Confession

Ok so I'm feeling like I have to get something off my chest...to tell you all the truth-and I know this is going to invite flames and defamation-I'm using DSL and Linux in general for Law Enforcement work.

I am a Forensic Analyst. I examine evidence brought to me according to the parameters of a investigator following the scope of a search warrant or invesigator(when there is an exception to a search warrant-lile user consent).

This does not mean I am looking over anyone shoulder prying into your affairs watching posts etc. I believe in the first and fourth ammendments as strongly as anyone else. AND I personally think the Patriot Act is a little overarching in scope.

Now if that last statement doesnt get Big Brotther watching me....

Anywho for some reason I just felt the need to unload on this issue.

Cheers

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

hey that's great!

That's freaking cool!

DSL protecting ad serving!! ^_^

-----
Deep Thought was wrong. The Answer isn't 42, it's DSL!

Thanks Man

Any thing I can do for you in MI Saidin..just ask..
:-)

--Mike
"You cannot wield it!"

DSL and Linux.

What features in DSL do you make use of in your work affairs?
( Audio, logging, internet access, file storage )

ke4nt

Tax dollars well spent

I'd rather see civil servants use free software so that money could be freed up for bonuses, promotions, training and better equipment. Using Linux department-wide would breathe new life into old computer hardware and free up money needed elsewhere.

I wish more police departments would consider switching to Linux.

Tell us how..

How about getting into some detail of how you are using DSL in Forensics? Are you using OS applications? Are you using stuff custom made for your needs? I am sure a lot of people would be very interested.

Some Examples

In foreniscs I use a program called SMART by ASR Data. I recently created a .dsl of the program that I load up into the live CD to do forenisc previews. I did the same thing for Brian Carrier's excellent Autopsy and Sleuthkit.

I've used some of the scripts from Steve Gibson's AIR tool and use DSL to create forensic images of evidence that is submitted to my unit. I commonly use dd and sdd+ for imaging.

What is a forensic preview? And what is a forenisc image? To be forensically sound any work done on computer evidence needs to be done in an environment that is under control of the examiner. Tools used need to be tested and validated; in other words you need to take a tool get a result and be able to duplicate it again and understand how it gets the results that it gets.

All our evidence is kept in a cypher locked and key carded evidence vault, that only two people have access to. Evidence is brought the unit, signed for, entered into property and then placed in the vault. When taken out of the vault it is assigned to the examiner removing it so chain of custody is maintained.

Evidence must be protected so that nothing is changed(best case scenario) or if altered, documented. Unfortunately sometimes in order to get evidence you have to use techniques that do place a small footprint on evidence. A perfect example is doing an examination on a WINCE PDA. Currently all forensic recovery on a WINCE PDA uses activesync to communicate with the device. In order to do that you have to create a guest partnership and this entails placeing a small 4k file in the memory of the device. Unavoidable.

A forensic copy is a bit by bit copy of the physical media-hard drive, compact flash etc. A forensic "preview" is protecting the evidence and then walking through it "live" to find what the investigator is looking for.

We commonly use forensic previews on Child ography cases in order to determine if the submitted evidence has suspected child ogrpahy and warrants an full exam.

One of the great strengths of DSL in computer forensics is that it runs on older hardware and with a small footprint.