fagan today we're we're talking with wes goodwinit forensics when again uh... c_e_o_ of of acr databank services um... and i'd like to talk about the the computer forensicservices uh... we've talked about the datarecovery services answered questions today about uh... to get into some ofthem the uh... that isn't on something and synopsis faras
uh... the it forensic services um... and i guess one question that uh... that we get uh... or talk withpeople's you know wool when choosing some money to do computer forensic services what are some things that you know somebody's gonna wanna look forand make sure that angie how do they know that they'redealing with spot somebody that that is
uh... disreputable that that can do thejob and not mess things up sp socially since it we're dealing withuh... litigation possible issues here ragged uh... they're very important that e a qualified uh... olympic company or olympics investigator
be selected because defuse selects somebody is not follow proper procedure take good break a case so uh... there's certain things youwanna work for new uh... uh... korean characters uh... computer forensics investigator i have to be like and putthem
private security bureau some sort of a of licensing who something you want to look for also you want to make sure sure that the company properly campbell the evidently the utmost
uh... if uh... evidences spoiled or mishandled uh... it could be disastrous so the person handling the evidence should know how to profit chain ofcustody and she also know how to acquire at theuh... electronic evidence from the media without
disturbing it or changing medicator or information mister createdwith time and date stamps of the files and usage of the computer government preserved and uh... also do you wanna make sure thatalan this person has experienced with searching and analyzing the data andobtaining the evidence necessary
and as well as reporting uh... those to the customer party what what's a typical situation itshould you're gonna prosperous time you know individuals calling in is acorporate the intro corpus viewpoint isn't email uh... attorneys that are contacting you how does it how it will worse than theusual contact coming from
paralegal carmel happen uh... we we have attorneys callcorporation call government kennedy's twelve individual uh... repurposed all about lumps inc you were talking about again chain ofcustody and handle handling the media's such
what is the what's the process here if somebody call calls you up and theysay the sale kate let's him listening for what's the process at that point that that takes place standpoint and getting the media to u once you'vereceive the media and how it's handled through the process
and then given back to you know the person the it needed to goto attorney sentra so if you could you kind of walk throughthat i think that would be helpful for a lot of people well with when someone initially called grand we our conversation on the phone with themjust to get a a feel for what the case it's about
uh... we want to make sure it's companythat were qualified to do also do a complex check to make sure that there's not any kindof conflict of interest uh... amendment once we get our that we will fenderservice agreement to the client uh... they're not only have trampingdifferent conditions engaging services but it also has question that nine answered are very helpful
uh... to start out the investigation and um... we work with the client to walk through thequestion and and those defined the program occurs of how we're going to conduct the case what we get that back uh... the crime either stand in the media to our lab and uh... we start there or sometimes we
needed to uh... go on photography you're the initial acquisition uh... regardless of whether it's onvital in our lab we'll take a media and uh... we mostly creating digital forensics image to properly preserved
confirmation so it's not pulse quick it's it stays eleven whether frightening terrific image that we could preserved the information thatpreservation of the information is oftentimes we will pc media that the customer turney or computerrepair shops have tragedies in searching on hand
combat have you know altered the data lynn you know can be detrimental to the variousdegrees depending on how much about the gun sure i can imagine it's not just to the case but it also canmake your job
more difficult and pin finding her determining what they'reasking you do in the first x righted recreate to drug corners determining uh... the person who was program around on the computer what theywere doing and separating them from the actual everything that we're going after uh... one-third images complete uh... we offer
chuck do some uh... checked on the computer at the computersavailable the computer is not always availableit's not that we don't but if it is we we look at some information on thatcomputer itself and the bios and what we get at that point we thenconduct or uh... our investigation pondy computer forensicsimage and we can do a variety of investigation weakened burkett
kind of a history or at a time in date history uh... internet usage for usageof the computer you know about and uh... look for various email vote for him you know on the computer twelve deletedform uh... of activities that may haveoccurred but through email
uh... we can look for we can do a graphic imageanalysis for different types of graphic images look for specific documents uh... just you know a variety of kcalrameters and keywords provided by the close sunday you just said is is deleted so inother words it's not just
what you can visually see per se but if things have been deleted or ifthere's didn't destruction on purpose you you still have the for the most partthe ability to i guess dig underneath in and find what you'relooking for right there are we can look preparingtheir readily on the computer and it has been deleted
and oftentimes if they have technically for uh... getting rid of evidence uh... we can at least shows that thatoccurred if we can get to evidence well that is one constantly do from ip dated white beyond recovery
ki okay so i'm sorry to interrupt you butkeep going as far as just that the process you're going through you knowwhen you can do it our destination investigation and will you pick rametersprovided by the customer we also keep in communication with the customer as we go through looking for theinformation that uh... after almost always get to a internationalstage our investigation where we produced a report and the reported used in one of threeways
if he is uh... number one day maybe he is by the customer to find out that there'sreally not much evident on the computer and it's good that they did and more money to find out number two we made given exactly what they're after they have everything they need and wantfinished and the third in the most comment
usually use the report every pool to geta sampling what kind of pain of what kind ofevident any information and on the computer then that you that they are conflict whowill provide all feedback for that weekend do additionalmore focused dan uh... i'll actually see new used to work they can ticket to opposing counsel and say hey
is stuff that we found and it can yaseen amused at as as leveragingagainst it opposing counsel sent hate there is stuff here right up there in the category of theyget exactly what they're after the printed including in okay so watched you know you get to strip road report on
in a let's say that they want further investigation i want you toyou dig deeper frown from that you know you dig deeper need completed den is it continue give it back to theclient at that point to details visit to to the attorney i guess really what i'mgetting at is it's the chain of custody something you'dmentioned earlier
this information from what understand you were saying is it needs to be documented needs to be just came because he did go out toanybody it it you know certain parties in his journey type of of usual sequence that this chain ofcustody happens from beginning to in or homer you know they say
just a random now the uh... the chain of custody of course startswith the media and the media goes from party the party and abstract on there the regarding the reporting that's usually e lonely have the initial interview inthe questionnaire with the customer paid heller who we need to be reportedto you and hello
usually the uh... cables why don't you writeback the customer or okay so you'll point person that you'redealing with handful of people typically typically gather you know one or twopoints of contact arm knowing somebody's entertaining you know needing it digital forensic services
what are some things that you know okay uh... determine that that you know this person's computer i need to yourself that i think there's some evidence ofwhat they've done on this what are some things that that i should do or not do to you know
preserving the make your life easier as far as vilma getting there he's getting information for their looking for well uh... if you want information onthe computer and you wanted to be alternative little off more withcomputer should not be you you could all part of what should beturned off and and and and and and and it's created that's not always possible but being thecase where there might be servers
you know corporation girl uh... used onan ongoing basis uh... in their in that case we you know usually to acquisition onprovide from time to have to be the acquisition lifelong servers using uh... but in many cases we're talkingabout an individual laptop or death computer all kronor and hold computer divisive counselor in mostcases they kiss should not be used the
nation's buchanan so that the evidence the properly obtained preserved okay not sent him a searing heat uh... since wording or digital forensics here unit is it isn't anything is is it different in
you know send like somebody center hard drive and for data recovery is isit is there any time anything dip different there or is itbasically put it in a box and give it a fedex to to deliver well i think of the packet carefullyuh... pretend and i that antagonist in packagingproperly and yet recommend
you have delivery error fedex overnight the only the big difference would bethat in many cases where it's going to be a chain of custody document for thecompany so the them the applicant with sign g_-seven automatic you provide princetonso you know that the client's handing itoff tha to fedex
uh... you know are they going to get thefedex driver to sign for for it ten min uh... you get them keener to sign up chaney trustee when you receive it over how how does that mean param with when we and and actually haveinternational discussion with the quiet and it's hard to move forward with with the case
one other thing to do from ten a mwhat's known as a it forensics packet and and uh... contain helpful information for them to getstarted uh... it contains a therapist agreementit contained um... curriculum by cake for the bestgator it contained company qualification statement company
information and content the chain of custodydocument an amazing commute that chain of custody document with me send-off community i'm excited after a psychic i don't have the i don't having more questions uh... at this point i think that we've you know we've covered a lot you knowprancer la question selectively get
his ear anything else that that i've looked over that you knowyou'd like to add to to what we've talked about at this point yes wouldn't want and important thing toknow you thereof around we can do it forensics analysis sana wagvariety of media uh... one very often overlooked opportunity areback at taping and a lot of time to focus is on theharddrive and issues going on with the
hard drive needed thing about backup tapes is tapped they're basically snapshots intime uh... they were created sometime in the past and near is off and pay goldmine ofopportunity to find evidence on these because uh... okay said they were created at thempoint back in toronto
uh... that something that i take everyopportunity to point out specially for trying to find things that were bad over overtime on but track okay got a good point i didn't think of that and turkey bring that up but could contact sir i can see how that it can itself be veryhelpful
and giving you those still snapshots you know from the time progression to i don't have any more question to go tothis point i think that uh... you know we can concluded ascend and now lessard reallyappreciate your time once again uh... man i'm sure that point back toit forensics computer forensics digital forensics um... have a great day jet wildlife
it's
