I've seen our top forensic expert explain to a system owner in detail the actions that had been (lied about) and taken to hide data, obscure data, and wipe data, the programs the defendant had used to do it, the day and time each action was taken, and what the defendant had said in IM and email right around each action.
Forensic analysis at this level is definitely one my weaker points. While some of this is having the right tools (e.g. EnCase), finding good information on how to do this has been incredibly challenging. Do you (or your expert) have any good pointers?
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
(no subject)
Date: 2004-01-26 03:05 pm (UTC)Forensic analysis at this level is definitely one my weaker points. While some of this is having the right tools (e.g. EnCase), finding good information on how to do this has been incredibly challenging. Do you (or your expert) have any good pointers?
-Mort