Windows 7 Registry Forensics: Part 2
Many forensic examiners are not familiar with the Registry or its forensic importance. One way to gain first-hand knowledge is to explore the Registry on a live, non-forensic computer.
Windows 7 Registry Forensics: Part 1
While the Windows Registry is forensically important, frequently it is not captured during the triage of a live system. Similarly, it is often overlooked during post-mortem examinations.
SIM Forensics: Part 3
Analyzing a SIM card can provide the geographical location(s) where the SIM card, the phone, and the owner of the phone (suspect) may have been.
Sim Forensics: Part 2
Although a thorough discussion of all the potential evidence that could be on a SIM card is beyond the scope of this column, some of that information will be discussed in this and a future column.
SIM Forensics: Part 1
SIMs are found in GSM, iDEN, and Blackberry handsets. Under the GSM framework, a cell phone is termed a Mobile Station, consisting of a SIM card and a handset. From an investigative perspective, one useful feature of a SIM card is that it can be moved from one GSM compatible phone to another.
Understanding The World of Cellular Telephones: Part 3
Cell phones can and do store data or information that the user may not be aware of. It should come as no surprise that this can provide a tremendous amount of potential probative information (evidence) to investigators.
Understanding the World of Cellular Telephones: Part 2
Familiarity with the five main cell phone operating systems can aid your investigation.
Understanding the World of Cellular Telephones: Part 1
Telephone technology has evolved by leaps and bounds. It is important to understand some of the key terminology used when discussing cellular phones and other mobile devices.
Parameters For Selecting A Triage Tool
Triage tools vary greatly in their technical and operational performance capabilities.
Triage A Computer
Triaging a computer allows investigators to gather volatile data that would be lost by pulling the plug on a live system.
Before You Pull the Plug
Collecting a computer into evidence requires careful consideration.
The Digital Forensic Sub-Disciplines: Part 2
The confusion concerning the Digital and Multimedia Evidence Sub-Disciplines suggests the Discipline should be revised.
The Digital Forensic Sub-Disciplines: Part 1
Can we clearly differentiate whether an examination falls under Computer Forensics, Forensic Audio, Image Analysis, or Video Analysis?
Cloud Computing: Another Digital Forensic Challenge
Cloud computing raises some unique law enforcement concerns regarding the location of potential digital evidence, its preservation, and its subsequent forensic analysis.
To Search or Not to Search…the Search Continues
The examination of a computer’s hard drive without an additional warrant may become problematic.
To Search or Not to Search
Pertaining to the seizure of digital devices, there is some misunderstanding concerning what “executing the warrant within ten days” actually means.
Anti-Digital Forensics, The Next Challenge: Part 2
This issue, we take a look at the general categories of anti-digital forensics.
Anti-Digital Forensics, The Next Challenge: Part 1
In the last several years, the term Anti-Digital Forensics has entered the vernacular in the Digital Forensics discipline. Conceptually, ADF concerns an approach to manipulate, erase, or obfuscate digital data or to make its examination difficult, time consuming, or virtually impossible.
Ethical Practices in Digital Forensics: Part 2
One common misconception of an examiner’s analytical responsibilities is that he or she is to only analyze submitted evidence to the extent of the investigative request. This is far from the truth.
Ethical Practices in Digital Forensics: Part 1
There are many examiners in the Digital Forensic community who are not aware that professional codes of conduct and codes of ethical practices need to be an inherent part of every examination.
Some Essential Tasks Performed During Analysis
There are three essential tasks that an examiner performs during the analysis of evidentiary digital media.
Reporting Examination Results
One of the more important facets of digital forensics concerns how to document the findings in a formal report. At first glance, this would seem to be rather straightforward: report what you found.
Documenting Computer Forensic Procedures
There are examiners working today in some agencies that do not have documented technical standard operating procedures ( SOPs) for the analysis of digital media. Most likely, this is because there are no Quality Assurance Practices (QAP) being followed and no Quality Assurance Systems (QAS) in those agencies to provide oversight.
Quality Assurance Practices for Computer Forensics – Part 2
Quality Assurance Practices are essential to ensure the overall quality of services that a Computer Forensics unit provides. Two of the fundamentals of quality assurance are a documented Quality Assurance Manual (QAM) and an individual designated as the Quality Manager (QM).
Quality Assurance Practices for Computer Forensics – Part 3
Previous columns discussed implementing an overall Quality Assurance Program (QAP) for a Computer Forensics Section. Two essentials of an effective QAP are the Quality Manager (QM) and a documented Quality Assurance Manual (QAM).
