidden files, files created by the system such as an automatic backup of a document, or fragmented files that are scattered throughout the storage devices. A computer forensics expert is an experienced personnel who can document the location of electronic data, its nature, format and other identifiers.

A Computer Forensics Expert Witness

A computer forensics expert witness is an experienced personnel who is adept at handling the tools of computer forensics, resolving matters in corporates and litigation processes by contributing to the evidence pool, establishing truth for more efficient and rapid resolution, judgment or settlement. Digital data that is lost, stolen, deleted or otherwise manipulated can be of evidential value in a lawsuit.

Role of a Computer Forensics Expert Witness

A computer forensics expert witness plans strategies: The analytical and technical skill sets of a computer forensics expert witness provides attorneys with assistance at every step of the litigation process through discoverable and electronically stored information and the form in which it should be presented strategically.

A computer forensics expert witness assists counsel for plaintiff: The attorney for a plaintiff is entitled to all electronic information that is key to the litigation and he may request the electronic data to support his client’s claims. The computer forensics expert witness can brainstorm with the attorney and the client regarding all physical locations of the relevant and different forms of e-data. The computer forensics expert witness can also assist in determining if data wiping or encryption utilities were used.

The computer forensics expert witness assists the counsel for defendant:

  • The computer forensics expert witness confers with the client and his IT personnel attorney for the defendant to discuss how to maintain files during litigation and how to preserve and protect data
  • The computer forensics expert witness can assist in balancing privacy with evidence production by providing electronic discovery on behalf of their clients, including redacting proprietary or attorney/client privileged data
  • The computer forensics expert witness also assists his client’s IT professionals understand the legal requirements associated with preservation of electronic data
  • The computer forensics expert witness can attend “meet and confer” sessions.
  • The computer forensics expert witness suggests information to request with respect to backup procedures
  • The computer forensics expert witness provides assistance with wording for interrogation and requests for potential deposition questions for IT personnel
  • The computer forensics expert witness can determine where and how often the suspect had used the Internet if it is relevant to the case
  • The computer forensics expert witness restores and recovers deleted files
  • The computer forensics expert witness researches and determines if any dates have been altered
  • The computer forensics expert witness helps parties understand the scope and nature of electronic data collection, filters privileged data and assists in determining the extent of the data accessed

Analysis: The computer forensics expert witness researches analyzes the key words, documents or dates important to the litigation as an evidence to tampering and data deletion.

The computer forensics expert witness can offer testimony:

  • The computer forensics expert witness has the skills and experience to explain technical concepts and present mass amounts of data in a clear and understandable manner with respect to electronic evidence
  • The computer forensics expert witness can demonstrate the securely collected and preserved data as electronic evidence
  • The computer forensics expert witness needs to make sure the proper software is used as only a few software programs have been tested and approved by various courts as forensically sound and reliable
  • The computer forensics expert witness must also assure that he is employing accepted procedures including documenting the chain of custody of electronic data
  • The computer forensics expert witness must also assure that his overall ability to testify and demonstrate that the procedures he is employing is forensically sound
  • The computer forensics expert witness must be aware of the ethics of his profession and laws governing his testimony
  • The computer forensics expert witness should have reputable experience
  • The computer forensics expert witness must be able to withstand cross-examination

Data Triage Technologies offers Computer Forensics and Expert Witness Services to the legal communities in California and throughout the United States. Data Triage’s computer forensics experts identify, preserve and analyze potentially discoverable electronic evidence, while maintaining a cost effective approach throughout the process to support ongoing investigation. Let the professionals at Data Triage Technologies assist you in obtaining the evidence vital for winning your case!

Network Security Auditing

Wednesday, September 15th, 2010

The word audit brings a lot of scenes to your mind. A lot of unpleasantness is associated with this word. Network security audit does ring a bell of tax audit though in an altogether different sense. In the regular tax audit you can see people physically accessing your files and network security audit they crawl into the virtual world of computer network.

Network security auditing is an approach to auditing networks in order to ensure their safety. In the entire information systems audit framework, the audit of networks is one piece of a big puzzle. The other pieces of the puzzle are audits of application software, data base etc.

A Network Security Auditor’s job is to gather certain information and understanding of this information about the network to review in order to complete the audit of network security.

The first step in this Network Security Audit is to determine the expanse of the network. A typical way to do this is to examine the network diagram. This diagram shows all the routes available on the network. A Network Security Auditor had to ensure the accuracy of this diagram.

Businesses change and the network diagram needs to be updated with these changes. An auditor has to observe the processes that exist in the organization to update and maintain the diagram accurately. Concentration at particular areas in the network such as data centers where ERP servers are hosted, and the points from where these are accessed is of great importance to the auditor. Complex networks may have many hosting points where critical resources are located. Network diagram acts as an input on the types of devices and protocols used in the network. This input can be used as a referral throughout the audit.

Once a Network Security Auditor gets the pressing issues of key areas in the network he next moves to information about critical assets, systems and services that need to be secured. Key areas like enterprise systems consisting of ERPs, mail servers and other internal applications, web servers that host applications accessed by customers and vendors and the network and its components. Hence, security and access mechanism surrounding applications and servers also needs to be strong.

The Network Security Auditor then assesses who all have access to the network and for what reasons they access. If any employees access the network from outside the office or if any customers and vendors access the systems? Is the network accessed via Internet or is there a remote access mechanism? The Network Security Auditor finds answers to these question which have a strong impact on network security.

After examining all accesses and modes of access, the auditor next moves to the network’s connections with external networks. The auditor can press this examination in the first step itself by analyzing the diagram. However, a sincere auditor should treat this separately. An external network has its own threats on the network security of a company. Internet is accessed in companies for various purposes depending on the nature of the job performed. The simplest may be browsing sites or reading and dispatching mails by employees. On a sophisticated scale some companies’ business is dependent on e-commerce websites through which the companies establish their business and exchange information with other companies. Hence there are sensitive points through which information parts enters and leaves a company.

Now that the Network Security Auditor has the knowledge of the systems accessed internally and those externally, he can determine where to install firewalls and intrusion detection systems. To ensure internal security, the gateways of the external networks should be secured. Threats from outside are checked first and then threats from inside and a plan to enhance security can be put in place. The Network Security Audit can now offer protection mechanisms by evaluating their effectiveness and adequacy.

www.DataTriage.com, a leading expert in Computer Forensics, Network Forensic Analysis, Network Security Auditing and Network Vulnerability Services.