September 12, 2014 8:50 am
First responders must use caution when they seize electronic devices. Improperly accessing data stored on electronic devices may violate Federal laws, including the Electronic Communications Privacy Act of 1986 and the Privacy Protection Act of 1980. First responders may need to obtain additional legal authority before they proceed.
September 5, 2014 12:14 pm
Over the years, cookies have been overlooked in forensic examinations. For the most part, cookies were used to show that a user account had accessed a website. Since no set structure for cookies existed, determining the content’s meaning was problematic. With the advent of Google Analytics (GA) cookies, that has changed.
August 21, 2014 4:01 pm
One important basic concept to grasp is working with character classes, or sets. A character class performs a search and matches only one character out of a choice of several.
August 15, 2014 8:52 am
Triaging a computer can be a methodology to avoid many issues inherent with “pulling the plug.” For instance, capturing the system volatile information can very quickly provide investigators valuable information.
August 6, 2014 10:59 am
It has now reached the point that it is no longer practical for an examiner to forensically analyze each and every piece of evidence. Depending upon the alleged crime, often the incriminating evidence can be found in an e-mail, a document, the browser history, an SMS, or some other source. This leads to the obvious conclusion that examiners are going to need a new approach to streamline their workflow.
July 30, 2014 3:50 pm
Digital forensic science is not a matter of recovering a file that proves somebody’s guilt; it is about wading through hundreds of thousands, possibly millions, of a wide variety of digital artifacts and making very pointed critical judgments about which provide some sort of inculpatory or exculpatory evidence relevant to the case.
July 25, 2014 8:51 am
Realistically, Live RAM analysis has its limitations, lots of them. Many types of artifacts stored in the computer’s volatile memory are ephemeral. While information about running processes will not disappear until they are finished, remnants of recent chats, communications, and other user activities may be overwritten with other content any moment the operating system demands yet another memory block.