January 21, 2014 7:10 pm
There are three essential tasks that an examiner performs during the analysis of evidentiary digital media: (1) creation of a forensic image; (2) creation of a forensic archive from the forensic image; and (3) exporting potential probative digital data related to the investigation.
January 16, 2014 6:46 pm
Good case management workflow for website capture should include researching the suspect company background and website, identifing necessary resources required for the project, initiating and executing the project, and reporting and testimony.
January 14, 2014 4:46 pm
The fundamental tenets of an investigation remain consistent regardless of the domain being examined. Network forensics provides even greater evidence collection potential, but introduces some unique challenges that an investigator must understand and address to provide meaningful findings.
February 7, 2014 10:10 am
Prepaid phones have been a problem for some time, and continue to be a problem for law enforcement in particular. That’s because the disabled data port on these devices cannot be enabled, and vendors don’t make the devices’ APIs available to commercial forensic extraction tools’ developers.
February 5, 2014 4:59 am
The way in which an SSD stores data is totally different from how data is stored on a traditional hard drive. To fully comprehend how an SSD functions and provide insight into their forensic examination, it is necessary to understand SSD terminology.
February 23, 2014 11:51 pm
When you hear about recent organizations who have achieved ASCLD/LAB accreditation, you may not expect to hear Wal-mart Stores, Inc. named. Ken Mohr, a principal at Crime Lab Design, heard about the project Larry Depew and his company, Digital Forensics.US, LLC was doing with Walmart’s E-Discovery and Forensic Services Laboratory and wanted to learn more about the trend for convergence of E-Discovery and digital forensic services.
February 23, 2014 11:41 pm
Source code and text comparison is an established, well-known analysis technique. Using a program capable of simply listing file A in the left window and file B in the right window and highlighting the differences between each and every line, preferably in a different color, is frequently an easy way to detect copied text. Some of the more advanced analysis utilities can also compare, merge, and synchronize files and directories.
February 21, 2014 9:44 am
It is very important that the digital evidence be preserved from the time of seizure until it is presented as evidence in court. If evidence is suspected of being tampered with, it could be ruled as inadmissible in court. Therefore, it is important for CCEs to preserve digital evidence by using a Faraday bag and noting its usage on the chain of evidence form.
February 19, 2014 4:44 am
Too often smartphone devices are overlooked as investigators focus solely on computer hard drives. As the mobile device market continues to grow and evolve, an investigator’s task of uncovering evidence will be that much harder. Staying current through education and hands-on training courses is cruicial.
February 11, 2014 4:38 pm
One of the greatest mistakes that can be made is to look at any digital evidence in isolation without properly considering all of the processes, inputs, and outputs that can impact the interpretation. Accordingly, I believe examiners should insist upon unfettered access not only to the media, but also to the court filings and related discovery.