Cheri D. Carr Assistant Director, Digital Forensics Cheri D. Carr conducts digital forensic acquisitions, examinations, analyses, preservations, and electronic discovery productions on laptops, desktops, servers, file and e-mail servers, backup tapes, personal digital assistants (PDAs), cellular telephones, and removable media for civil litigations, criminal matters, internal investigations, and computer-incident response efforts. A federal law-enforcement trained professional with 10 years of experience in computer forensic technology, she has conducted a wide range of computer-security reviews and written customized Perl scripts to automate forensic- and electronic-discovery processes. Recent casework has included: The successful preservation and analysis of the network security logs of a multi-media global corporation to determine the source, duration, and extent of a compromised FTP server; analysis led back to the home of a disgruntled former employee, who confessed to tampering with the system; determined that corporation did not have to report intrusion because database of customer information on servers had not been touched. The successful forensic analysis of a laptop computer to establish that a female employee of a publishing company had anonymously harassed corporate employees spouses over the Internet; found evidence that female employee s work computer had the user name and account number for the source of incriminating e-mails alluding to the infidelity of her employees to their spouses. The successful analysis of a crashed file server in which it was determined that the covert compromise of the server, and its subsequent use by hundreds of unauthorized users as an Internet Relay Chat (IRC) server (whereby hackers find the machine exploitable and use its storage, processing power, and network bandwidth to host their own services), may have facilitated the crash. Based on the condition of the server, and its compromise by multiple hackers over a period of years, informed corporation that it was impossible to determine when server had first been compromised or if a former employee had intentionally caused the server to crash and interrupt corporate e-mail and business. The preservation and harvesting of 65 computer users data from desktops, laptops, servers, and PDAs located in six U.S. cities for law firm accused of misrepresentation by client in landmark case; hired by law firm to conduct a simultaneous deployment to all offices to copy all of custodian s documents for analysis in a preservation that would be unimpeachable. Prior to joining Stroz Friedberg, Ms. Carr was the Principal Consultant at Veridicus Software in Aurora, CO. Previously, as the Manager, Forensic Technology Services, in Denver, CO, she was instrumental in developing and executing an investigative plan in an earnings management investigation of Halliburton, which spanned four countries and 100+ employees, Ms. Carr also created bit-image copies of hard drives to tape for evidence preservation and provided cursory review for numerous cases, including alleged Ponzi schemes, financial fraud, environmental pollution, and internal KPMG investigations. In her five years of employment with the Office of Inspector General (OIG), NASA; the Air Force Office of Special Investigations (OSI); and the Department of Defense (DOD) Computer Forensics Lab, Ms. Carr s casework included: The configuration, installation, and review of logs from intrusion-detection systems to identify unauthorized access to NASA systems, and the tracking of intruders for prosecution. The building and deployment of Intrusion Detection Systems to all NASA centers nationwide. The secure analysis of data from Intrusion Detection Systems at U.S. Air Force bases and educational institutions world. The development and implementation of procedures to locate AWOL military personnel via the Internet, leading to numerous investigative leads in locating the Top 10 Missing Military Persons. The analysis of electronic media from an attack on the Pentagon computer systems, resulting in $80,000 in damage. The re-creation of deleted files from electronic evidence in support of a joint investigation by the FBI and the Defense Criminal Investigative Service (DCIS) of a CIA employee assigned to the National Reconnaissance Office (NRO), resulting in his conviction for financial conflict and possession of child pornography. The successful analysis of electronic media supporting a Department of Defense (DOD)/Office of Inspector General (OIG) investigation into the missing U.S. Central Command logs maintained during the Persian Gulf War; recovered evidence resulted in the prosecution of a U.S. Army office for theft of classified material. The recovery and analysis of electronic data from Linda Tripp s computer system in support of the Monica Lewinsky investigation by Kenneth Starr s Office of Independent Counsel during the Presidency of Bill Clinton.. Ms. Carr graduated summa cum laude with a B.S. in Computer Information Systems from Strayer University and has an A.A.S. in Computer Science Technology from the Community College of the Air Force. Ms. Carr is well-versed in a variety of software engineering principles, including the software development life cycle, modularity, version control, reliability, and standard testing and debugging techniques. She also is knowledgeable about structured and object-oriented programming, algorithm design, data structures, control structures, program logic, and data-flow diagrams. Ms. Carr has completed the EnCase Advanced Computer Forensics training course in computer forensics and attends weekly in-house training seminars on digital forensics, cyber-crime response, computer security, desktop and network forensic tools, and relevant legal topics at Stroz Friedberg. She is EnCE certified, SCERS (Seized Computer Evidence Recovery Specialist) certified and received Evidence Custodian Training from the Air Force OSI. In addition, Ms. Carr is a qualified expert witness in computer forensics. Throughout her professional career, she has taught digital-evidence preservation and analysis techniques at several law enforcement agencies, including the Defense Criminal Investigative Service (DCIS), the High-Technology Crime Investigation Association (HTCIA) and Regional Computer Forensics Group (RCFG) at George Mason University (GMU) 2000 Symposium, the National Defense University, and the Canadian Police College. Ms. Carr is the co-author of the NIJ Electronic Crime Scene Investigation: A Guide for First Responders (U.S. Department of Justice, Office of Justice Programs, 2001) and the author of Guide to Processing Electronic Evidence on the Commodor 64 (U.S.A.F., 1997). |