Advertisement
Articles
Subscribe to DFI News

The Lead

Streamlining the Digital Forensic Workflow: Part 1

August 6, 2014 | by John J. Barbara | Digital Forensics Consulting, LLC | Comments

It has now reached the point that it is no longer practical for an examiner to forensically analyze each and every piece of evidence. Depending upon the alleged crime, often the incriminating evidence can be found in an e-mail, a document, the browser history, an SMS, or some other source. This leads to the obvious conclusion that examiners are going to need a new approach to streamline their workflow.

TOPICS:
View Sample

SUBSCRIBE TO FREE
DFI News
EMAIL NEWSLETTER

Digital forensic science is not a matter of recovering a file that proves   somebody’s guilt; it is about wading through hundreds of thousands, possibly   millions, of a wide variety of digital artifacts and making very pointed   critical judgments about

Find the Context

July 30, 2014 3:50 pm | Comments

Digital forensic science is not a matter of recovering a file that proves somebody’s guilt; it is about wading through hundreds of thousands, possibly millions, of a wide variety of digital artifacts and making very pointed critical judgments about which provide some sort of inculpatory or exculpatory evidence relevant to the case.

TOPICS:
Realistically, Live RAM analysis has its limitations, lots of them. Many types of artifacts stored in the computer’s volatile memory are ephemeral.

Limitations of Volatile Memory Analysis

July 25, 2014 8:51 am | Comments

Realistically, Live RAM analysis has its limitations, lots of them. Many types of artifacts stored in the computer’s volatile memory are ephemeral. While information about running processes will not disappear until they are finished, remnants of recent chats, communications, and other user activities may be overwritten with other content any moment the operating system demands yet another memory block.

TOPICS:

The Switch to Private Sector Digital Forensics

July 18, 2014 9:05 am | Comments

There is clearly a difference in the type of investigations and examinations being performed versus what are encountered in the public sector. The private sector examiner can be expected to provide evidence to private attorneys, corporations, private investigators, and corporate security departments.

TOPICS:
Advertisement

Data Storage Issues: Part 3

July 9, 2014 8:53 am | by John J. Barbara | Digital Forensics Consulting, LLC | Comments

The incredible amount of data being produced by individuals, industries, and governments continues to increase yearly along with the demand for greater archival storage capacities. Alternative storage technologies are already under development and they may eventually replace the conventional HDD for data storage.

TOPICS:
SSD drives employ a completely different way of storing information internally, which makes it much easier to destroy information and much more difficult to recover it.

SSD Evidence Issues

June 27, 2014 8:55 am | Comments

Solid-state drives represent a new storage technology. They operate much faster compared to traditional hard drives. SSD drives employ a completely different way of storing information internally, which makes it much easier to destroy information and much more difficult to recover it.

TOPICS:

Mobile Data Drives a Big Data World

June 25, 2014 8:27 am | by Lee Reiber | AccessData Group | Comments

Today’s world is becoming more and more mobile every day. In fact, 91% of all people own a mobile device and 56% own some type of smart device. It is no surprise that today there are more mobile devices on the earth than there are people! Equally impressive is that the amount of data we consume is becoming increasingly focused on mobile devices.

TOPICS:
Network investigations can be far more difficult than a typical computer examination

Network Investigations

June 19, 2014 12:16 pm | by Gary C. Kessler and Matt Fasulo | Comments

Network investigations can be far more difficult than a typical computer examination, even for an experienced digital forensics examiner, because there are many more events to assemble in order to understand the case and the tools do not do as much work for the examiner as traditional computer forensics tools.

TOPICS:

Tool Validation

June 13, 2014 8:25 am | Comments

The premise that an effective digital forensic examiner must be able to validate all of the tools that he or she uses is universally accepted in the digital forensic community. I have seen some less-educated members of the community champion a particularly insidious, and I will argue, invalid method of tool validation, often referred to as the two-tool validation method.

TOPICS:
Advertisement

Professional Ethics in the Digital Forensics Discipline: Part 2

June 11, 2014 8:33 am | by Sean Harrington | Comments

The digital forensics profession has endeavored to provide examiners with a framework within which the digital forensics examiner must not only recognize, classify, and manage ethical dilemmas, but also respect boundaries and honor obligations. This framework is the code of ethics. This article will continue the discussion from the last issue on the need for and contours of these codes.

TOPICS:

Do You Know Where Your Data Is?

June 6, 2014 8:12 am | by Gary Torgersen | Comments

The Bring Your Own Device (BYOD) phenomenon is affecting forensic data acquisition because it creates crossover between data that is controlled by an individual versus by a company. People are using their personal devices for work-related tasks because it can seem easier than trying to use typical work resources. 

TOPICS:

Skeletons in Your Client's "Digital Closet"

June 4, 2014 8:14 am | by Martin Siefert | Comments

Studies have shown that individuals are notoriously bad at remembering details about past events. Without replenishing or review of perceptions, neural traces in the brain degrade and information is lost. This article will examine how the use of digital forensics can aid the legal profession with fact finding to support or refute eye witness testimony involving details of events.  

TOPICS:

Heartbleed

June 3, 2014 10:35 am | by Rebecca Waters | Comments

By now most of you will have read about the Heartbleed bug, a major vulnerability in OpenSSL. Heartbleed results from improper input validation (due to a missing bounds check) in the implementation of the TLS heartbeat extension. Heartbleed presents an interesting forensic challenge because there is unlikely to be any indication that a data breach occurred.

TOPICS:

Book Excerpt: Social Media Investigation for Law Enforcement

June 3, 2014 9:02 am | by Joshua Brunty and Katherine Helenek | Comments

In order to effectively investigate crimes involving social media, it is imperative that law enforcement understand “how” social media is stored, “where” such information is stored and found, and “how” to obtain such information using forensically sound procedures. Social media requires a different mind-set to traditional investigative and current forensic methodologies. 

TOPICS:

Unsupported Smartphone Extractions

June 3, 2014 8:53 am | Comments

What happens when a smartphone is locked and unsupported by forensic tools? Flasher box, JTAG, or chip-off extraction methods become necessary. All three enable physical extraction — a logical examination cannot be performed on an unsupported locked device. However, even this capability can be limited.

TOPICS:

Boot Loaders Produce Forensic Soundness

May 30, 2014 8:34 am | Comments

Boot loaders are currently considered the most forensically sound physical extraction method. While they do involve loading a piece of code onto the device, this happens before the forensic tool accesses any evidentiary data.       

TOPICS:

Pages

X
You may login with either your assigned username or your e-mail address.
The password field is case sensitive.
Loading