Digital Forensics

Mozilla Firefox Forensics: Part 4
By John J. Barbara

Firefox (version 16.0.2) typically includes twelve SQLite databases, each of which performs a different function such as to store bookmarks, cookies, places visited, searches, and so forth.


Mozilla Firefox Forensics: Part 3
By John J. Barbara

The majority of potential forensic information from Firefox does not reside in the Windows Registry, but rather in two directories located in the individual User account(s).


A Bit About Taking a Byte Out of Digital Forensics Laboratories
By Susan Halla

Combating cybercrime is the purview of the digital forensics laboratory—a relative newcomer on the forensic scene. What are the requirements for designing laboratory spaces that best support this ever changing section?


Mozilla Firefox Forensics: Part 2
By John J. Barbara

The most prevalent software applications in use today are probably Web browsers. Although browsers are complex software applications, they have common functionality regarding their main components.


Social Media and the Changing Role of Investigators
By Benjamin Wright

Investigative methods when collecting evidence from social media vary substantially from traditional digital forensic techniques creating new legal and procedural challenges.


Windows 7 Registry Forensics: Part 7
By John J. Barbara

Security Identifiers (SIDs) are unique alphanumeric character strings of variable length that are assigned during the log-on-process to each user on a stand-alone system or to each user, group, and computer on a domain-controlled network.


Product Insight: Mobile Forensics Fights to Stay Ahead
By Tim Studt

Law enforcement groups are staying ahead of criminals’ ability to conceal information with the use of new data extraction tools.


Windows 7 Registry Forensics: Part 6
By John J. Barbara

Registry Keys track each mounted volume and assigned drive letter used by the NTFS file system. Information concerning any external devices that had previously been attached to the system will be recorded in certain Registry Keys.


Windows 7 Registry Forensics: Part 5
By John J. Barbara

Artifacts are items of data or information left behind after a specific activity occurs on a system. Any USB device attached to a system will leave artifacts in several locations.


Windows 7 Registry Forensics: Part 4
By John J. Barbara

There are several techniques that can be used to examine the Registry, each of which has its own merits.


Windows 7 Registry Forensics: Part 3
By John J. Barbara

A typical Windows 7 Registry consists of at least five Hives, each of which performs a different function.


Windows 7 Registry Forensics: Part 2
By John J. Barbara

Many forensic examiners are not familiar with the Registry or its forensic importance. One way to gain first-hand knowledge is to explore the Registry on a live, non-forensic computer.


CSI Cell Phone
By Douglas Page

Mobile device forensics forecast: continued oscillation, chance of cloud computing.


The Digital Forensics Cyber Exchange Principle
By Ken Zatyko, Dr. John Bay

Its application to cyber crime brings a new and exciting dimension to the famous Locard Exchange Principle.


Windows 7 Registry Forensics: Part 1
By John J. Barbara

While the Windows Registry is forensically important, frequently it is not captured during the triage of a live system. Similarly, it is often overlooked during post-mortem examinations.


Book Review: The Software IP Detective’s Handbook
By John J. Barbara

The primary focus of this book is software Intellectual Property, its authorship and ownership, and the not so commonly known field of Software Forensics.


SIM Forensics: Part 3
By John J. Barbara

Analyzing a SIM card can provide the geographical location(s) where the SIM card, the phone, and the owner of the phone (suspect) may have been.


Sim Forensics: Part 2
By John J. Barbara

Although a thorough discussion of all the potential evidence that could be on a SIM card is beyond the scope of this column, some of that information will be discussed in this and a future column.


SIM Forensics: Part 1
By John J. Barbara

SIMs are found in GSM, iDEN, and Blackberry handsets. Under the GSM framework, a cell phone is termed a Mobile Station, consisting of a SIM card and a handset. From an investigative perspective, one useful feature of a SIM card is that it can be moved from one GSM compatible phone to another.


Enhancing Investigations with GPS Evidence
By Ben LeMere

The value of collecting evidence from GPS devices has been well established over the last several years. Most investigators think in terms of being able to obtain GPS evidence in the form of the “breadcrumb trail” known as trackpoints, but much more data is available from these devices.


Understanding The World of Cellular Telephones: Part 3
By John J. Barbara

Cell phones can and do store data or information that the user may not be aware of. It should come as no surprise that this can provide a tremendous amount of potential probative information (evidence) to investigators.


Understanding the World of Cellular Telephones: Part 2
By John J. Barbara

Familiarity with the five main cell phone operating systems can aid your investigation.


Digital Forensics: Architectural and Engineering Facility Design Requirements
By Michael Mount, Adam Denmark

A fully equipped digital forensics laboratory contains numerous specialty spaces, each with its own unique and specific architectural/engineering design issues that must be addressed.


Solving Cases with Technology: Voice Stress Analysis
By Brad Schlerf

The purpose of this article is to educate you about Voice Stress Analysis, a forensic tool that can be used to determine whether someone is telling the truth or being deceptive.


Understanding the World of Cellular Telephones: Part 1
By John J. Barbara

Telephone technology has evolved by leaps and bounds. It is important to understand some of the key terminology used when discussing cellular phones and other mobile devices.