If the assignment was for a term paper about mobile forensics, this paper would be well-written and deserving of a high mark. However, the assignment is for a Standard Operating Procedure. An SOP should serve as a guide for an examination. It should tell the examiner what steps are expected for the lab. As of this moment, while much of the content is good, this paper does not meet the scope of the assignment.

This comment for the acquisition part (third page)>>

The information/content in this section is well presented and accurate. However, the format (throughout) is more typical of a term paper and not of an SOP. Please consider reformatting to provide steps which an examiner would take.

In other words, please answer the questions, for your lab, what procedures are taken in acquisition?

The purpose of a Standard Operating Procedure is to serve as a guide for an examiner. An example can be found here: https://www.swgde.org/documents/Current%20Documents/SWGDE%20QAM%20and%20SOP%20Manuals/SWGDE%20Model%20SOP%20for%20Computer%20Forensics

What about Backups? What about File System Acquisition?

When should I use what methodologies? Who is authorized to do what procedure? Is there required training or proficiency testing to do chip off? What are the procedures for the lab? If the device is on what type of acquisition should I do first? If the device is off what do I do first? Am I required to get each of the applicable image types? Do I image the SIM separate from the device? What about the SD card? When do I use write blockers?

If an examiner were to pick this document up, it would be informational; however, it does not provide a procedure for how to conduct examinations in your lab.

Lets spend some time on Monday night discussing format. While a great deal of your content is valuable, the format is not indicative of an SOP and does not provide a guideline for an examiner to use in a lab.

This comment for the beginning of page#6 >>

Are Chip-off and JTAG methods used in your lab? What are the requirements in your lab for personnel to do these types of extractions? Data owner permission? Does the device need to be returned in its original state?

Page#8 the Encase paragraph >>

These are traditional forensics tools and while they can be used, an examiner would be more well suited using tools specifically for mobile forensics.

Please think through some questions you would want to know if you were working in my lab on day one. Here are just some examples:

Seizure

How do we handle network isolation?

How do we document the scene – photography, chain of custody, etc?

How do we ensure network isolation?

Acquisition:

What do we do if the device is off?

What do we do if the device is on?

What do we do if it is PIN locked?

What do we do for backups?

Analysis:

Where do we look for data on Android? IOS? Feature Phones?

etc…

If the assignment was for a term paper about mobile forensics, this paper would be well-written and deserving of a high mark. However, the assignment is for a Standard Operating Procedure. An SOP should serve as a guide for an examination. It should tell the examiner what steps are expected for the lab. As of this moment, while much of the content is good, this paper does not meet the scope of the assignment.

This comment for the acquisition part (third page)>>

The information/content in this section is well presented and accurate. However, the format (throughout) is more typical of a term paper and not of an SOP. Please consider reformatting to provide steps which an examiner would take.

In other words, please answer the questions, for your lab, what procedures are taken in acquisition?

The purpose of a Standard Operating Procedure is to serve as a guide for an examiner. An example can be found here: https://www.swgde.org/documents/Current%20Documents/SWGDE%20QAM%20and%20SOP%20Manuals/SWGDE%20Model%20SOP%20for%20Computer%20Forensics

What about Backups? What about File System Acquisition?

When should I use what methodologies? Who is authorized to do what procedure? Is there required training or proficiency testing to do chip off? What are the procedures for the lab? If the device is on what type of acquisition should I do first? If the device is off what do I do first? Am I required to get each of the applicable image types? Do I image the SIM separate from the device? What about the SD card? When do I use write blockers?

If an examiner were to pick this document up, it would be informational; however, it does not provide a procedure for how to conduct examinations in your lab.

Lets spend some time on Monday night discussing format. While a great deal of your content is valuable, the format is not indicative of an SOP and does not provide a guideline for an examiner to use in a lab.

This comment for the beginning of page#6 >>

Are Chip-off and JTAG methods used in your lab? What are the requirements in your lab for personnel to do these types of extractions? Data owner permission? Does the device need to be returned in its original state?

Page#8 the Encase paragraph >>

These are traditional forensics tools and while they can be used, an examiner would be more well suited using tools specifically for mobile forensics.

Please think through some questions you would want to know if you were working in my lab on day one. Here are just some examples:

Seizure

How do we handle network isolation?

How do we document the scene – photography, chain of custody, etc?

How do we ensure network isolation?

Acquisition:

What do we do if the device is off?

What do we do if the device is on?

What do we do if it is PIN locked?

What do we do for backups?

Analysis:

Where do we look for data on Android? IOS? Feature Phones?

etc…

If the assignment was for a term paper about mobile forensics, this paper would be well-written and deserving of a high mark. However, the assignment is for a Standard Operating Procedure. An SOP should serve as a guide for an examination. It should tell the examiner what steps are expected for the lab. As of this moment, while much of the content is good, this paper does not meet the scope of the assignment.

This comment for the acquisition part (third page)>>

The information/content in this section is well presented and accurate. However, the format (throughout) is more typical of a term paper and not of an SOP. Please consider reformatting to provide steps which an examiner would take.

In other words, please answer the questions, for your lab, what procedures are taken in acquisition?

The purpose of a Standard Operating Procedure is to serve as a guide for an examiner. An example can be found here: https://www.swgde.org/documents/Current%20Documents/SWGDE%20QAM%20and%20SOP%20Manuals/SWGDE%20Model%20SOP%20for%20Computer%20Forensics

What about Backups? What about File System Acquisition?

When should I use what methodologies? Who is authorized to do what procedure? Is there required training or proficiency testing to do chip off? What are the procedures for the lab? If the device is on what type of acquisition should I do first? If the device is off what do I do first? Am I required to get each of the applicable image types? Do I image the SIM separate from the device? What about the SD card? When do I use write blockers?

If an examiner were to pick this document up, it would be informational; however, it does not provide a procedure for how to conduct examinations in your lab.

Lets spend some time on Monday night discussing format. While a great deal of your content is valuable, the format is not indicative of an SOP and does not provide a guideline for an examiner to use in a lab.

This comment for the beginning of page#6 >>

Are Chip-off and JTAG methods used in your lab? What are the requirements in your lab for personnel to do these types of extractions? Data owner permission? Does the device need to be returned in its original state?

Page#8 the Encase paragraph >>

These are traditional forensics tools and while they can be used, an examiner would be more well suited using tools specifically for mobile forensics.

Please think through some questions you would want to know if you were working in my lab on day one. Here are just some examples:

Seizure

How do we handle network isolation?

How do we document the scene – photography, chain of custody, etc?

How do we ensure network isolation?

Acquisition:

What do we do if the device is off?

What do we do if the device is on?

What do we do if it is PIN locked?

What do we do for backups?

Analysis:

Where do we look for data on Android? IOS? Feature Phones?

etc…

If the assignment was for a term paper about mobile forensics, this paper would be well-written and deserving of a high mark. However, the assignment is for a Standard Operating Procedure. An SOP should serve as a guide for an examination. It should tell the examiner what steps are expected for the lab. As of this moment, while much of the content is good, this paper does not meet the scope of the assignment.

This comment for the acquisition part (third page)>>

The information/content in this section is well presented and accurate. However, the format (throughout) is more typical of a term paper and not of an SOP. Please consider reformatting to provide steps which an examiner would take.

In other words, please answer the questions, for your lab, what procedures are taken in acquisition?

The purpose of a Standard Operating Procedure is to serve as a guide for an examiner. An example can be found here: https://www.swgde.org/documents/Current%20Documents/SWGDE%20QAM%20and%20SOP%20Manuals/SWGDE%20Model%20SOP%20for%20Computer%20Forensics

What about Backups? What about File System Acquisition?

When should I use what methodologies? Who is authorized to do what procedure? Is there required training or proficiency testing to do chip off? What are the procedures for the lab? If the device is on what type of acquisition should I do first? If the device is off what do I do first? Am I required to get each of the applicable image types? Do I image the SIM separate from the device? What about the SD card? When do I use write blockers?

If an examiner were to pick this document up, it would be informational; however, it does not provide a procedure for how to conduct examinations in your lab.

Lets spend some time on Monday night discussing format. While a great deal of your content is valuable, the format is not indicative of an SOP and does not provide a guideline for an examiner to use in a lab.

This comment for the beginning of page#6 >>

Are Chip-off and JTAG methods used in your lab? What are the requirements in your lab for personnel to do these types of extractions? Data owner permission? Does the device need to be returned in its original state?

Page#8 the Encase paragraph >>

These are traditional forensics tools and while they can be used, an examiner would be more well suited using tools specifically for mobile forensics.

Please think through some questions you would want to know if you were working in my lab on day one. Here are just some examples:

Seizure

How do we handle network isolation?

How do we document the scene – photography, chain of custody, etc?

How do we ensure network isolation?

Acquisition:

What do we do if the device is off?

What do we do if the device is on?

What do we do if it is PIN locked?

What do we do for backups?

Analysis:

Where do we look for data on Android? IOS? Feature Phones?

etc…

If the assignment was for a term paper about mobile forensics, this paper would be well-written and deserving of a high mark. However, the assignment is for a Standard Operating Procedure. An SOP should serve as a guide for an examination. It should tell the examiner what steps are expected for the lab. As of this moment, while much of the content is good, this paper does not meet the scope of the assignment.

This comment for the acquisition part (third page)>>

The information/content in this section is well presented and accurate. However, the format (throughout) is more typical of a term paper and not of an SOP. Please consider reformatting to provide steps which an examiner would take.

In other words, please answer the questions, for your lab, what procedures are taken in acquisition?

The purpose of a Standard Operating Procedure is to serve as a guide for an examiner. An example can be found here: https://www.swgde.org/documents/Current%20Documents/SWGDE%20QAM%20and%20SOP%20Manuals/SWGDE%20Model%20SOP%20for%20Computer%20Forensics

What about Backups? What about File System Acquisition?

When should I use what methodologies? Who is authorized to do what procedure? Is there required training or proficiency testing to do chip off? What are the procedures for the lab? If the device is on what type of acquisition should I do first? If the device is off what do I do first? Am I required to get each of the applicable image types? Do I image the SIM separate from the device? What about the SD card? When do I use write blockers?

If an examiner were to pick this document up, it would be informational; however, it does not provide a procedure for how to conduct examinations in your lab.

Lets spend some time on Monday night discussing format. While a great deal of your content is valuable, the format is not indicative of an SOP and does not provide a guideline for an examiner to use in a lab.

This comment for the beginning of page#6 >>

Are Chip-off and JTAG methods used in your lab? What are the requirements in your lab for personnel to do these types of extractions? Data owner permission? Does the device need to be returned in its original state?

Page#8 the Encase paragraph >>

These are traditional forensics tools and while they can be used, an examiner would be more well suited using tools specifically for mobile forensics.

Please think through some questions you would want to know if you were working in my lab on day one. Here are just some examples:

Seizure

How do we handle network isolation?

How do we document the scene – photography, chain of custody, etc?

How do we ensure network isolation?

Acquisition:

What do we do if the device is off?

What do we do if the device is on?

What do we do if it is PIN locked?

What do we do for backups?

Analysis:

Where do we look for data on Android? IOS? Feature Phones?

etc…

If the assignment was for a term paper about mobile forensics, this paper would be well-written and deserving of a high mark. However, the assignment is for a Standard Operating Procedure. An SOP should serve as a guide for an examination. It should tell the examiner what steps are expected for the lab. As of this moment, while much of the content is good, this paper does not meet the scope of the assignment.

This comment for the acquisition part (third page)>>

The information/content in this section is well presented and accurate. However, the format (throughout) is more typical of a term paper and not of an SOP. Please consider reformatting to provide steps which an examiner would take.

In other words, please answer the questions, for your lab, what procedures are taken in acquisition?

The purpose of a Standard Operating Procedure is to serve as a guide for an examiner. An example can be found here: https://www.swgde.org/documents/Current%20Documents/SWGDE%20QAM%20and%20SOP%20Manuals/SWGDE%20Model%20SOP%20for%20Computer%20Forensics

What about Backups? What about File System Acquisition?

When should I use what methodologies? Who is authorized to do what procedure? Is there required training or proficiency testing to do chip off? What are the procedures for the lab? If the device is on what type of acquisition should I do first? If the device is off what do I do first? Am I required to get each of the applicable image types? Do I image the SIM separate from the device? What about the SD card? When do I use write blockers?

If an examiner were to pick this document up, it would be informational; however, it does not provide a procedure for how to conduct examinations in your lab.

Lets spend some time on Monday night discussing format. While a great deal of your content is valuable, the format is not indicative of an SOP and does not provide a guideline for an examiner to use in a lab.

This comment for the beginning of page#6 >>

Are Chip-off and JTAG methods used in your lab? What are the requirements in your lab for personnel to do these types of extractions? Data owner permission? Does the device need to be returned in its original state?

Page#8 the Encase paragraph >>

These are traditional forensics tools and while they can be used, an examiner would be more well suited using tools specifically for mobile forensics.

Please think through some questions you would want to know if you were working in my lab on day one. Here are just some examples:

Seizure

How do we handle network isolation?

How do we document the scene – photography, chain of custody, etc?

How do we ensure network isolation?

Acquisition:

What do we do if the device is off?

What do we do if the device is on?

What do we do if it is PIN locked?

What do we do for backups?

Analysis:

Where do we look for data on Android? IOS? Feature Phones?

etc…

If the assignment was for a term paper about mobile forensics, this paper would be well-written and deserving of a high mark. However, the assignment is for a Standard Operating Procedure. An SOP should serve as a guide for an examination. It should tell the examiner what steps are expected for the lab. As of this moment, while much of the content is good, this paper does not meet the scope of the assignment.

This comment for the acquisition part (third page)>>

The information/content in this section is well presented and accurate. However, the format (throughout) is more typical of a term paper and not of an SOP. Please consider reformatting to provide steps which an examiner would take.

In other words, please answer the questions, for your lab, what procedures are taken in acquisition?

The purpose of a Standard Operating Procedure is to serve as a guide for an examiner. An example can be found here: https://www.swgde.org/documents/Current%20Documents/SWGDE%20QAM%20and%20SOP%20Manuals/SWGDE%20Model%20SOP%20for%20Computer%20Forensics

What about Backups? What about File System Acquisition?

When should I use what methodologies? Who is authorized to do what procedure? Is there required training or proficiency testing to do chip off? What are the procedures for the lab? If the device is on what type of acquisition should I do first? If the device is off what do I do first? Am I required to get each of the applicable image types? Do I image the SIM separate from the device? What about the SD card? When do I use write blockers?

If an examiner were to pick this document up, it would be informational; however, it does not provide a procedure for how to conduct examinations in your lab.

Lets spend some time on Monday night discussing format. While a great deal of your content is valuable, the format is not indicative of an SOP and does not provide a guideline for an examiner to use in a lab.

This comment for the beginning of page#6 >>

Are Chip-off and JTAG methods used in your lab? What are the requirements in your lab for personnel to do these types of extractions? Data owner permission? Does the device need to be returned in its original state?

Page#8 the Encase paragraph >>

These are traditional forensics tools and while they can be used, an examiner would be more well suited using tools specifically for mobile forensics.

Please think through some questions you would want to know if you were working in my lab on day one. Here are just some examples:

Seizure

How do we handle network isolation?

How do we document the scene – photography, chain of custody, etc?

How do we ensure network isolation?

Acquisition:

What do we do if the device is off?

What do we do if the device is on?

What do we do if it is PIN locked?

What do we do for backups?

Analysis:

Where do we look for data on Android? IOS? Feature Phones?

etc…

If the assignment was for a term paper about mobile forensics, this paper would be well-written and deserving of a high mark. However, the assignment is for a Standard Operating Procedure. An SOP should serve as a guide for an examination. It should tell the examiner what steps are expected for the lab. As of this moment, while much of the content is good, this paper does not meet the scope of the assignment.

This comment for the acquisition part (third page)>>

The information/content in this section is well presented and accurate. However, the format (throughout) is more typical of a term paper and not of an SOP. Please consider reformatting to provide steps which an examiner would take.

In other words, please answer the questions, for your lab, what procedures are taken in acquisition?

The purpose of a Standard Operating Procedure is to serve as a guide for an examiner. An example can be found here: https://www.swgde.org/documents/Current%20Documents/SWGDE%20QAM%20and%20SOP%20Manuals/SWGDE%20Model%20SOP%20for%20Computer%20Forensics

What about Backups? What about File System Acquisition?

When should I use what methodologies? Who is authorized to do what procedure? Is there required training or proficiency testing to do chip off? What are the procedures for the lab? If the device is on what type of acquisition should I do first? If the device is off what do I do first? Am I required to get each of the applicable image types? Do I image the SIM separate from the device? What about the SD card? When do I use write blockers?

If an examiner were to pick this document up, it would be informational; however, it does not provide a procedure for how to conduct examinations in your lab.

Lets spend some time on Monday night discussing format. While a great deal of your content is valuable, the format is not indicative of an SOP and does not provide a guideline for an examiner to use in a lab.

This comment for the beginning of page#6 >>

Are Chip-off and JTAG methods used in your lab? What are the requirements in your lab for personnel to do these types of extractions? Data owner permission? Does the device need to be returned in its original state?

Page#8 the Encase paragraph >>

These are traditional forensics tools and while they can be used, an examiner would be more well suited using tools specifically for mobile forensics.

Please think through some questions you would want to know if you were working in my lab on day one. Here are just some examples:

Seizure

How do we handle network isolation?

How do we document the scene – photography, chain of custody, etc?

How do we ensure network isolation?

Acquisition:

What do we do if the device is off?

What do we do if the device is on?

What do we do if it is PIN locked?

What do we do for backups?

Analysis:

Where do we look for data on Android? IOS? Feature Phones?

etc…

Leave a Comment

Your email address will not be published. Required fields are marked *