General discussion

Locked

For all CSI fanatics! (including me)

By pr0teus ·
OK, if you even have the faintest idea of investigative procedures, you'll know that not everything works as quickly as we see on CSI - however, the principles and science behind the show are all sound.

Regarding computer forensics - how does one find chat transcripts and online emails without actually getting a warrant for the providers (and, by the way, I'm not up to any hanky-panky or sneaking around anyone's computer). To find emails sent/received via Outlook/Outlook express just browse the path (C:\Documents and Settings\<Username>\Local Settings\Application Data\Microsoft\Outlook --> copy .pst & .dat files to similar folder on an active machine, then access them with Outlook)

Local Settings on a Windows machine may be able to tell you what pages have recently been visited, and you may be able to get email addresses, but certainly not actual emails - which aren't typically cached.

So when they say "Grissom, we found a copy of some email correspondence between the victim and the suspect", how did they do it??

How do they determine the IP address of a computer that was communicating with the Vic's - especially since we know that most networks use private IP's and getting a 10.0.0.1 address doesn't lead you to the Perp.

Also, what are other things a forensic analyst should/would look for when combing through a hard drive?

Could you be a CSI?

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Sadly I've had to do this

by JamesRL In reply to For all CSI fanatics! (in ...

One of my employees at a former employer of mine was caught red handed using company facilities to run a side business, which was clearly against corporate policy, and which would result in dismissal.

As soon as we found out, we had to seize the computer and look for compounding evidence, in case it ever went to court(it didn't, he admitted his guilt and accepted severence).

Outlook and Outlook express allow users to cache their emails locally. This is primarily so that laptop users can read and reply to mail offline. If they are stored locally, it is a cinch to access it. Of course, if local caching is not enabled, all they need is a warrant for the ISP. And the data is probably safer at the ISP....

As for chats, I don't know about current versions, but I do know that Yahoo chat used to have an archiving feature.

As for IP addresses, between DHCP and IP spoofing, its pretty hard to trace the "real" address of anyone.

Temporary Internet Files can lead someone through an almost step by step walk of what they have been up to. There are no files kept for SSL sites like internet banking, but usually the home page for the banking is not SSL, but the signon page is, so at least you know that they went to the main site. Cookies can also help foresenics people put together surfing history. People who store passwords locally could have them hacked by someone who is creative and skilled enough. There are tools for such things.

Of course I would always look for hidden files, encrypted files, recently deleted files.

James

Collapse -

Free Forensic Software

by charlesrollo In reply to For all CSI fanatics! (in ...

It has been a while since you posted regarding computer forensics,but here is a site that has some software for forensic investagation.

Back to Community Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums