Acceptable recovery...
 
Notifications
Clear all

Acceptable recovery tool for court case.

5 Posts
5 Users
0 Likes
433 Views
(@kiera)
Posts: 1
New Member
Topic starter
 

Hello guys. i am working as personal assistant in my company. Currently my company had some problem that dealing with their former employee, the employee have delete and steal confidential information that related to the company. my boss had assign me to collect evidence to defend our company in court. so what kind of criteria for recovery tool that was acceptable in court.

Really hope for any comments/opinion/suggestion from all of you.

Thanks in advance!

 
Posted : 14/06/2017 9:58 am
Vesalius
(@vesalius)
Posts: 66
Estimable Member
 

I have no prior experience in working with the court, but I will give you certain standard advice to the best of my understanding. Commercial software's such as Magnet Axiom and IEF should be sufficient for the job since they are an internationally known software's for retrieving and parsing Hard Drive images. Just make sure you don't tamper with the original evidence at hand, so let's say you have successfully have a parsed image with all the data, just make a duplicate of that, and work on the duplicate, what ever you find there, you will be able to reference it to the original later at court, it is considered a sin in forensics to work on the original file, so just be wary of that. Also, don't forget to use card block readers for the hard drive so nothing changes on the hard drive on image retrieval.

Other software's such as FTK Imager, Encase, and Belkasoft, should be good, but I'm not 100% sure on that since I have no court experience as I said. Just double check on the software's, or someone else can advise you on that.

Good Luck!

 
Posted : 14/06/2017 11:42 am
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

I would be very, very careful with making a DIY job for a Court case.

Who exactly is going to stand as expert witness?

Does your local Law require any experience/certifications/other requisites to be eligible as expert witness (or anyway to sign an affidavit or a report)?

A tool (good as it might be) is only a tool, nothing more, maybe you can use it to double check internally a report by a professional, but forget about going to Court (or produce documents suitable for a Court) with no experience (years of experience) with several tools.

jaclaz

 
Posted : 14/06/2017 2:17 pm
(@bntrotter)
Posts: 63
Trusted Member
 

If you have no experience with digital forensics. I would highly suggest you search out a 3rd party digital forensics firm.

The only thing I would suggest is retain the machine/device. Make no attempt to examine it or power it on.

1. You need to have the appropriate forensic equipment and software
2. You need the appropriate training for such

 
Posted : 14/06/2017 6:08 pm
jhup
 jhup
(@jhup)
Posts: 1442
Noble Member
 

The OP reads like English as a second language. Is this correct?

If so, your courts may vary but in US "recovery tool that was acceptable in court" ultimately rests with the judge.

The judge is the gatekeeper of what is acceptable or not.

In one case Windows Explorer is sufficient, in an other NIST tested, multiple prior uses, and demonstrated error rate calculations still would not allow a tool in.

Even a monkey can 'do forensics', (a good looking monkey of course), as long as you work for a good attorney and the monkey has more knowledge of the topic than general public. You are working for and under the direct orders of the company's legal counsel, right?

 
Posted : 14/06/2017 7:38 pm
Share: