Firefox (version 16.0.2) typically includes twelve SQLite databases, each of which performs a different function such as to store bookmarks, cookies, places visited, searches, and so forth.
The majority of potential forensic information from Firefox does not reside in the Windows Registry, but rather in two directories located in the individual User account(s).
Combating cybercrime is the purview of the digital forensics laboratory—a relative newcomer on the forensic scene. What are the requirements for designing laboratory spaces that best support this ever changing section?
The most prevalent software applications in use today are probably Web browsers. Although browsers are complex software applications, they have common functionality regarding their main components.
Investigative methods when collecting evidence from social media vary substantially from traditional digital forensic techniques creating new legal and procedural challenges.
Security Identifiers (SIDs) are unique alphanumeric character strings of variable length that are assigned during the log-on-process to each user on a stand-alone system or to each user, group, and computer on a domain-controlled network.
Law enforcement groups are staying ahead of criminals’ ability to conceal information with the use of new data extraction tools.
Registry Keys track each mounted volume and assigned drive letter used by the NTFS file system. Information concerning any external devices that had previously been attached to the system will be recorded in certain Registry Keys.
Artifacts are items of data or information left behind after a specific activity occurs on a system. Any USB device attached to a system will leave artifacts in several locations.
There are several techniques that can be used to examine the Registry, each of which has its own merits.
A typical Windows 7 Registry consists of at least five Hives, each of which performs a different function.
Many forensic examiners are not familiar with the Registry or its forensic importance. One way to gain first-hand knowledge is to explore the Registry on a live, non-forensic computer.
Mobile device forensics forecast: continued oscillation, chance of cloud computing.
Its application to cyber crime brings a new and exciting dimension to the famous Locard Exchange Principle.
While the Windows Registry is forensically important, frequently it is not captured during the triage of a live system. Similarly, it is often overlooked during post-mortem examinations.
The primary focus of this book is software Intellectual Property, its authorship and ownership, and the not so commonly known field of Software Forensics.
Analyzing a SIM card can provide the geographical location(s) where the SIM card, the phone, and the owner of the phone (suspect) may have been.
Although a thorough discussion of all the potential evidence that could be on a SIM card is beyond the scope of this column, some of that information will be discussed in this and a future column.
SIMs are found in GSM, iDEN, and Blackberry handsets. Under the GSM framework, a cell phone is termed a Mobile Station, consisting of a SIM card and a handset. From an investigative perspective, one useful feature of a SIM card is that it can be moved from one GSM compatible phone to another.
The value of collecting evidence from GPS devices has been well established over the last several years. Most investigators think in terms of being able to obtain GPS evidence in the form of the “breadcrumb trail” known as trackpoints, but much more data is available from these devices.
Cell phones can and do store data or information that the user may not be aware of. It should come as no surprise that this can provide a tremendous amount of potential probative information (evidence) to investigators.
Familiarity with the five main cell phone operating systems can aid your investigation.
A fully equipped digital forensics laboratory contains numerous specialty spaces, each with its own unique and specific architectural/engineering design issues that must be addressed.
The purpose of this article is to educate you about Voice Stress Analysis, a forensic tool that can be used to determine whether someone is telling the truth or being deceptive.
Telephone technology has evolved by leaps and bounds. It is important to understand some of the key terminology used when discussing cellular phones and other mobile devices.