Windows 7 Registry Forensics: Part 3
A typical Windows 7 Registry consists of at least five Hives, each of which performs a different function.
Although a thorough discussion of all the potential evidence that could be on a SIM card is beyond the scope of this column, some of that information will be discussed in this and a future column.
SIMs are found in GSM, iDEN, and Blackberry handsets. Under the GSM framework, a cell phone is termed a Mobile Station, consisting of a SIM card and a handset. From an investigative perspective, one useful feature of a SIM card is that it can be moved from one GSM compatible phone to another.
Enhancing Investigations with GPS Evidence
The value of collecting evidence from GPS devices has been well established over the last several years. Most investigators think in terms of being able to obtain GPS evidence in the form of the “breadcrumb trail” known as trackpoints, but much more data is available from these devices.
Understanding The World of Cellular Telephones: Part 3
Cell phones can and do store data or information that the user may not be aware of. It should come as no surprise that this can provide a tremendous amount of potential probative information (evidence) to investigators.
Understanding the World of Cellular Telephones: Part 2
Familiarity with the five main cell phone operating systems can aid your investigation.
Understanding the World of Cellular Telephones: Part 1
Telephone technology has evolved by leaps and bounds. It is important to understand some of the key terminology used when discussing cellular phones and other mobile devices.
Parameters For Selecting A Triage Tool
Triage tools vary greatly in their technical and operational performance capabilities.
Speeding The Digital Forensics Process: Bringing High Performance Computing Power into the Field
A new generation of server-based solutions allows investigators to bring massive, data center computing capability into the field.
Triaging a computer allows investigators to gather volatile data that would be lost by pulling the plug on a live system.
The Digital Forensic Sub-Disciplines: Part 2
The confusion concerning the Digital and Multimedia Evidence Sub-Disciplines suggests the Discipline should be revised.
The Digital Forensic Sub-Disciplines: Part 1
Can we clearly differentiate whether an examination falls under Computer Forensics, Forensic Audio, Image Analysis, or Video Analysis?
Cloud Computing: Another Digital Forensic Challenge
Cloud computing raises some unique law enforcement concerns regarding the location of potential digital evidence, its preservation, and its subsequent forensic analysis.
Examining Cellular Phones and Handheld Devices
From minor crimes to major cases, law enforcement is faced with the proper handling and analysis of these devices.
If only it were true, as the televised CSI seems to promise, that any audio recording could be made intelligible with a little bing from a computer. The realities of forensic audio may surprise you—amazing things are possible, but not all things.
Pertaining to the seizure of digital devices, there is some misunderstanding concerning what “executing the warrant within ten days” actually means.
Anti-Digital Forensics, The Next Challenge: Part 2
This issue, we take a look at the general categories of anti-digital forensics.
The Hash Algorithm Dilemma–Hash Value Collisions
Digital Evidence, like any other type of evidence, requires identification, collection, a chain of custody, examination/analysis, and finally authentication in court during presentation to the trier of fact.
Anti-Digital Forensics, The Next Challenge: Part 1
In the last several years, the term Anti-Digital Forensics has entered the vernacular in the Digital Forensics discipline. Conceptually, ADF concerns an approach to manipulate, erase, or obfuscate digital data or to make its examination difficult, time consuming, or virtually impossible.
Some Essential Tasks Performed During Analysis
There are three essential tasks that an examiner performs during the analysis of evidentiary digital media.
Computer forensics is a field that is changing as fast as software can be written—and that’s fast.
Appropriate Standards and Controls in Computer Forensics
Appropriate standards and controls must always be specified in the analytical procedure and their use documented in the case notes.
