Sunday, October 20, 2013

Network Topology Configurations for Security Onion

Occasionally questions are asked on the Security Onion (SO) mailing list about physical and virtual network configurations for getting network traffic into SO.  These questions often have nothing to do with SO itself and everything to do with network architecture issues, such as sensor and tap placement, switch configuration, and virtualization software configuration.

Here is a paper I originally wrote back in April for the Security Onion mailing list to address these issues.  It would probably be better as a blog post, but it's a little long for that and transferring the graphics from Word to the blog is a bit of a pain, so I'm leaving it PDF format for now.  If anyone spots any errors or finds anything that isn't clear, let me know and I will update the document.

Network Topology Configurations for Security Onion

Sunday, October 13, 2013

Admissibility of Digital Evidence in Virginia

Here is a paper I wrote for Champlain College's "Practice of Digital Investigations" course as a part of the M.S. in Digital Forensic Science curriculum.  The assignment was as follows:
Prepare a report identifying the requirements for having digital evidence accepted in a criminal or civil court within your jurisdiction. You should identify relevant state and federal legislation, and court rules or instructions. Your report should include the requirements for presenting expert evidence, this includes any federal or state rules of evidence that apply to expert testimony.
Your answer should be approximately 2500 words. You may choose to focus on civil or criminal cases.
This was quite a learning experience for me since I have no background in court proceedings or law enforcement.  Before researching this topic, I assumed there were specific rules governing digital evidence as opposed to physical evidence, which I found was quite a faulty assumption.

Admissibility of Digital Evidence in Courts of the Commonwealth of Virginia