Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Forensic Downloads
· Forensics Feedback
· Forums
· Members List
· Statistics
· Surveys
· Top 10
· Topics
· Training Reviews
· Web Links
· Your Account

Our Membership

Latest: stupidtou
New Today: 0
New Yesterday: 0
Overall: 29536

Computer Forensics
This is a free and open peer to peer medium for digital and computer forensics professionals and students. Please help us maintain it by contributing and perhaps linking to us from your own website.

Recent Posts

 is it possible to verify if a HDD was wiped with DBAN
 Forenic artifacts if someone accessed a remote Win10?
 timeline analysis
 Hostile work enviornment
 Can anyone suggest me a topic under printers forensics

Computer Forensics World Forums


Pages Served
We received
55901076
page views since August 2004

Security Sources

FTC
OnGuard Online
ISO 17799 ISO 27001
ISO 27000 Toolkit
ISO 27001 & 27000
Cryptography
Security Policies

Computer Forensics World: Forums

Computer Forensics World :: View topic - What is the first thing to do when someone stole your info?
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

What is the first thing to do when someone stole your info?

 
Post new topic   Reply to topic    Computer Forensics World Forum Index -> Legal Issues
View previous topic :: View next topic  
Author Message
greco
Newbie
Newbie


Joined: Jan 08, 2013
Posts: 3

PostPosted: Wed Jan 09, 2013 1:59 am    Post subject: What is the first thing to do when someone stole your info? Reply with quote

When it comes to legalities, I would believe it would be to go straight to a professional, but is it a good idea to try to figure out who stole your information first from the computer. Would it be a good idea and if so would it be any problem proving that that certain person stole your information if you find proof or does a professional have to find the facts?

Any ideas of what to do next would be great or what not to do if I suspect someone stole my information from my computer?
Back to top
View user's profile
cybercop
Newbie
Newbie


Joined: Nov 01, 2005
Posts: 551
Location: Marion, Indiana, USA

PostPosted: Wed Jan 09, 2013 2:24 am    Post subject: Reply with quote

There are several things you need to do, none of which involve you trying to figure out who the suspect is.
Here is the link to the FTC that details what you need to do (Just remove the spaces in the link).
http :// www . ftc . gov/bcp/edu/microsites/idtheft/consumers/defend.html
Back to top
View user's profile
PreferredUser
Newbie
Newbie


Joined: Jan 01, 2007
Posts: 1130
Location: USA

PostPosted: Wed Jan 09, 2013 9:39 am    Post subject: Reply with quote

After you have followed the link provided by cybercop, consider the following: if someone broke into your house and stole your belongings would you investigate the crime yourself? If you believe a crime was committed on your computer, why do you think that is any different?
Back to top
View user's profile
greco
Newbie
Newbie


Joined: Jan 08, 2013
Posts: 3

PostPosted: Thu Jan 10, 2013 1:46 am    Post subject: thankyou Reply with quote

I began attending a college to study computer forensics and it talks about chain of custody. When following the chain of custody is it always better to do a multiple chain of evidence form or a single chain of evidence form for every type of evidence you find in a computer related crime?

Also in a criminal case when the prosecutor is reviewing the case and decides to charge the person with the crime is the computer forensic technician needed afterward or he is done with his job in the investigation?
Back to top
View user's profile
cybercop
Newbie
Newbie


Joined: Nov 01, 2005
Posts: 551
Location: Marion, Indiana, USA

PostPosted: Thu Jan 10, 2013 1:54 am    Post subject: Reply with quote

First, we don't do homework. I will say this though. If you have taken for example 1 Desktop computer, 2 Laptops, 2 External HDDs, 5 thumb drives, and 13 SD cards trying to use a single chain of custody form could be problematic at best.

The forensics investigator may be involved all the way through the appeals process. If charges are filed, the forensics investigator will be required to testify in court as to what was found AND how it was found.
Back to top
View user's profile
kjay
Newbie
Newbie


Joined: Jan 15, 2013
Posts: 3

PostPosted: Wed Jan 16, 2013 12:20 am    Post subject: computer data have been deleted to someone Reply with quote

can sombody help me in my network someone deleted my file i want to know who is that person how i can know plss help me .

i have taken .image of my system what to do next step can anyone help me...
thanxx in advance
Back to top
View user's profile
cybercop
Newbie
Newbie


Joined: Nov 01, 2005
Posts: 551
Location: Marion, Indiana, USA

PostPosted: Wed Jan 16, 2013 12:29 am    Post subject: Reply with quote

The first step would be to hire a professional and let THEM do their job. Anything you do could only be harmful, especially if you think there is any chance of the situation ending up in court.
Back to top
View user's profile
kjay
Newbie
Newbie


Joined: Jan 15, 2013
Posts: 3

PostPosted: Wed Jan 16, 2013 2:43 pm    Post subject: Reply with quote

thank you ...
but i want to do it myself i have acquired some data from the my system which is not usefull and now i want to mac address of that system
if you could help me so please tell me or some guide..
thank you
Back to top
View user's profile
cybercop
Newbie
Newbie


Joined: Nov 01, 2005
Posts: 551
Location: Marion, Indiana, USA

PostPosted: Thu Jan 17, 2013 1:35 am    Post subject: Reply with quote

What kind of logging do you have enabled on the server? If you are logging who is logged in and when, then you could use the date and time of deletion to determine who was logged in at the time to narrow it down. Unless you have set up some very specific activity logging, you aren't going to be able to definitively tell who did it.
Back to top
View user's profile
kjay
Newbie
Newbie


Joined: Jan 15, 2013
Posts: 3

PostPosted: Thu Jan 17, 2013 2:48 pm    Post subject: Reply with quote

i am using windows xp and i have share my data in the internal network and my data deleted on 2:36 pm i saw the suspected system prefetch file there is the same time showing which is access on the same time but i don't have evidence i want of that system mac address who access my system on the same time ...
Back to top
View user's profile
PreferredUser
Newbie
Newbie


Joined: Jan 01, 2007
Posts: 1130
Location: USA

PostPosted: Thu Jan 17, 2013 4:20 pm    Post subject: Reply with quote

As cybercop pointed out, you have to know what level of detail you have enabled in your logs (I am guessing not much in XP unless you have changed the defaults).

For example EventID 560, 564, and 567 in close relation would be relevant in regard to the deletion.

You can also search for EventID 540 so you can understand when a user somewhere on the network connects to a resource (e.g. shared folder) provided by the Server service on the computer. The Logon Type will always be 3 or 8, both of which indicate a network logon.

Read the following to understand auditing user access in XP:
h t t p : / / support . microsoft . com / ?kbid=310399

Auditing is important, but I am guessing this is a case of closing the door after the horse left the barn (an American colloquialism).
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    Computer Forensics World Forum Index -> Legal Issues All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.10 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003 http://www.nukecops.com

Forums ©

 

TMs property of their respective owner. Comments property of posters. 2007 Computer Forensics Science World.
Digital forensic computing news syndication: Computer Forensics Training News or UM Text
Software is copyrighted phpnuke.org (c)2003, and is free under licence agreement. All Rights Are Reserved.