From: daniel heinonen [d.heinonen@qut.edu.au]
Sent: Tuesday, May 22, 2001 8:20 PM
To: forensics@securityfocus.com
Subject: forensics: Assignment outline

Hi all,

Sorry to burden you all with my assignment again, however I thought if 
anyone else was drafting talks or writing their own document
some of this may come in handy.  When I finish my assignment on Friday I 
will make it available.  I have directed this document to
people outside the field as my experience is limited and this has been what 
most other sites focus on.

My main question would be with the broad topics I have listed below, are 
there any, which people believe do not effect the work of
computer forensics.  The other question would be is there anything major I 
have left out.  I have a large amount of research material so I will be 
backing these items up with examples.

Volume of Information
         Rapidly increasing storage capacity
         Searching for evidence
         Evidence preservation
         Scope of seizure
Technology advancements
         Increase in tools
         Increase in vulnerabilities
         Increasing awareness
         Changing environments
         Changing devices and scope of evidence
Encryption
         Steganophy
         Assumption of guilt
         Reliance on user error
         Output of tools
Authenticity
         Beyond reasonable doubt
         Multi users on one resource
         Administrator
         Integrity
         Company policies
Integrity
         Sterile resources
         Proprietary tools
         Output of tools
         Output of computer generated records
         Checksum
         Output of encrypted files
Time
         Court imposed limitations
         Time limitation of seizure may extend to examination
         Imaging of hard drive
         Distance between examination and court
         Technology changes
         Respond to crime in real time
Finance
         Should encourage public to devise preventive technology
         Benefits of investigation
         High volume, low value offences
         Donated equipment
Skilled examiners
         Training
         Private sector
         Money
         Sworn in or civilian
         Tech-lag
Juridical boundaries
         Real time tracing
         Evidence admissibility
         Clearing houses
         Anomalies in law
         Extradition
         International treaties
         Multiple jurisdictions
Legislation
         Storing of Illegal material
         Admissibility of evidence
         Hearsay
         Seizure of equipment
         Time
         Chain of custody
         Documentation
         Privacy
         Non sworn in investigators

Many thanks,

Daniel Heinonen