Recent Articles

September 23, 2014 5:37 am
Gary Torgersen
When it comes to metadata as part of a litigation strategy, we mostly see it used as supporting information about the data. It is unusual, but not unheard of, to see metadata used directly as evidence. That is likely to change as more people understand the role metadata can have in developing legal strategy. With proper forensic analysis, metadata can help highlight patterns, establish timelines, and point to gaps in the data.
September 23, 2014 5:30 am
Cindy Murphy
Malware is an important consideration for examiners working on traditional computer forensic cases. Malware can add complexity to a case, but in some instances, it actually can help investigators. Like any other piece of data, malware can be used as a clue within a forensic examination. 
September 19, 2014 10:00 am
One should not expect to find all user information sitting in the default folder or default location for a given type of file (e.g. Application Data or similar folder). Searching the entire hard disk is required in order to locate all unencrypted log and history files. 
September 12, 2014 8:50 am
NIJ
First responders must use caution when they seize electronic devices. Improperly accessing data stored on electronic devices may violate Federal laws, including the Electronic Communications Privacy Act of 1986 and the Privacy Protection Act of 1980. First responders may need to obtain additional legal authority before they proceed. 
September 5, 2014 12:14 pm
Over the years, cookies have been overlooked in forensic examinations. For the most part, cookies were used to show that a user account had accessed a website. Since no set structure for cookies existed, determining the content’s meaning was problematic. With the advent of Google Analytics (GA) cookies, that has changed.
August 21, 2014 4:01 pm
One important basic concept to grasp is working with character classes, or sets. A character class performs a search and matches only one character out of a choice of several.                     
August 15, 2014 8:52 am
Triaging a computer can be a methodology to avoid many issues inherent with “pulling the plug.” For instance, capturing the system volatile information can very quickly provide investigators valuable information.           
August 6, 2014 10:59 am
John J. Barbara
It has now reached the point that it is no longer practical for an examiner to forensically analyze each and every piece of evidence. Depending upon the alleged crime, often the incriminating evidence can be found in an e-mail, a document, the browser history, an SMS, or some other source. This leads to the obvious conclusion that examiners are going to need a new approach to streamline their workflow.
Subscribe to DFI News