Recent Articles

September 23, 2014 6:15 am
Rebecca Waters
About a week before this issue went to press, we were treated to a veritable media frenzy surrounding the alleged hacking of iCloud and the news of hundreds of celebrity nude photos leaked. Every news outlet, it seemed, was ready to put forth its own “digital forensics expert”. Now as we prepare to send this page to the printer we are beginning to see the results of the real investigations into the incident.
September 23, 2014 5:37 am
Gary Torgersen
When it comes to metadata as part of a litigation strategy, we mostly see it used as supporting information about the data. It is unusual, but not unheard of, to see metadata used directly as evidence. That is likely to change as more people understand the role metadata can have in developing legal strategy. With proper forensic analysis, metadata can help highlight patterns, establish timelines, and point to gaps in the data.
September 23, 2014 5:30 am
Cindy Murphy
Malware is an important consideration for examiners working on traditional computer forensic cases. Malware can add complexity to a case, but in some instances, it actually can help investigators. Like any other piece of data, malware can be used as a clue within a forensic examination. 
September 23, 2014 5:24 am
John J. Barbara
Often an examiner will analyze all the digital media only to determine that the probative data was limited to a browser’s history file, an e-mail, a document, the mobile devices’ logs, or an inappropriate graphic video or picture. Finding the critical probative data faster in a cost effective manner while reducing or eliminating case backlogs is going to require a more efficient methodology.
September 19, 2014 10:00 am
One should not expect to find all user information sitting in the default folder or default location for a given type of file (e.g. Application Data or similar folder). Searching the entire hard disk is required in order to locate all unencrypted log and history files. 
September 12, 2014 8:50 am
NIJ
First responders must use caution when they seize electronic devices. Improperly accessing data stored on electronic devices may violate Federal laws, including the Electronic Communications Privacy Act of 1986 and the Privacy Protection Act of 1980. First responders may need to obtain additional legal authority before they proceed. 
September 5, 2014 12:14 pm
Over the years, cookies have been overlooked in forensic examinations. For the most part, cookies were used to show that a user account had accessed a website. Since no set structure for cookies existed, determining the content’s meaning was problematic. With the advent of Google Analytics (GA) cookies, that has changed.
Subscribe to DFI News