[ale] OT: qualified/reputable computer forensics expert

Sid Lane jakes.dad at gmail.com
Thu Jan 4 11:15:06 EST 2007 

thanks to everyone for the references!

I have forwarded them on...

Norcross group came reccomended from some of our people here too...

from the information I'm getting it doesn't sound like the "forensic" work
was done in a manner even approaching professional.  they're not sure what
to scrutinize because they've not gotten any technical details of how it was
found (just a digital photo of a screenshot - nice).  no documentation of
whether they checksummed the drive/partitions before/after examination,
read-only mounted, names/versions of tool(s) used, etc. - basic DUH! stuff.
not even actual filename(s)/path(s) (i.e. was it in "my documents\..." or a
browser cache and/or swapfile, etc.).  I don't know if that means it
actually was done that sloppily (i.e. system was actually booted, possibly
still connected to internet, and "browsed") or if it was done "right" and
they're just withholding that evidence...

On 1/3/07, Bob Toxen <bob at verysecurelinux.com> wrote:
>
> On Tue, Jan 02, 2007 at 01:03:46PM -0500, Sid Lane wrote:
> > I have an in-law in need of this service (unfortunately not **AA related
> -
> > wish it were that benign) to scrutinize recently disclosed evidence.
> >
> > sorry, can't provide any specifics beyond that (their family isn't
> telling
> > me much which is pretty frustrating).
> >
> > any references would be greatly appreciated...
> I'm experienced at doing this on Linux and Unix systems, including
> Macs.  If it is a Windows box or other equipment I may be able to do
> it, depending on circumstances.
>
> My references include Dow Hurst, a long time ALE member:
>
>   Dow Hurst
>   336-334-5122:W
>   University of North Carolina, Greensboro
>   1000 Spring Garden Street
>   Greensboro, NC 27403
>   Dow.Hurst at mindspring.com dphurst at uncg.edu
>
> Best regards,
>
> Bob Toxen, CTO
> Horizon Network Security
> "Your expert in Firewalls, Virus and Spam Filters, VPNs, Linux System
> Administration, local and remote backup software, Network Monitoring,
> and Network Security consulting, in business for 16 years."
>
> http://www.verysecurelinux.com       [Network & Linux/Unix Security
> Consulting]
> http://www.realworldlinuxsecurity.com [My 5* book: "Real World Linux
> Security"]
> http://www.verysecurelinux.com/sunset.html                    [Sunset
> Computer]
> bob at verysecurelinux.com (e-mail)
> +1 770.662.8321  (Office: 10am-6pm M-F U.S. Eastern Time)
> +1 404.216.5100  (Cell away from office)
>
> My recent training and talks on Linux security include:
>   in Ireland                                            on Dec  04-08 2006
>   in Denver, CO                                         on May  16-18 2006
>   in Silicon Valley, CA                                 on May  1-3   2006
>   at ISSA, Atlanta, GA                                  on Apr. 26    2006
>   at ISSA, Kennesaw, GA                                 on Apr. 25    2006
>   in Denver, CO                                         on Feb. 15-16 2006
>   in Silicon Valley, CA                                 on Jan. 15-17 2006
>
>   in Silicon Valley, CA                                 on Dec. 5-13  2005
>   in Chattanooga, TN                                    on Jun. 16    2005
>   in Denver, CO                                         on May. 16-20 2005
>   in Denver, CO                                         on Feb. 28-04 2005
>
>   in New Jersey                                         on Nov. 15-16 2004
>   at Atlanta Unix Users Group                           on Nov.  01   2004
>   in Boston, MA                                         on Oct. 11-14 2004
>   in Denver, CO                                         on Sep. 27-28 2004
>   at Linux World SF signing at Prentice Hall's booth    on Aug.  03   2004
>   in Denver, CO                                         on Jul. 12-13 2004
>   at the Atlanta SecureWorld Expo in Atlanta            on May   27   2004
>   in New Jersey                                         on May. 25-26 2004
>   in Denver, CO                                         on Apr. 15-16 2004
>   at the FBI's Atlanta headquarters                     on Mar.  10   2004
>   at Southeast Cybercrime Summit in Atlanta             on Mar.   4   2004
>
>   in New Jersey                                         on Oct. 27-30 2003
>   at Computer Associates' Atlanta Linux Security Summit on Sep.  16   2003
>   at the Enterprise Linux Forum in Silicon Valley       on June  04   2003
>   at the Atlanta SecureWorld Expo in Atlanta            on May   22   2003
>   at IBM's Linux Competency Center in New York City     on Mar.  06   2003
>
> Author,
> "Real World Linux Security: Intrusion Detection, Prevention, and Recovery"
> 2nd Ed., Prentice Hall, (C) 2003, 848 pages, ISBN: 0130464562
> Also available in Japanese, Chinese, Czech, and Polish.
>
> If you spend more on coffee than on IT security, you will be hacked.
> What's more, you deserve to be hacked.
> -- White House cybersecurity adviser Richard Clarke
>
> Public key available at http://www.verysecurelinux.com/pubkey.txt,
> keyservers,
>   and on the CD-ROM that comes sealed and attached to Real World Linux
> Security
> pub  1024D/E3A1C540 2000-06-21 Bob Toxen <book at realworldlinuxsecurity.com>
>      Key fingerprint = 30BA AA0A 31DD B68B 47C9  601E 96D3 533D E3A1 C540
> sub  2048g/03FFCCB9 2000-06-21
>
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
>
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the Ale mailing list