header image
Home
ADFSL 2007 Paper Abstracts

New Federal Rules And Digital Evidence

Gavin W. Manes, Elizabeth Downing, Lance Watson, Christopher Thrutchley
Oklahoma Digital Forensics Professionals, Inc. & Newton, O'Connor, Turner & Ketchum

Keywords: Digital Forensics, Electronic Discovery, Evidence Production, Privilege, Civil Procedure

The newly revised Federal Rules of Civil Procedure and developments under the Federal Rules of Evidence have a significant impact on the use, collection, and treatment of digital evidence for legal proceedings. The Rules now formally grant electronic documents and digital evidence the same status as paper and other forms of tangible evidence.  As a result, the availability and proper preservation of potentially relevant electronic evidence must be considered, at the very latest, in the preliminary stages of litigation and, at the earliest, as soon as litigation is reasonably anticipated.  It is important for professionals to be familiar with the specific rules and developing laws pertaining to the preservation and production of digital evidence prior to an incident or the initial stages of litigation and discovery.


Towards Redaction of Digital Information
from Electronic Devices

  

Gavin W. Manes, Lance Watson, Alex Barclay, David Greer, John Hale

Oklahoma Digital Forensics Professionals, Inc. & Center for Information Security University of Tulsa 


Keywords: Digital Forensics, Redaction, Electronic Discovery, Legal Production, Privilege

In the discovery portion of court proceedings, it is necessary to produce information to opposing counsel. Traditionally, this information is in paper form with all privileged information removed. Increasingly, the information requested during discovery exists in digital form and savvy counsel is requesting direct access to the original digital source: a broad spectrum of additional digital information can be often be extracted using digital forensics. This paper describes the major problems which must be solved to redact digital information from electronic devices.  The primary hurdle facing digital redaction is the lack of a rational process for systematically handling encoded, encrypted, or otherwise complex data objects. Any such process would need to incorporate a method for validating the integrity of electronic or digital redaction processes.


Education for Cyber Crime Investigators


David Greer, Joe Mulenex, John Hale, Gavin W. Manes
Center for Information Security University of Tulsa 


Keywords: Digital Forensics, Law Enforcement, Education

Digital forensics and cyber crime investigations are continually growing, rapidly changing fields requiring law enforcement agencies to meet very rigorous training requirements. New opportunities for committing criminal activity against persons, organization or property are presented every day with the proliferation of personal digital devices, computers, the internet, computer networks, and automated data systems. Whether the crime involves attacks against computer systems, electronic information, or more traditional crimes such as murder, money laundering or fraud, electronic evidence is becoming more prevalent. It is no surprise that law enforcement and criminal justice officials are being overwhelmed by the volume of investigations and prosecutions that involve electronic evidence. Fortunately, processes and procedures, as well as a variety of software and hardware tools have been developed to speed up and standardize the recovery of evidence from suspect media. Each of these tools provides specific capabilities within certain specialized areas. Training in the proper use of these tools is crucial for recovering forensically sound evidence in a manner which will withstand legal scrutiny. It is crucial for the success of future criminal investigations that the law enforcement community has access to timely, inexpensive, and readily available digital forensics and cyber crime investigations training material. This paper describes the development of a modular educational curriculum for training entry-level criminal investigators in the skills necessary to conduct a cyber crime scene investigation and evidentiary collection through the use of digital forensic tools. The curriculum incorporates multiple training methodologies, including instructor-led and multimedia based coursework. The curriculum’s instructor-led portion uses a classroom style presentation that provides 8-hours of interactive coursework. The participants are engaged in the actual process of evidence collection and a limited presentation on the uses of the forensic tools that are available to them. Additionally, the coursework is scaled to the user’s experience level, broken down to three levels: introductory, intermediate and advanced. The multimedia based coursework is designed to be scalable to a law enforcement agency’s needs. The agency has the ability to select from a list of modular curriculum that targets specific needs of an investigator. In addition to the modular framework of the multimedia course, levels of experience are also incorporated. The multimedia coursework will allow the user to actually engage interactively with the materials, simulating a hands-on investigation. This curriculum offers multiple delivery options that law enforcement agencies can take advantage of, regardless of size or geographical disposition. The material in both the instructor-led and multimedia courses are updated to remain timely and keep the user’s well versed in the latest use of tools and procedures, insuring the investigative and evidentiary process remain intact.