Writing Assignment: Module 09 Real-World Flashcards
Do a Web search for “Trojan horse defense.” How can it be used to question the conclusions drawn from a forensic investigation?
A Trojan horse defense can be a powerful tool used for challenging conclusions drawn from a forensic investigations.
At the end of 2006, a new edition of the Federal Rules of Civil Procedure (FRCP) went into effect. Do a Web search to learn more about the FRCP. What likely effect will its emphasis on electronically stored information (ESI) have on an organization’s need for a digital forensic capability?
In 2006 FRCP had addition of Rule 26, which requires parties in a lawsuit to disclose all relevant ESI (electronically stored information) that is within their possession, custody, or control. This includes not only electronic documents, such as emails and word text files, but also metadata and other forms of digital data.
Organizations must have the ability to collect, process, and analyze large volumes of digital data, as well as maintain chain of custody and other forensic best practices to ensure that the data is admissible in court.
Overall, the emphasis on ESI in the FRCP highlights the importance of digital forensics and e-discovery in modern litigation, and underscores the need for organizations to develop robust digital forensic capabilities to ensure compliance with the rules of civil procedure.
Do a Web search to identify some common certifications for digital forensic practitioners. Identify one certification that is vendor-neutral and one that is targeted at a specific investigation toolset.
some common certifications for digital forensic practitioners are: Certified Forensic Computer Examiner (CFCE), EnCase Certified Examiner (EnCE), and Certified Computer Examiner (CCE).
A vendor-neutral certification is the Certified Forensic Computer Examiner (CFCE)
A certification that is targeted at a specific investigation toolset is the EnCase Certified Examiner (EnCE).
Do a Web search to identify cases in which private information was disclosed when computer equipment was discarded. Recent examples have included smartphones (like BlackBerries) that were sold without proper data cleansing and hard drives that were sold without data cleansing after the computers they were originally used in were upgraded. Provide a short report that details the cases and identifies the technology involved.
There have been several cases in which private information was disclosed when computer equipment was discarded without proper data cleansing. Here are a few recent examples:
BlackBerry smartphones: In 2010, it was reported that hundreds of used BlackBerry smartphones were being sold on eBay without being properly wiped of their data. The devices were originally used by the Canadian government and contained sensitive information such as emails, phone numbers, and PIN-to-PIN messages.
Hard drives: In 2016, a security researcher bought a used hard drive on eBay and found that it contained confidential information from the Chicago Public Schools (CPS). The hard drive had been used in a computer that was used by the CPS, and it contained sensitive data such as student names, addresses, and social security numbers.
Copiers: In 2013, it was reported that copiers from multiple manufacturers, including Canon, Xerox, and Sharp, were being sold without being properly wiped of their data. The copiers contained information such as Social Security numbers, medical records, and bank records.
