How can i do Forensic Data Recovery ???
35 views
Skip to first unread message
Tommy
Jan 21, 2013, 1:17:47 AM1/21/13
to DataRecoveryCertification
Hi guys,
I have been to scotts class for Data recovery, however i am wondering
if i want to do forensic data recovery what do i need to do?
do i have to get another certification? will i be involve in courts?
what am i dealing with?
i just want to do it for myself and clients that i get here or
there.
I appreciate any advice since this is the better place to get more
information.
Thank You
I have been to scotts class for Data recovery, however i am wondering
if i want to do forensic data recovery what do i need to do?
do i have to get another certification? will i be involve in courts?
what am i dealing with?
i just want to do it for myself and clients that i get here or
there.
I appreciate any advice since this is the better place to get more
information.
Thank You
M Y
Jan 21, 2013, 1:53:54 AM1/21/13
to datarecovery...@googlegroups.com
The only main difference is you have to image the drive using a write blocker,
the write blocker will preserve the metadata of the HDD content, moreover,
in your data recovery tools sometimes you can find a tick to recover original metadata
as well like timestamps etc..
hope that helps.
Regards
Maher
> --
> You received this message because you are subscribed to the Google Groups "DataRecoveryCertification" group.
> To post to this group, send email to datarecovery...@googlegroups.com.
> To unsubscribe from this group, send email to datarecoverycertif...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/datarecoverycertification?hl=en.
>
the write blocker will preserve the metadata of the HDD content, moreover,
in your data recovery tools sometimes you can find a tick to recover original metadata
as well like timestamps etc..
hope that helps.
Regards
Maher
> You received this message because you are subscribed to the Google Groups "DataRecoveryCertification" group.
> To post to this group, send email to datarecovery...@googlegroups.com.
> To unsubscribe from this group, send email to datarecoverycertif...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/datarecoverycertification?hl=en.
>
Erick Thek
Jan 21, 2013, 3:21:23 AM1/21/13
to datarecovery...@googlegroups.com
Hi Tommy,
For courtroom testimony past experience can and usually will qualify you to be an Expert Witness, IF you get called to court. Opposing counsel will always try to toss the digital evidence and with DR not as well known in the legal circles, might try to paint the profession as some kind of voodoo. I woulndt be surprised if you are simply used as a service for legal teams with almost no courtroom time needed. However, certifications will/can help as the legal teams (both sides) use them as a measuring stick. something that will help to determine your skillz. figure out how to explain what you did to recover the data w/o using overly technical terms. Understand how that technical data was recovered when they start asking for detailed answers and know how the recovery of the data did not change the data. If you have to testify, your legal team should coach/prepare you for the courtroom experience and remember opposing counsel will only ask 'yes' or 'no' questions hoping to watch you paint yourself into a corner.
Forensic certifications should help as it should give you a base knowlege of evidence control, laboratory control steps, locations where evidence might be located or hidden, etc. Course classes, IACIS or SANS classes if you are not going into heavy forensics should suffice. IACIS cetification is a bear and is highly regarded in the LE community. SANS is the commercial sector giant for vendor neutral training. Some LE forces know SANS, all LE forces know IACIS. www.sans.org and www.iacis.com.
Erick Thek, CFCE
For courtroom testimony past experience can and usually will qualify you to be an Expert Witness, IF you get called to court. Opposing counsel will always try to toss the digital evidence and with DR not as well known in the legal circles, might try to paint the profession as some kind of voodoo. I woulndt be surprised if you are simply used as a service for legal teams with almost no courtroom time needed. However, certifications will/can help as the legal teams (both sides) use them as a measuring stick. something that will help to determine your skillz. figure out how to explain what you did to recover the data w/o using overly technical terms. Understand how that technical data was recovered when they start asking for detailed answers and know how the recovery of the data did not change the data. If you have to testify, your legal team should coach/prepare you for the courtroom experience and remember opposing counsel will only ask 'yes' or 'no' questions hoping to watch you paint yourself into a corner.
Forensic certifications should help as it should give you a base knowlege of evidence control, laboratory control steps, locations where evidence might be located or hidden, etc. Course classes, IACIS or SANS classes if you are not going into heavy forensics should suffice. IACIS cetification is a bear and is highly regarded in the LE community. SANS is the commercial sector giant for vendor neutral training. Some LE forces know SANS, all LE forces know IACIS. www.sans.org and www.iacis.com.
Erick Thek, CFCE
Tommy
Jan 21, 2013, 3:18:25 PM1/21/13
to DataRecoveryCertification
That was very useful information.
Thank you Guys :)
Thank you Guys :)
Reply all
Reply to author
Forward
0 new messages