home | company | services | why | pitfalls | resources | associations | contact us  

Copyright © 2007
All Rights Reserved Kenai Computer Forensics


Unintended Consequences...

If you try to look at your disk without the proper tools, training or documentation, you will change timestamps on files and jeopardize a possible legal action.

Evidence can be found in files, metadata, slack space, hidden files, deleted files, file fragments,
web mail and swap files.  Special tools are needed to find evidence in these areas.

A trained, independent party can provide an objective point of view.  An in-house examiner may have divided loyalties.

Top mistakes people make:

  • Starting up the computer - this can trample on evidence by changing timestamps

  • Continuing to work on computer - this too can obliterate evidence

  • Letting the IT department figure it out - They may not have the necessary tools, training, knowledge, or independence

  • Not securing the computer - You need to restrict access to it


Links of interest:

- International Information
  Forensic Association
- National White Collar
  Crime Center

- CERT Coordination Center
-  NIST Computer Security

Forensic Investigations 

 -IP Theft

Ph: (978) 394-2728



    home | company | services | why | pitfalls | resources | associations | contact us