> For me, it all comes down to a few simple concepts:
>
> 1 - There is ALWAYS a chance the case could end up in court.
> 2 - If the case does end up in court, I will be testifying as an "expert"
> 3 - As an expert, I am expected to know what I am doing
> 4 - If the opposing attorney can make me look like I don't know what I'm doing, I lose.
> 5 - I don't want to lose
> 6 - In court, FACTS MATTER.
> 7 - The best way (as far as I know) to make it a FACT in court that the data was not tainted during the investigation is by using a hash of some kind.
and that the data can get changed/edited ...
and if you know tehir line of defense or attack, you can also
prepare a case that shows that it "doesn't/didn't work" or
it's too trivially bypass/defeat their "approach"
> All of these lead me personally to choose to ALWAYS hash the drive.
and backups onto cdrom/dvd
c ya
alvin
-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
hi ya
> For me, it all comes down to a few simple concepts:
>
> 1 - There is ALWAYS a chance the case could end up in court.
> 2 - If the case does end up in court, I will be testifying as an "expert"
> 3 - As an expert, I am expected to know what I am doing
> 4 - If the opposing attorney can make me look like I don't know what I'm doing, I lose.
> 5 - I don't want to lose
> 6 - In court, FACTS MATTER.
> 7 - The best way (as far as I know) to make it a FACT in court that the data was not tainted during the investigation is by using a hash of some kind.
and that the data can get changed/edited ...
and if you know tehir line of defense or attack, you can also
prepare a case that shows that it "doesn't/didn't work" or
it's too trivially bypass/defeat their "approach"
> All of these lead me personally to choose to ALWAYS hash the drive.
and backups onto cdrom/dvd
c ya
alvin
-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
[ reply ]