Incident Response Team


Dec 26, 2006
267
0
#2
These kind of posts (especially from a new member with 1 post) always bother me.

Why are you using "say that you are"??

Identify yourself, student, officer, high school student trying to figure out a major, criminal who would like more info on what police would bring with them?
 

cybercop

Administrator
Oct 31, 2005
1,660
0
#3
There is a very simple procedure when it comes to serving a warrant to take a computer. You follow the industry established guidelines and your departments Standard Operating Procedures. As far as what tools I take, that is my little secret. I don't like suprises and I am very careful to make sure I don't get suprised.
 

dreagen

New Member
Apr 3, 2007
3
0
#4
I am going to Hijack this thread since I have the same questions... I am a Penetration Tester for my State's Audit Department. We have an allegation that a system needs to be Confiscated. So of course they are looking at my team for action. Like I said I am a penetration tester I am trained in messing with computers to gain information. I am worried about going in and messing something up to ruin the investigation.

cybercop: I understand what you said about following the industry established guidelines and the departments Standard Operating Procedures...
But the department has no Standards in a case like this so I am asked to come up with them.

I guess my thing is I am knowledgable enough to know that I could really screw something up but I am not knowledgable to know how not to screw it up...

Any Advise???
 

ddow

New Member
Jul 18, 2006
1,380
0
#5
You'll need some procedures (and rehearse them) pdq. I'd look for the ACPO guide on Digital Evidence, the NIJ guide for First responders, and CERTs (Carnage Mellon) guide to computer forensics. I'm in a rush right now, but if you can't locate them, let me know. I'll get the URLs for you.

Dennis
 

kern

New Member
Mar 9, 2007
567
0
#6
heres the Acpo one at least. i have it bookmarked:

www .acpo.police.uk/asp/policies/Data/gpg_computer_based_evidence_v3.pdf
 

ddow

New Member
Jul 18, 2006
1,380
0
#7
Here are the other two resources I mentioned.

www .ncjrs. gov/pdffiles1/nij/187736.pdf

www .cert. org/archive/pdf/FRGCF_v1.3.pdf
 

ProfJohn

New Member
Mar 8, 2007
6
1
#8
Although all three of the references mentioned are good, please be aware they may not be current.

The DOJ reference is dated July 2001.
The CMU reference is dated May 2005.

I didn't find a date in the other reference but I'm pretty sure it's at least a year old.
 

kern

New Member
Mar 9, 2007
567
0
#9
re ACPO guidelines,
the comment (hidden in the Version 3 box) on the first page of the pdf file is

mcrear (Version 3.0)
08/20/03 09:09:45

id think that as its hosted on the Association of Chief Police Officers website, ie Govt, its quite likely to be current.

kern
 

About us

  • Our community began in 2004. Since this time, we have grown to have over 29,000+ members within the DFIR & Cyber Security community.

    We are happy to announce that this forum is now under new ownership with the goal to once again become the main Digital Forensics Forum on the internet for DFIR, OSINT and Cyber Security.

    If you can think of ways to help us improve, please let us know.

    We pride ourselves on offering unbiased, critical discussion among people of all different backgrounds.

    We are working every day to make sure our community is one of the best.

Quick Navigation

User Menu