±Partners and Sponsors

±Your Account


Nickname
Password


Forgotten password/username?


Membership:
New Today: 0
New Yesterday: 2
Overall: 26229
Visitors: 52

±Forensics Europe Expo


±Follow Forensic Focus

Join our LinkedIn group

Subscribe to news

Subscribe to forums

Subscribe to blog

Subscribe to tweets

Page 3

Search on This Topic: Links

[ Go to Home | Select a New Topic ]

Making E-discovery work for legal eagles

Tuesday, April 24, 2012 (08:48:10)
There is little argument that cloud computing and software-as-a-service (SaaS) platforms have created a paradigm shift in enterprise technology and IT as a whole. Companies of all sizes – both public and private – seeking to reduce storage costs, improve overall efficiency and integration with partners, are increasingly turning to the cloud to house information and run essential business functions remotely...Accordingly for legal professionals, these questions loom: How have SaaS-based platforms historically impacted the legal market and specifically e-discovery practices? How will cloud-based applications impact corporate legal departments and their outside counsel in the future?

More (Technology Spectator)
  • Posted by: jamie
  • Topic: Links
  • Score: 0 / 5
  • (728 reads)

Overcoming Legal Challenges to the Authentication of Social Media Evidence

Tuesday, April 03, 2012 (11:00:06)
Social media evidence is highly relevant to most legal disputes and broadly discoverable, but challenges lie in evidentiary authentication without best practices technology and processes. This whitepaper examines these challenges faced by eDiscovery practitioners and investigators and illustrates best practices for collection, preservation, search and production of social media data. Also highlighted in this paper are examples of numerous unique metadata fields for individual social media items that provide important information to establish authenticity, if properly collected and preserved...

Read more
  • Posted by: jamie
  • Topic: Links
  • Score: 0 / 5
  • (902 reads)

Dealing with Data Encryption in Criminal Cases

Tuesday, March 27, 2012 (12:48:48)
Over the last several years, I’ve posted a handful of short blog entries about the topic of compelling a criminal defendant to surrender a passphrase to an encrypted volume or hard-drive. These entries concern the three cases of re Grand Jury Subpoena Duces Tecum Dated March 25, 2011, United States v. Fricosu, (D.Colo, 2012), and In re Grand Jury Subpoena (Boucher), 2009 U.S. Dist. Lexis 13006 (D. Vt., 2009). I have developed the opinion —admittedly, more on hunch than scholarly research— that a defendant should not be able to knowingly withhold a passphrase or password to an evidence trove any more than he should be permitted to hang on to a physical key that could be used to open a safe that the Government has a valid warrant to search, and which is believed to contain evidence. Unfortunately, I have found myself on the wrong side of this issue...

Read more
  • Posted by: jamie
  • Topic: Links
  • Score: 0 / 5
  • (1269 reads)

AccessData FTK 4.0: initial impressions

Wednesday, March 21, 2012 (11:38:15)
In this post, I will provide some initial impressions and findings. I do not endeavor to write a white paper, or to employ an industry standard, scientific methodology to evaluating the tool (if for no other reason than because I am constrained by time). First, I note that it appears that no one has been able to get FTK to work with PostgreSQL, leading me to conclude that the product was shipped without being tested in this regard. (If a reader has been able to get it working, I encourage you to post a comment here). I was not able to get it to work, and I wasted two valuable —otherwise billable— days I had set aside for a client, only to make this discovery...

Read more
  • Posted by: jamie
  • Topic: Links
  • Score: 0 / 5
  • (1524 reads)

Firefox Cache Format and Extraction

Tuesday, March 20, 2012 (15:16:04)
In the forensic lab where I work, we frequently investigate malware-infected workstations. As our user population started shifting from Internet Explorer to Firefox, we observed that one of our favorite forensic tools, Kristinn Gudjonsson’s log2timeline, wasn’t able to provide as much data for Firefox as it was for IE. The missing component was cache data; log2timeline was capable of parsing IE cache but not Firefox. In order to fix this deficit and contribute to log2timeline, I decided to write a log2timeline module for the Firefox cache. During the course of writing that module (ff_cache.pm – available in log2timeline 0.62), I researched how the Firefox cache works, wrote a tool to extract data from it (ff_cache_find), and learned traits of Firefox that have implications for forensic acquisition and analysis...

Read more
  • Posted by: jamie
  • Topic: Links
  • Score: 0 / 5
  • (1000 reads)