Tips
SUBSCRIBE TO FREE
DFI News EMAIL NEWSLETTER
Create Specific Procedures for Imaging and Storing Digital Evidence
August 22, 2012 8:00 pm | Articles | CommentsThe admissibility of potential probative data at trial is probably going to be based upon the successful creation of the initial forensic image, its digital authenticity, and its chain of custody (if appropriate).
Standardize Your Examination Reports
August 16, 2012 8:00 pm | Articles | CommentsAlthough not a legal document per se, reports do end up in court. Therefore, they need to be consistent in their format and grammatically correct. A poorly written report can have adverse effects regarding the testimony of the examiner and shed doubt upon the subsequent results of the examinations.
Evidence Collection: Computers, Components and Devices
August 9, 2012 8:00 pm | Articles | CommentsThe first responder must have proper authority—such as plain view observation, consent, or a court order—to search for and collect evidence at an electronic crime scene. After identifying the computer’s power status, follow the steps listed below for the situation most like your own:
Look for the 5-10 Documents that a Judge Would Want to See
August 1, 2012 8:00 pm | Articles | CommentsThe focus at the beginning of an investigation is on the actual facts of the case rather than simply looking at how much data you have. Investigators should look for those 5-10 pieces of evidence that are crucial to the investigation and can help them to determine whether or not to even proceed.
Take an Active Role When Working Cases with Attorneys
July 25, 2012 8:00 pm | Articles | CommentsYou can help attorneys meet their professional obligations by providing advice on the preliminary steps that need to be addressed to preserve electronically stored information.
Collecting Evidence from the Cloud
July 17, 2012 9:17 am | Articles | CommentsThe lack of control on the examiner's part makes collection the generally accepted problem with cloud-based evidence. Because the examiner has neither access to the physical hard drive nor control over the network, s/he will at most have access to the data through the end user's Web browser, or through a computer connected to the same network's access.
How to Collect Internet Evidence
July 11, 2012 8:00 pm | Articles | CommentsThe courts have generally accepted evidence collected from the Internet as long as its authenticity can be established. Commonly accepted digital forensic methodologies can all be used to identify a three-pronged approach to Internet forensics.
A Good Case Management Workflow Is Crucial for Website Capture
July 1, 2012 3:46 am | Articles | CommentsGood case management workflow for website capture should include researching the suspect company background and website, identifing necessary resources required for the project, initiating and executing the project, and reporting and testimony.
Regular Expressions Hold the Key to Faster and More Accurate Searches
June 27, 2012 2:40 pm | Articles | CommentsIn the world of digital forensics, the power to seek and find is key. These deceptively simple yet devilishly complex character patterns hold the key to a powerful process of searching and reporting.
Some Challenges to Preparing for Accreditation in Digital Forensics
June 21, 2012 8:00 pm | Articles | CommentsTo attain ASCLD/LAB – International accreditation, a laboratory must achieve 100% compliance with every applicable clause in the accreditation requirements. Often overlooked is the fact that just about every sentence or lists of items in the accreditation requirements are ratable clauses to which the laboratory must demonstrate conformance.
Gain Credibility in the Courtroom
June 14, 2012 8:00 pm | Articles | CommentsThere are two things an investigator can do to gain credibility in the courtroom. One is cross-validation of the tools used. The second is to make sure the investigator has a solid understanding of the evidence and how it was gathered.
Expert Report Writing: Know your Audience
June 7, 2012 8:00 pm | Articles | CommentsIn writing your report you need to keep in mind the likely reader or readers. If technical explanations are required, you need to provide interpretations of the technical matters in lay terms that all of the people reading your report can understand.
GPS Evidence
May 31, 2012 8:00 pm | Articles | CommentsWith GPS trackpoints, criminal acts can be pinpointed down to almost the exact second a crime was committed.
Investigating Social Networking Sites
May 24, 2012 8:00 pm | Articles | CommentsSocial networking sites are great for intelligence gathering on a target, if you are lucky enough to find the “correct” target on the site.
Expert Witnesses: Changes to the Federal Rules of Civil Procedure
May 17, 2012 8:00 pm | Articles | CommentsWhen serving as an expert in federal court, the most significant change is that an expert witness need not disclose prior versions of their report, or communications had with the hiring attorney about the report.
Google Analytics Cookies
May 10, 2012 8:00 pm | Articles | CommentsThe forensic implications of Google Analytics cookies are tremendous. Unlike HTTP cookies, GA cookies provide the forensic examiner with an extensive amount of data on the user of a particular Web browser.
iTunes Forensics
May 3, 2012 8:00 pm | Articles | CommentsDiscovery in the capability of iTunes and the interaction with P2P programs might indicate the user’s possible intent, or at least their knowledge, of sharing video files from the iTunes Library on a local network.
Expert Witness CV and Qualifications
April 26, 2012 8:00 pm | Articles | CommentsApart from the expert report, probably the most important document you are likely to create as an expert witness is your Curriculum Vitae or resume.
Digital Image Integrity
April 18, 2012 8:00 pm | Articles | CommentsWhat most agencies fail to realize is that the lack of SOPs involving digital image integrity and workflow means images submitted for court purposes may not survive if challenged by a knowledgeable attorney.
Regular Expressions: What They Are and Why You Need Them
April 11, 2012 8:00 pm | Articles | CommentsThe effective use of regular expressions might be the difference in solving a case. That is because regular expressions automate and streamline tasks that would take hours if not days to do.
Report Writing Guidelines: Break it Up
March 21, 2012 4:06 am | Articles | CommentsReports can get long and are often very detailed. Breaking the report up into sections allows the reader to zero in on the important points and navigate easily to other points as needed.
Performing Xbox Live Searches
January 18, 2012 8:42 am | Articles | CommentsConsoles today play an increasing part in even local police investigations across the country. Investigators can use a "capture rig" to record Xbox live chat for an investigation.
Prepare for Android Devices Now
December 26, 2011 5:28 am | Articles | CommentsAs a result of the Android's secure architecture, forensic examiners do not have a built-in mechanism we can use on the phone to extract core user data. Instead, new techniques must be developed which require some interaction with the device. There are four primary ways to approach forensics on an Android device.
Why isn't RAM analysis part of every computer forensic investigation?
November 16, 2011 7:00 pm | Articles | CommentsAny actively used information or data by a computer program or hardware device will run through the system's RAM at the time it is being used. So why is RAM analysis not a part of every computer forensic investigation? There are two main reasons.
Catch an Intellectual Property Thief
August 30, 2011 8:39 am | Articles | CommentsWhen conducting a digital forensic investigation of intellectual property crimes, there are five things you should do.
