I have the XLS allocated files and the unallocated files from the Firefox history.
Sorry, I don't understand. Do you mean you have a spreadsheet listing? Or do you have the actual artifacts – the native files – exported from the hard drive image in a forensically sound manner (e.g., preserving metadata)?
Sorry for the confusion.
My understanding from the forensic examiner who produced the xls {spreadsheet} files is they were decoded from data using a perl software program.
Keith
Yes,
But the data is held as evidence by the computer crimes department and they want to charge $20,000 to scrub the data so that personal information is not released. So I can request specific files, their reports, etc. but not raw data from the complete files. {see earlier post about cost of receiving data}.
Keith
Look, you posted how
created, from some DATA that you had, through a Perl script, that you completely failed to describe properly, a .xls spreadsheet
The google search was made with a firefox browser.
Idecoded the Firefox history file into xls files using a Perl script written by a one-time employee of Netscape (pre-cursor to Firefox). The time stamp for the google search was Noon, which is 1 hour later than the time the other forensic expert said the search was done.
I have UTC and local time in the xls decoded data. I believe I can find out if those times were synced to the server.
The developer of the software "Cacheback" did a report and concluded the time for the google search was noon.
You should then have ALREADY in your possession AT LEAST
- the DATA (Firefox history file)
- the Perl script
- the report of "the unnamed Author of the software Cacheback"
Now, if you share EACH and EVERY piece of information that you have, maybe someone will take the time to review those info, but I doubt that anyone will even attempt to help you with partial, confused, contradictory, vague data.
This request
Provide some more data and a link to the Perl script you used.
Describe EXACTLY how you ran the script, on which system, on which date, and which settings has/had the computer you ran the script on.
was made 4 days ago in order to try and help you.
You ignored it at the time, you are ignoring it now, maybe you don't really want to be helped.
jaclaz
I have written up a summary of the issues I am facing in researching a criminal case where two court appointed computer forensic experts have conflicting reports about the time that a pivotal Google search was made.
The time difference between the two experts is significant for the murder case, because one conclusion points toward an unindicted person, and the other conclusion points toward the accused. The difference in times is precisely one hour.
I have published the summary and also the computer crimes Case Report at the links below. The computer crimes department seized the computer and generated their Case Report using NetAnalysis software.
My summary of the details and issues for the case is at
https://
The computer crimes Case Report is at
https://
I am sure there is a way to resolve the conflicting forensic differences concerning the time stamp of the Google search, and in the event, reintroduce certainty into the high quality product of computer forensic science.
I need some help. Thanks
Keith
I have written up a summary of the issues I am facing in researching a criminal case where two court appointed computer forensic experts have conflicting reports about the time that a pivotal Google search was made.
And, STILL, you fail to provide
- the EXACT Perl script that was run on the DATA
- the actual DATA that was processed by that UNreferenced properly Perl script
- the actual .xls result of the running of the UNknown Perl script on the UNknown data
The "prosecution report" that you provided does NOT contain the word "Google", nor the word "Cacheback".
WHERE is the report that you describe here?
As it develops, the computer crimes department hired an independent forensic examiner to look at a separate Google search made a few weeks earlier that same year, and his software {Cacheback} generated a one hour time stamp error for that earlier search, plus numerous other serious errors. Law enforcement had to admit these errors and the software developer had to amend his software program.
Any evidence that the software Cacheback actually produced such a timing error AND that was later changed, specifically for this issue?
WHICH EXACT version of Cacheback were used/changed?
JFYI
http//
http//
http//
Just in case of need (generic guidelines)
http//
A problem report that doesn't answer all of these questions is incomplete, and contains insufficient information for diagnosis and prescription of a remedy. If you don't supply this information right at the start, you'll waste yours and others' time, and delay the actual remedy to your problem, by forcing everyone to spend one or more rounds of communication back and forth simply trying to wring the relevant information out of you.
….
Also note that problem reports that you deliberately distort will yield an incorrect diagnosis and very probably an ineffective remedy.
jaclaz