Six Articles on Electronic - Craig Ball

More documents

Recommendations

Info

Craig Ball © 2007 Climb the Ladder By Craig Ball [Originally published in Law Technology News, February 2007] Though computer forensics is a young discipline, it's not the exclusive province of new graduates of computer forensics degree programs. It's a natural career extension for IT and law enforcement professionals and peripatetic lawyers with a dominant geek gene. Expertise in litigation and computer forensics also opens the door to lucrative opportunities in electronic data discovery consulting. Here are "The Eight Es" to becoming a skilled CF expert: 1. Exploration...The lion's share of CF knowledge is self-taught. The best examiners are insatiably curious and voraciously read about software, hardware, registry keys, root kits, etc. They live for figuring out how it all fits together. Fortunately, there's a wealth of information: in books (search Amazon.com for "computer forensics") and online (www.e-evidence.info) in discussion forums, product FAQs, user groups and confabs. 2. Education...A computer science or law degree is nice, but you can study animal husbandry so long as you go on to study CF in a comprehensive way. Professional certifications that legitimately demonstrate training, testing, and practical experience have value in helping courts, clients, and potential employers assess your qualifications. Supplement your college degree with as many courses and certifications as your time and budget allow. Excellent programs are offered by universities, vendors, professional associations, and the government, such as New Technologies Inc., (www.forensics-intl.com), Guidance Software (www.guidancesoftware.com), Access Data (www.accessdata.com), the International High Technology Crime Investigation Association (www.htcia.org), the International Association for Computer Information Systems (www.iacis.org), and the Federal Law Enforcement Training Center (www.fletc.gov). But don't fool yourself into thinking that a week-long boot camp will qualify you as a CF expert. In a battle between an experienced examiner and one with an advanced degree, juries may defer to the latter. Some jurisdictions require licensure to perform forensic investigations. 3. Experimentation...The ability to construct illuminating experiments and the patience to elicit data are hallmarks of a skilled examiner. If you need to know how metadata changes when a user touches a file, you'll be prepared to testify if you've proven your theory by competent experimentation. Experiment with systems, applications, and operating systems to understand how they work. 4. Experience...There's no substitute for applying your skills and testifying in real cases. How can you get that experience? Apprentice to a veteran examiner or offer to perform a "shadow exam,"to see if you find something he or she missed. Assist attorneys or local law enforcement at little or no cost. 5. Exchange...Every examiner benefits from the exchange of ideas with colleagues. Join industry associations, go to meetings, subscribe to online discussion groups, and unselfishly share what you learn. Caveat: the CF community is very supportive, but other examiners may justifiably regard you as a competitor, so don't expect them to reveal all. Show respect by doing your homework. Be a learner, not a leech. 118
Craig Ball © 2007 6. Equipment...Learn the tools and techniques suited to the task, and invest in them. Use quality hardware and properly license software. Keep applications up-to-date, test tools to insure they're reliable. Cross-validate results. Too many people confuse buying tools with acquiring skills. A well-trained examiner can do the job with a hex editor and a viewer. We use forensic suites, such as Guidance Software's EnCase or Access Data's FTK, to automate routine tasks, improve efficiency, and lower costs — but buying a program doesn't makesyou a ready expert. 7. Earning...The demand for examiners is growing, but it takes marketing skill and financial acumen to create a thriving business. You must attract and serve quality clients, and make ends meet, to transform opportunity into achievement. Consider a first job with established CF companies or law enforcement, not only for a steady income, but for the training. Starting salaries average $50,000 to $75,000, but in the private sector, quickly rise to six figures as you gain experience and responsibility. (Examiners with J.D.s or network security skills command higher salaries.) Many CF firms charge clients $250 to $600 per hour, so it's not unrealistic for entrepreneurial examiners to hang out their shingles after learning the ropes. Expect $25,000 in minimum startup costs for hardware, software and training. Overhead will vary on whether you operate from your home or offsite. 8. Essential Element — Character...The final "E" is the "essential element" — character. A successful examiner is at once, teacher and student, experimenter, skeptic, confidante, translator, analogist, and raconteur. He or she unearths the human drama hidden in the machine. So many qualities distinguish the best examiners — integrity, tenacity, technical skill, imagination, insatiable curiosity, patience, discretion, attention to detail, and the ability to see both the forest and the trees. Ultimately, it's your character that will determine if you'll be a top computer forensics expert. Craig Ball, a member of the editorial advisory boards of both LTN and Law.com Legal Technology, is a trial lawyer and computer forensics/EDD special master, based in Austin, Texas. E-mail: craig@ball.net. 119
Page 1 and 2:
Craig Ball © 2007 2007 1
Page 3 and 4:
Craig Ball © 2007 Hitting the High
Page 5 and 6:
Craig Ball © 2007 In some jurisdic
Page 7 and 8:
Craig Ball © 2007 understands. Jud
Page 9 and 10:
Craig Ball © 2007 Discovery of Ele
Page 11 and 12:
Craig Ball © 2007 • E-mail in fo
Page 13 and 14:
Craig Ball © 2007 The advantage of
Page 15 and 16:
Craig Ball © 2007 Review At last,
Page 17 and 18:
Craig Ball © 2007 Conclusion Respo
Page 19 and 20:
Craig Ball © 2007 Beyond Data abou
Page 21 and 22:
Craig Ball © 2007 information keye
Page 23 and 24:
Craig Ball © 2007 investigator is
Page 25 and 26:
Craig Ball © 2007 year and the lat
Page 27 and 28:
Craig Ball © 2007 In Williams v. S
Page 29 and 30:
Craig Ball © 2007 29
Page 31 and 32:
Craig Ball © 2007 approach, and yo
Page 33 and 34:
Craig Ball © 2007 up procedures an
Page 35 and 36:
Craig Ball © 2007 production break
Page 37 and 38:
Craig Ball © 2007 native applicati
Page 39 and 40:
Craig Ball © 2007 around through a
Page 41 and 42:
Craig Ball © 2007 settings can be
Page 43 and 44:
Craig Ball © 2007 Don’t give up.
Page 45 and 46:
Craig Ball © 2007 E‐Discovery Re
Page 47 and 48:
Craig Ball © 2007 The Perfect Pres
Page 49 and 50:
Craig Ball © 2007 information syst
Page 51 and 52:
Craig Ball © 2007 relevant to futu
Page 53 and 54:
Craig Ball © 2007 seeking a tempor
Page 55 and 56:
Craig Ball © 2007 Another reason b
Page 57 and 58:
Craig Ball © 2007 Be advised that
Page 59 and 60:
Craig Ball © 2007 APPENDIX: Exempl
Page 61 and 62:
Craig Ball © 2007 • Releasing or
Page 63 and 64:
Craig Ball © 2007 Ancillary Preser
Page 65 and 66:
Craig Ball © 2007 Musings on Elect
Page 67 and 68: Craig Ball © 2007 would be lost fo
Page 69 and 70: Craig Ball © 2007 a (paltry by cur
Page 71 and 72: Craig Ball © 2007 Cowboys and Cann
Page 73 and 74: Craig Ball © 2007 Give Away Your C
Page 75 and 76: Craig Ball © 2007 Don't Try This a
Page 77 and 78: Craig Ball © 2007 Yours, Mine and
Page 79 and 80: Craig Ball © 2007 The Path to E-Ma
Page 81 and 82: Craig Ball © 2007 Electronic evide
Page 83 and 84: Craig Ball © 2007 • Preserve pot
Page 85 and 86: Craig Ball © 2007 The Path to Prod
Page 87 and 88: Craig Ball © 2007 The Path to Prod
Page 89 and 90: Craig Ball © 2007 Locard’s Princ
Page 91 and 92: Craig Ball © 2007 A Golden Rule fo
Page 93 and 94: Craig Ball © 2007 Data Recovery: L
Page 95 and 96: Craig Ball © 2007 Do-It-Yourself D
Page 97 and 98: Craig Ball © 2007 Function Follows
Page 99 and 100: Craig Ball © 2007 The key is to be
Page 101 and 102: Craig Ball © 2007 image files (i.e
Page 103 and 104: Craig Ball © 2007 Ten Common E-Dis
Page 105 and 106: Craig Ball © 2007 Ten Tips to Clip
Page 107 and 108: Craig Ball © 2007 10. Work coopera
Page 109 and 110: Craig Ball © 2007 Now, copy the da
Page 111 and 112: Craig Ball © 2007 In Praise of Has
Page 113 and 114: Craig Ball © 2007 Dear Santa, Sant
Page 115 and 116: Craig Ball © 2007 Unlocking Keywor
Page 117: Craig Ball © 2007 Noise words are
Page 121 and 122: Craig Ball © 2007 BitLocker At the
Page 123 and 124: Craig Ball © 2007 Getting to the D
Page 125 and 126: Craig Ball © 2007 Getting to the d
Page 127: Craig Ball © 2007 Adjunct Professo
show all

Six Articles on Electronic - Craig Ball

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?