Articles

Overcoming Potential Legal Challenges to the Authentication of Social Media Evidence

By John Patzakis1 Summary: Social media evidence is highly relevant to most legal disputes and broadly discoverable, but challenges lie in evidentiary authentication without best practices technology and processes. This whitepaper examines these challenges faced by eDiscovery practitioners and investigators

Dealing with Data Encryption in Criminal Cases

Introduction Over the last several years, I’ve posted a handful of short blog entries about the topic of compelling a criminal defendant to surrender a passphrase to an encrypted volume or hard-drive.  These entries concern the three cases of re

AccessData FTK 4.0: initial impressions

Introduction In this post, I will provide some initial impressions and findings.  I do not  endeavor to write a white paper, or to employ an industry standard, scientific methodology to evaluating the tool (if for no other reason than because

Firefox Cache Format and Extraction

Introduction In the forensic lab where I work, we frequently investigate malware-infected workstations.  As our user population started shifting from Internet Explorer to Firefox, we observed that one of our favorite forensic tools, Kristinn Gudjonsson’s log2timeline, wasn’t able to provide

Android Tracking – from a forensic point of view

– Introduction – In my last article on iPhoneTracking, I tried to explain Apple’s crowd-sourced location based service. Obviously Android has to do something similar to provide a good user experience using location based services… Also back in April 2011

The Data Specimen is the Blood of Cyber Forensics

At first glance, one would assume that the only common thread that runs between a forensic lab that analyzes blood samples, fingerprints and DNA evidence, and a Cyber forensic lab that analyzes data is that both processes verify the facts

Forensic Imaging of Hard Disk Drives- What we thought we knew

By Todd G. Shipley and Bryan Door (A complete copy of this white paper and its figures and diagrams can be found at www.nfdrtc.net). WHAT WE HAVE BEEN TAUGHT Imaging of hard drives has been the main stay of the

Can Your Digital Images Withstand A Court Challenge?

The term “digital” in law enforcement is almost immediately associated with digital forensics, i.e.; computer crimes, cyber terrorism, child porn on computer hard drives, and other areas that require special training, expertise, and equipment to investigate these types of digital

Review: Proof Finder by Nuix

Reviewed by Jonathan Krause of Forensic Control Well, this is an interesting proposition. Early last December Nuix, the respected producers of eDiscovery software, released an intriguing, and as far as I know in this sector, unique, application. Called Proof Finder,

Forensic Toolkit v3 Tips and Tricks ― Not on a Budget

A couple of weeks ago, Brian Glass posted a very helpful comment, Forensic Toolkit v3 Tips and Tricks — on a Budget.  His comment focused on how to “get close to SSD performance on the cheap” and he discussed the

iPhone Tracking – from a forensic point of view

– Introduction – iPhoneTracking is sexy!!! Every mobile forensic suite, at least the ones dealing with iPhones, are providing it proudly. iPhoneTracking also has been a hot topic in the media all around the globe. People stated, that there is

Android Forensics Study of Password and Pattern Lock Protection

Let’s see what Pattern Lock is, how to access, determine or even get rid of it? We’ll also speak about Password Lock Protection and find out what it has in common with Pattern Lock. And finally we’ll try to understand