Presentation is loading. Please wait.

Presentation is loading. Please wait.

THE IMPACT OF USING NON- VALIDATED FORENSIC ACQUISITION TOOLS ON DIGITAL EVIDENCE Lex Informatica Conference 25 th September 2014.

Published byCornelius Brooks Modified over 9 years ago

Similar presentations

Presentation on theme: "THE IMPACT OF USING NON- VALIDATED FORENSIC ACQUISITION TOOLS ON DIGITAL EVIDENCE Lex Informatica Conference 25 th September 2014."— Presentation transcript:

1 THE IMPACT OF USING NON- VALIDATED FORENSIC ACQUISITION TOOLS ON DIGITAL EVIDENCE Lex Informatica Conference 25 th September 2014

2 DIGITAL EVIDENCE  Digital evidence is increasingly common in court proceedings  Digital evidence is a very fragile form of evidence and requires special methods to collect and preserve  Digital forensics is a crucial tool in the collection and preservation of digital evidence

3 THE FORENSIC ACQUISITION PROCESS ProtectCollectVerify

4 FORENSIC ACQUISITION TOOLS Forensic Acquisition Write Blocking Forensic Imaging

5 MINIMUM ACCEPTABLE FORENSIC SCIENCE STANDARD Forensic Acquisition Tools Validated Findings Verifiable Correct Processes

6 THE CURRENT SITUATION IN SOUTH AFRICA

7 TRAINING ON THE IMPORTANCE OF VALIDATION

8 TRAINING ON HOW TO CONDUCT VALIDATION TESTING

9 KNOWLEDGE OF VALIDATION STANDARDS

10 CLAIMED TO USE VALIDATED WRITE BLOCKERS

11 HOW WRITE BLOCKING VALIDITY WAS ENSURED

12 REASONS FOR NOT USING VALIDATED WRITE BLOCKERS

13 HOW VALIDATION WAS CONFIRMED WHEN NOT TESTED PERSONALLY

14 PERSONAL VALIDATION TESTING OF WRITE BLOCKERS

15 CLAIMED USE OF VALIDATED FORENSIC IMAGING HARDWARE OR SOFTWARE

16 HOW FORENSIC IMAGER VALIDATION WAS ASSURED

17 REASONS FOR NOT USING VALIDATED FORENSIC IMAGING HARDWARE OR SOFTWARE

18 HOW VALIDATION WAS CONFIRMED FOR FORENSIC IMAGERS

19 PERSONAL VALIDATION TESTING OF FORENSIC IMAGERS

20 SO WHAT DOES THIS ALL MEAN At least 81 percent of all digital evidence that finds it way into South African courts cannot be objectively verified as having any evidential integrity. In the 19 percent of other cases, the means of objectively verifying evidential integrity is so poor that it would be unlikely to survive robust cross-examination.

21 SECTION 15 OF THE ECT ACT  One of the key aspects that the courts must take into consideration when examining the weight of digital is the manner in which the integrity of the digital evidence was determined and maintained  If non-validated tools are used to preserve the evidence, there is no way to prove to the court that the integrity of the digital evidence was determined or maintained at all

22 THE WAY FORWARD  Insist on proof of all hardware and software tools used in the forensic acquisition process  Insist on detailed proof of how validation was determined  Don’t use any digital evidence that has not been obtained using validated forensic acquisition tools

23 THANK YOU Jason Jordaan CFCE, CFE, PMIITPSA, GCFE MSc, MTech, BComHons, BSc, BTech Principal Forensic Scientist jason@dfirlabs.com

Download ppt "THE IMPACT OF USING NON- VALIDATED FORENSIC ACQUISITION TOOLS ON DIGITAL EVIDENCE Lex Informatica Conference 25 th September 2014."

Similar presentations

Practical Application of Computer Forensics Lisa Outlaw, CISA, CISSP, ITIL Certified.

Practical Application of Computer Forensics Lisa Outlaw, CISA, CISSP, ITIL Certified.
Fact Finding Techniques

Fact Finding Techniques
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Learning and Development Evidence Collection Planning January 2015.

Learning and Development Evidence Collection Planning January 2015.
Visualization tool for network forensics analysis using an Intrusion Detection System ( Cyber ViZ )

Visualization tool for network forensics analysis using an Intrusion Detection System ( Cyber ViZ )
Promoting African Indigenous Knowledge in the knowledge economy: exploring the role of higher education and libraries Kgomotso H. Moahi University of Botswana.

Promoting African Indigenous Knowledge in the knowledge economy: exploring the role of higher education and libraries Kgomotso H. Moahi University of Botswana.
CS 325: Software Engineering January 13, 2015 Introduction Defining Software Engineering SWE vs. CS Software Life-Cycle Software Processes Waterfall Process.

CS 325: Software Engineering January 13, 2015 Introduction Defining Software Engineering SWE vs. CS Software Life-Cycle Software Processes Waterfall Process.
More CMM Part Two : Details.

More CMM Part Two : Details.
Software Project Management Lecture # 11. Outline Quality Management ( chapter 26 - Pressman )  Software reviews  Formal Inspections & Technical Reviews.

Software Project Management Lecture # 11. Outline Quality Management ( chapter 26 - Pressman )  Software reviews  Formal Inspections & Technical Reviews.
QUALIFYING DIGITAL FORENSIC PRACTITIONERS AS EXPERT WITNESSES IN SOUTH AFRICAN COURTS Lex Informatica Conference 25 th September 2014.

QUALIFYING DIGITAL FORENSIC PRACTITIONERS AS EXPERT WITNESSES IN SOUTH AFRICAN COURTS Lex Informatica Conference 25 th September 2014.
Vaccination Record Enquiry. Select Vaccination Record Enquiry.

Vaccination Record Enquiry. Select Vaccination Record Enquiry.
Discussion on SA-500 – AUDIT EVIDENCE

Discussion on SA-500 – AUDIT EVIDENCE
Evidence Collection & Admissibility Computer Forensics BACS 371.

Evidence Collection & Admissibility Computer Forensics BACS 371.
Challenges facing law enforcement agencies in the fight against cybercrime.

Challenges facing law enforcement agencies in the fight against cybercrime.
Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition
BACS 371 Computer Forensics

BACS 371 Computer Forensics
Remarks of Kristen Pinhey Competition Law Officer Competition Bureau Canada Unannounced Inspections in Canada International Competition Network, 2013 Cartel.

Remarks of Kristen Pinhey Competition Law Officer Competition Bureau Canada Unannounced Inspections in Canada International Competition Network, 2013 Cartel.
Guide to Computer Forensics and Investigations Fourth Edition

Guide to Computer Forensics and Investigations Fourth Edition
Overview Lesson 10,11 - Software Quality Assurance

Overview Lesson 10,11 - Software Quality Assurance
Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.

Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.

Similar presentations

Ads by Google