Recent Articles

October 23, 2014 8:00 pm
Cloud computing raises some unique law enforcement concerns regarding the location of potential digital evidence, its preservation, and its subsequent forensic analysis. Further forensic issues concern the potential effect the cloud services could have on the digital data itself and how the forensic examiner can explain all these indiscretions to the court.
October 15, 2014 8:47 am
Yuri Gubanov and Oleg Afonin
In 2012 we published an article called “Why SSD Drives Destroy Court Evidence, and What Can Be Done About It,” back then SSD self-corrosion, TRIM, and garbage collection were little known and poorly understood phenomena. In 2014, the situation looks different. We now know things about SSD drives that allow forensic specialists to obtain information from them despite the obstacles. 
October 1, 2014 8:26 am
Christa Miller
The United States Supreme Court’s ruling in Riley v. US may not have been much of a surprise to American law enforcement. Many agencies were already requiring officers to obtain search warrants before searching mobile devices. Ultimately, rather than limiting law enforcement, the Riley decision frees agencies to deploy mobile data extraction capabilities across a much wider field of officers.
September 23, 2014 8:27 am
Ronen Engler and Christa M. Miller
Boot loaders are currently considered the most forensically sound physical extraction method. While they do involve loading a piece of code onto the device, this happens before the forensic tool accesses any evidentiary data. That’s because they replace the device’s normal boot loader, or the first set of operations that kick off the phone’s startup process and hand off to the main controlling program, like the operating system.
September 23, 2014 8:22 am
Brett Shavers
A key factor in placing any person at the scene of a crime is obtaining evidence that can place an identified suspect as it relates to the scene of the crime. Previously discussed methods of physical surveillance and obtaining records are usually the best evidence of placing a suspect at a specific place and at a specific time, but as most investigations involve reacting to incidents, this may not be always possible.
September 23, 2014 8:18 am
Michael Barr
A surprisingly powerful and less costly binary analysis technique, which does not require reverse engineering, is a review of the character strings contained in the executable. These strings might include, in an ATM machine, words like “Please enter your 4-digit PIN."
September 23, 2014 8:13 am
Gary C. Kessler and Matt Fasulo
Because of the newness of network forensic activity, network examiners are often left to use existing and emerging tools that have not yet faced the challenge of being proven valid in court. In some respects, the presentation phase of a digital investigation is the most critical; regardless of what has been found, it is worthless if the information cannot be convincingly conveyed to a judge and jury.
September 23, 2014 8:09 am
Elaine M. Pagliaro
It goes without saying that the expert will understand the scientific basis of the testing that was done. However, even the most educated and experienced persons have gaps in their knowledge and experience. In most cases, what you don’t know will have no effect on the outcome of a trial.
September 23, 2014 6:15 am
Rebecca Waters
About a week before this issue went to press, we were treated to a veritable media frenzy surrounding the alleged hacking of iCloud and the news of hundreds of celebrity nude photos leaked. Every news outlet, it seemed, was ready to put forth its own “digital forensics expert”. Now as we prepare to send this page to the printer we are beginning to see the results of the real investigations into the incident.
September 23, 2014 6:12 am
John J. Barbara
Future data storage needs for businesses, corporations, and governments are going to far exceed the ability of current technology to provide those storage devices. Obviously, without major technological advancements, the cost of future data storage could be unprecedented. There are however, a number of technologies under development which may eventually be able to store vast amounts of information, far exceeding today’s devices.
Subscribe to DFI News