Forensic Data Acquisition Tools

Presented at DEF CON 13 (2005), July 31, 2005, 11 a.m. (50 minutes).

Proper recovery of evidence can be critical to a successful investigation or prosecution. This talk focuses on the different tools and techniques that are used by US Law Enforcement to get an uncontaminated copy of digital evidence from a suspect machine. The goal of this presentation is to teach not only how to copy all the data from a suspect machine, but also to instruct on how to make sure that any evidence collected can be used in court. Both hardware and software based forensic acquisition tools will be covered, with the various strengths and weaknesses of each product discussed.

Presenters:

• RS
  RS investigates financial fraud within medical environments. Duties include participating in the execution of search warrants to recover computer base evidence. Because of the sensitivity of the medical data to be seized and liability issues involved, forensic images of suspect systems must be made quickly, on-site, in production medical environments, with minimal disruption to patient care.

Links:

• https://defcon.org/html/defcon-13/dc13-speakers.html#Sheehy
• https://infocon.org/cons/DEF CON/DEF CON 13/DEF CON 13 video/DEF CON 13 Hacking Conference Presentation By RS - Forensic Data Acquisition Tools - Video.mp4
• https://www.youtube.com/watch?v=ZSgB1yfEQfY

Similar Presentations:

• HOPE Number Six (2006) / Basics of Forensic Recovery
• DEF CON 7 (1999) / Introduction to Cyber Forensic Analysis
• Black Hat USA 1999 / Introduction to Cyber Forensic Analysis