Performing Xbox Live Searches
Consoles today play an increasing part in even local police investigations across the country. Investigators can use a "capture rig" to record Xbox live chat for an investigation.
Forensic Examiners Need to Prepare for Android Devices Now
As a result of the Android's secure architecture, forensic examiners do not have a built-in mechanism we can use on the phone to extract core user data. Instead, new techniques must be developed which require some interaction with the device.
Maintaining Digital Evidence Chain of Custody
Maintaining digital evidence longevity entails more than keeping a true copy of a digital object over time. The true copy also must retain its unaltered content in an unbroken chain of custody that addresses data preservation and the accuracy, reliability, and durability of the hardware and software systems involved.
Why isn't RAM analysis part of every computer forensic investigation?
Any actively used information or data by a computer program or hardware device will run through the system's RAM at the time it is being used. So why is RAM analysis not a part of every computer forensic investigation? There are two main reasons.
Evidentiary Value of GPS Devices
Trackpoints are the Holy Grail in GPS forensics. Almost all GPS devices collect trackpoints but even without trackpoints, GPS devices still hold a significant amount of data.
Every Contact Leaves a Trace
Knowing where to look and understanding what can be retrieved to assist in a successful investigation is key to a case’s swift and reliable conclusion. It is for this reason that the mobile phone has become an integral part of any modern day investigation.
Catch an Intellectual Property Thief
When conducting a digital forensic investigation of intellectual property crimes, there are five things you should do.
Overcoming Challenges in the Cloud
Performing digital forensics in the cloud isn't necessarily a new discipline, but the task definitely requires a whole new mindset and some new skills from investigators.
It Is Necessary to Have Proper Legal Authority to Conduct a Forensic Examination of Cell Phones
Like computer evidence, it is necessary to have proper legal authority to conduct a forensic examination of cellular phones and handheld devices. Cell phones lawfully may be searched without a warrant only if the search is ‘substantially contemporaneous’ with the arrest.
5 Must-Have Skills for Fraud Examiners
Today's successful fraud examiners must understand the business, leverage technology, have versatile work experience, understand where the information resides, and possess international capabilities.
Data Reduction Software Accelerates Investigations
Data reduction—eliminating “known” files, such as operating system and application files, during an investigation—is a critical component of the computer forensics process.
What Evidence Needs to Be Collected?
When you are onsite to collect evidence it is better to collect more than what might be initially needed. The scope of the investigation could easily expand, and it is much harder to obtain network logs or computer artifacts that might have been overwritten.
Credibility on the Stand
There are two things an investigator can do to gain credibility in the courtroom: cross-validate the tools used and understand the evidence and how it was gathered.
Develop a Plan for Forensic Tool Validation
Developing the scope of your tool validation plan involves creating a protocol for testing by outlining the steps, tools, and requirements of such tools to be used during the test. This may include evaluation of multiple test scenarios for the same software or tool.
Use a Criminal's Tools Against Him
A database of SHA-1 hash values for known child pornography enables law enforcement to monitor Internet traffic for contraband. A suspect's use of client software like LimeWire makes the process of gathering evidence particularly straightforward.
It Is Infeasible to Alter A Hash Value to Hide It from an Examiner
It is infeasible, if not impossible, to create a hash value of a contraband image, and have a known hash set filter it out of a case, in an attempt to hide it from an examiner.
Executing a Warrant for Digital Evidence
There is no requirement or mention in the Federal Rules of Criminal Procedure regarding any time limits for the forensic examination of evidence. Investigators only have to execute (serve) the warrant within ten days after it is issued to avoid it becoming “stale.”
Checklists Are Invaluable to First Responders
Checklists are one of the most important things for first responders to have access to when responding to an incident. It can be easy to miss a step or remember a command incorrectly when under fire.
Test Your Tools
Tools and systems can become inaccurate or even fail with use. This is why forensic accreditations require practitioners across all forensic disciplines to perform some type of routine testing and calibration of the forensic tools and systems used for the capture and analysis of forensic evidence.
Triage Saves Time and Effort
The purpose of triage is not to conduct a full analysis. Gathering a little information from key data points early can lead to an accurate assessment of the situation without having to conduct laborious processes.
Are You Exceeding Your Authority?
Not only may information be stored outside your jurisdiction, but it may also be stored in another country altogether—one with different criminal and privacy laws. Accessing evidence of a crime in the United States may actually mean committing a crime in another country.
Check the System Clock
An interesting and useful way to determine if the system clock has been set back is to sort Event Log records.
There Are No Forensic Tools...
...There are only tools that forensic practitioners use in the course of gathering evidence and performing analysis.
Work Smart to Avoid Injury
By setting up your computer workstation optimally and paying attention to a few key elements of positioning and alignment we can greatly reduce our chance of an ergonomic injury such as carpal tunnel syndrome or repetitive stress injury.
Ethics in Digital Investigations
From an ethical and professional perspective, every examiner has the responsibility to not only examine the evidence for probative data, but should also provide potential exculpatory evidence to the prosecutor.