Google Analytics Cookies and the Forensic Implications
This paper explores how a marketing tool can be used in forensic analysis. It offers an in-depth look at the internal workings of Google Analytics cookies, and compares and contrasts them with standard HTTP cookies. The focus then turns to the significant forensic implications of this often-overlooked artifact.
Cyberstalking and Law Enforcement: Part 2
A step by step guide to handling a cyberstalking investigation.
Cyberstalking and Law Enforcement: Part 1
Understanding the crime of cyberstalking will provide law enforcement with tools to serve their community in the new communication age.
iTunes Forensic Analysis: Part 2
The digital forensic community is receiving more criminal cases involving iTunes and other programs that support the Digital Audio Access Protocol where video files of suspected child pornography are shared across a local network. This article highlights investigations into these systems.
iTunes Forensic Analysis
A Practitioner’s Guide to locating fruits of a crime when explicit files are shared on a local network.
Scoping an Intrusion
The objective of this article is to illustrate all the different types of digital data that should be collected when searching a crime scene or the location of a computer intrusion. Each crime scene or intrusion is different and will pose different challenges.
The Impact of the Cloud on Digital Forensics: Part 1
With regard to digital forensics and the e-discovery process, the new cloud security perimeter stemming from the trend with which data is accessed via the internet and housed and consumed on multiple systems and devices internationally, will pose some serious challenges(legally and technically) that will complicate investigations.
Frosted Limes: The Unintended Consequences of Shutting Down LimeWire
Due in large part to Gnutella and LimeWire, the problem of child pornography has exploded in recent years. Here's a brief primer on how LimeWire works and its impact on child pornography investigations.
Live Forensics and the Cloud: Part 2
This article looks at identity within the cloud with regard to the issue of anonymous authentication and how it can impact a digital forensic investigation.
Live Forensics and the Cloud: Part 1
Recently we have seen an increased focus directed at the live forensics environment. As users rely more on mobile and other remote devices to access data on demand—data possibly held in some manner of cloud environment—investigators will have to adapt their mode of investigations to suit.
This Domain Name is Greek to Me: An Introduction to Internationalized Domain Names for Investigators
This May, four countries started registering domains under country code TLDs in their native scripts using Arabic or Cyrillic characters. For forensic investigators, this change will come with new challenges.
Multiplayer Game Forensics
There are currently over one hundred and fifty MMORPGs being played by millions of people throughout the world, and there are over one hundred new games currently in development for release over the next two years. That means that you will more than likely encounter this type of evidence in a case at some point. This step by step guide will help you get the information you need from game files.
To Catch a Child Predator
New techniques are emerging to help forensic analysts build cases against Internet child pornographers.
Collection of Evidence from the Internet: Part 2
The question for digital forensic examiners is not only how to collect and document information from the cloud, but also whether the same acquisition and documentation methodology used for internet evidence can be used in the collection, preservation, and presentation of cloud-based evidence.
Collection of Evidence from the Internet: Part 1
The prospect of trying to obtain legally defensible digital evidence from the Internet is headache-worthy to many—but not impossible. Rather than collect, examine, analyze, and report as computer forensic examiners do, investigators instead need to collect and preserve the evidence as found for later presentation.
Cloud Computing: Another Digital Forensic Challenge
Cloud computing provides scalable and virtualized computer related resources using the Internet. As one would expect, cloud computing raises some unique law enforcement concerns regarding the location of potential digital evidence, its preservation, and its subsequent forensic analysis.
Don’t Fool Yourself: Gangs Blog and Tweet Like We Do
In their online chat sessions, gang members discuss activities that include the planning and execution of crimes, drug cultivation and distribution, and the buying and selling of weapons. The social networking Web sites they visit glorify gang culture or promote their individual street gangs.
Web Capture, Part 2: Analyzing a Website for Legal Discovery
Website analysis, although under-utilized, can uncover valuable evidence during government investigations, civil and commercial litigation, and corporate investigations. Analysis falls into four categories.
Red Tape: Will Current Legislation Isolate Cloud Computing Data From The Forensic Gaze?
With the number of users utilizing cloud resources increasing exponentially, the reality that criminals will also form part of the cloud community could prove a difficult hurdle for forensic investigators. These problems are compounded by the need to gather evidence across state and international borders.
Forensically Sound Preservation and Processing of Exchange Databases
Exchange server repositories, including Exchange databases (EDB’s), STM’s, and log journals, are large and complex. Performing thorough ESI collection from Exchange is challenging. By using some new imaging tools, forensic investigators can bypass the limitations of ExMerge and get better search results including deleted messages.
Web Capture for Forensics: Part 1
Until recently, capturing a web site for litigation was not common computer forensic practice, but the necessity of capturing and preserving this highly dynamic data has increased along with the overall technical complexity of today’s lawsuits. This has spurred an ever-rising demand for forensic evidence relating to suspicious data from the web.
Cloud Computing: An Insight Into The Future
Cloud computing, considered by many commentators as the next epochal milestone in IT, is shifting the way that businesses and end-users access and use applications, and the way they store and retrieve their most precious commodity, data. Now, an answer to the pervasive questions: what is cloud computing, where is it going, and how will it affect digital forensics.
Cloning vs. Crawling in E-Discovery Processing
To avoid getting a case needlessly sidetracked by discovery disputes, organizations are evaluating the best way to preserve and produce information stored on electronic devices. As a result organizations are evolving from a traditional “crawl” method of finding evidence to a more efficient, comprehensive, and less expensive “cloning” process.