For example, so you found a USB device was connected to a system. Bingo! Or not? Does this mean the ‘suspect’ transferred that intellectual property that everyone thought they did? Or was it the sysadmin playing detective after the employee left? Better yet, was it just a USB device installed for utilizing Vista’s ReadyBoost technology and nothing more?

Let’s take a look at another one:

What makes the suspect a suspect? Is it just because that’s what the paying customer believes they are? Is the paying customer themselves a suspect framing someone else? Using such a term lightly can make a forensic engineer delve into murky waters fast. Don’t assume anything as fact!

As forensic engineers, it is our duty to collect, analyze and present data to assist others in a case. We are not psychologists, hence it is not our job to make such conclusions. We are IT professionals looking at and presenting nothing else but data, 0′s and 1′s. So next time you write that report, remember!

From their agenda, it looks as though there is going to be several interesting talks. Unfortunately, the ones I’m interested in seem to conflict with each other throughout the event!

It would be great if I could do a dd of myself for times like this!

Jee