Hard Disk Forensics expertise?

[Moonliner]

Has anyone round here worked with hard disk forensics in relation to legal actions?

I'm looking for information not on the technical side of the equation but rather on the rules, procedures and certifications that are needed in the legal world.

Is there a nationally recognised certification for individuals performing hard disk analysis?

Are there set procedures to secure chain of custody, etc...

Thanks for any help.






Ps: No I'm not facing any legal action, It's for a friend. No really it is.

[€uroMeinke]

Usually going to forensics only happens in extreme circumstances - where a party is presumed to have deliberated deleted or altered their hard drive to cover up illeagle activity or fraud.

Usually it happens after hardware is siezed in a legal action and the chain of custody falls on the organization doing the seizing. There is no set standard, and usually the effort is proportional to the severity of the case but might include: witnessed testimony, access control logs, documented and audited processes (if this is an organization we're talking about).

To my knowledge, there is no certification standards for forensics, tbut there are a number of private companies (as well as government organizations) that specialize in these activities to different levels complexeity - Apparently the CIA has technology that can read back 7 re-writes of a hard drive.

I guess a lot depends on the circumstances:

Is your friend trying to find evidence of wrong doing on someone else's computer? And if so, is criminal procsecution an expected outcome?

Or is your friend trying to cover something up that may be on his computer?

[€uroMeinke]

Your friend might find this article of interest

[Alex]

There are professional certification programs out there for computer forensics that are supposed to help with getting work with law enforcement agencies and certain private industrial applications.

But I don't know any of the details.