Welcome to the Computer Forensics page
This page is just a starting-point. There is a huge amount of potential material for this page, so feel happy to let us know what information they think would help to fill this section out.
US Legal Environment
If you are looking for a good description of best US practices for the acquisition and handling of electronic evidence then the DoJ's advice on Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations is probably the definitive source. This SETEC white paper is an excellent reference as a checklist, though a little short on detail such as the capture of volatile evidence.
UK Legal Environment
UK students need to understand the requirements of the
Regulatory Investigation Powers Act of 2000. This law builds on the
Computer Misuse Act 1990 and the
Data Protection Act 1998 (RIPA).
Reading the legislation directly is not
necessarily the best way to understand it unless you are a lawyer, so
we would really like to know of a good summary of current legislation.
Please send any recommendations
and we will incorporate them in this site.
There have been a significant number of
statutory instruments
issued under the act, and one might wish they were better archived.
Information about
required authorisations has been published by the Home Office.
Successful Attacks on Disk Encryption
Results announced in February 2008 reveal that present-day systems for disk encryption
have some surprising vulnerabilities that are relatively easy to get around. See
this blog as a starting point.
These techniques clearly have great forensic value, so if you are faced with data recovery
from encrypted disks it might be worth a look.
