Home page logo

basics logo Security Basics mailing list archives

RE: tools used to examine a computer
From: "Robinson, Sonja" <SRobinson () HIPUSA com>
Date: Fri, 21 Feb 2003 15:03:01 -0500

As a side to calling in Law Enforcement, normally you have to already have
your case and prove a loss (felony loss) so document all of your costs
(human, resource, downtime, etc.).  I believe in calling in LE's when
required and I think that more companies should prosecute offenders instead
of only firing them.  But before I call I have to pretty much have my case
made and my reports done.  Then I hand them a nice tidy report with all of
the evidence.  

Also, not all LE agencies have the expertise and many locals do not have any
at all.  This is not to disparage them (on the contrary my husband is a
detective) - it is a matter of fiscal budgets and training.  Likewise many
companies do not have forensic people either and for the same reasons.

There are a large number of  companies that DO have trained forensic
personnel who can and do perform criminal and civil investigations for
clients.  LE and private all use the same tools.  It's not like there's a
secret society for Law Enforecement.  Private individuals, after all, were
the ones who WROTE the tools in 99.9% of the cases.  We just restrict access
to them obviously and in some cases we check references.  In fact a lot of
private forensic investigators do pro bono work for LE's - like myself.  If
you need to go to LE and you don't know who to contact in your area - try
contacting your local District Attorney.  Most DA's have a High Tech Crime
Team.  Larger PD's normally do as well.  OR you can contact HTCIA or a list
serv for a contact.  Someone will be happy to help you out.

This message is a PRIVILEGED AND CONFIDENTIAL communication, and is intended only for the individual(s) named herein or 
others specifically authorized to receive the communication. If you are not the intended recipient, you are hereby 
notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have 
received this communication in error, please notify the sender of the error immediately, do not read or use the 
communication in any manner, destroy all copies, and delete it from your system if the communication was sent via 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]