|
A forensic
computer data examination is an investigation that:
- complies with established computer forensic principles
- uses appropriate computer forensic techniques
- identifies data relevant to a case and
- produces exhibits for the court
Michael J L Turner is a Registered
Forensic Practitioner in the speciality of Computer Examination: Data
Examination.
Data Examination - sources of evidence and evidential artifacts
Michael Turner has experience of the following Data Examination sources
of evidence and evidential artifacts:
|
Computing platforms
|
Mainframes, minis, LANs, WANs, POS networks, PCs, Mail servers,
Database servers, Internet
|
|
Databases
|
Database (MS Access, SQLServer) tables, change history and database
applications
Application databases (Thumbs, AOL PFC, Windows Media Player, P2P
File-sharing - Kazaa and IMesh, iTunes, Whois?)
|
|
Date and time stamps
|
File system date-stamps (File Created, Last Modified, Last Accessed),
Software application (MS Word, MS Excel) metadata, System clock
settings, Timezones and Daylight saving (BST) settings
|
|
Deleted files
|
Recovery of deleted files, Recycle Bin, Norton Recycler
|
|
Documents
|
Document version history, revision history, print history, authenticity,
authorship (MS Word, MS Excel, Lotus)
|
|
Domain Names
|
Domain name registration records, domain name transfer records
|
|
E-mail
|
Client-based E-mail and E-mail archives (Outlook, Outlook Express),
Web-based E-mail and E-mail archives (AOL, Hotmail)
|
|
Evidence Elimination
|
Anti-forensics secure deletion (Evidence Eliminator, Eraser, Sure
Delete)
|
|
Forensic image copy formats
|
EnCase, dd, FTK, SMART, ditu, DIBS, Vogon
|
|
Hard disk drives
|
History of formatting, defragmentation, wiping of hard disk drives
|
|
Hardware configuration
|
History of changes to hardware configuration
|
|
Log files
|
Activity logs, Audit trails, Event logs, Internet Access logs
|
|
Media
|
Hard disk drives, CDs, DVDs, USB memory sticks, removable media,
obsolete media formats
|
|
Operating system
|
History of Windows installation, re-installation, upgrades
|
|
Passwords
|
Logon and Account Password setting, changes, resetting; password
recovery, cracking
|
|
Program source code
|
Program source code in C, C++, Visual Basic, Java, HTML, XML, MS
Access, Basic, COBOL, DIBOL, command scripts
|
|
Registry settings
|
System settings (Configuration, Last Use, Last User, Last Shutdown)
and User settings (IE Search terms, Typed URLs and Auto Logon IDs)
|
|
Software version
|
Software version change control history
|
|
Telephone call records
|
Communications traffic data - telephone service provider call records
(SPOC)
|
|
User Identity
|
User ID, Account ID, Logon ID, MAC, SID, GUID, Passwords, Shared
Logons, Unattended Logons
|
|
Web archives
|
Web archive searches, Presence or absence of web-pages, web-page
versions, State of the Art, Age of Models - USC 2256 or 2257
|
|
Web browsing
|
Web browser (Internet Explorer - IE, Netscape, Mozilla) cache,
Browser history files (active and deleted)
Bookmarks, Favorites, Cookies, Google searches
|
Experience - Courts and Cases
Michael Turner has extensive experience of data examination in:
- Civil courts (for Claimant and Defendant and as Single Joint Expert)
- Criminal courts (White-collar and general crime, for Prosecution and
Defence)
- Employment Tribunals (for Applicant and Respondent)
- Care Standards Tribunal (Appeal against List 99 blacklisting)
- Family Court (Review of computer evidence from previous criminal case)
- Court Martial
and in a very wide range of cases including:
|
Blackmail
|
Confidential data recovered from hard disk of recycled PC
|
|
Breach of contract
|
Sale of business, Property lease
Supply of computer systems (Compliance with contract specification)
|
|
Computer Misuse Act 1990 Ss 1, 2, 3
|
Time locks, Logic-bombs, and Hacking |
|
Confidential information
|
Customer and Contact data, Databases, Designs, Drawings, Specifications
|
| Divorce |
Recovery of over 50 versions of a deleted document.
Fabrication of financial statements |
|
Drugs
|
Distribution (Telephone call records)
|
|
Employment
|
Internet abuse, Inappropriate Use, Racial Discrimination, Disability
Discrimination, Racist documents
|
|
False Accounting
|
Retail commission
|
|
Fraud
|
Online Banking (Theft of £12,000,000), Banking, Credit Card (Identity
theft)
Domain Slamming (Whois? database Data Mining, Spam, Domain name
registrations, renewals and transfers)
Investment, Insurance and Mortgage frauds
|
|
Indecent Images of Children
|
Possession of and Making indecent photographs of children
|
|
Internet libel
|
Web site and E-mail defamation
|
|
Intimidation of witnesses
|
Falsifying Witness Statements
|
|
Money Laundering
|
Internet Banking
|
|
Murder and Manslaughter
|
Serial killer, Contract Killing, Road Traffic Accident
|
|
Negligence
|
Legal advice
|
|
Perverting the course of justice
|
Editing, Amending, Fabricating documents in evidence
|
|
Police computer systems
|
Telephone call records (SPOC); security and system event logs
|
| Sexual Grooming |
Online chat with minors |
|
Sexual Harassment
|
Stalking (Indecent letters)
|
|
Software Copyright infringement
|
Literal copying of software specifications, design documents and
program source code
|
|
Terrorism Act 2000 Ss38, 57, 58
|
Failing to disclose information about terrorism.
Possessing documents likely to be of use to a person engaged in
instigating, preparing or committing an act of terrorism
|
Experience - Applications
Michael Turner has thirty-five years' experience of software applications
in a range of sectors, including:
| Accountants |
Fabrics |
PC maintenance |
| Agricultural equipment |
Film industry |
Police force |
| Civil Aviation |
Financial Services |
Post Office |
| Armed Forces |
Golf clubs |
Printing |
| Banking (Internet) |
Government |
Property |
| Banking (Investment) |
Home PC use |
Publishing |
| Banking (Online) |
Hotel |
Queue management |
| Brewing |
Insurance |
Recruitment |
| Business information |
Internet |
Retail |
| Chemicals |
Local Government |
Schools |
| Computer manufacturer |
Medical Repatriation |
Software development |
| Computer systems supply |
Motor racing |
Software publishing |
| Construction |
Motor trade |
Solicitors |
| Derivatives trading |
Number plate recognition (ANPR) |
Telecommunications |
| Estimating |
Parcel courier |
Travel |
|
|
|
