archives

E-Discovery

This category contains 25 posts

Browser Anti Forensics

This write-up is just to demonstrate that how one’s browser history can go off track misleading the examiner. An investigator can identify it by noticing the odd in history, sample given in Figure 2. Let’s first take a closer look at this page below (Figure 1)– the URL (says cnn.com) and the title of tab … Continue reading

Forensics Europe Expo 2014 – Recap

Forensic Focus attended the Forensics Europe Expo at Kensington Olympia on the 29th & 30th of April. This article is a recap of some of the main highlights and over the next few weeks we will also be bringing you a number of interviews recorded at the expo. The Digital Forensics part of the Expo … Continue reading

WhatsApp – discovering timestamps of deleted messages

ABSTRACT:  This is a procedure for locating and parsing deleted messages timestamps in Android WhatsApp database. I did a little reverse engineering, using the hexadecimal tool of Physical Analyzer (UFED by Cellebrite), of the database of the popular messaging app WhatsApp for Android, because P.A. 3.8.6 does not display deleted messages WhatsApp, at least on … Continue reading

OS X Mavericks Metadata

Apple recently released the newest version of their desktop operating system, Mac OS X Mavericks.  As a free update to all supported Apple desktops and laptops, a wide adoption rate was expected, and in fact it was estimated that within the first 24 hours, 5.5% of all Mac laptops and desktops were already running the … Continue reading

KS – an open source bash script for indexing data

KS – an open source bash script for indexing data ABSTRACT:  This is a keywords searching tool working on the allocated, unallocated data and the slackspace, using an indexer software and a database storage . Often during a computer forensics analysis we need to have all the keywords indexed into a database for making many … Continue reading

What are ‘gdocs’? Google Drive Data – part 2

Following up from the recent post on Google Drive, designed to give a high level introduction to the product, this post will delve a bit deeper into the technical issues relating to the data stored and also the best approach on how to access it. The artefacts discussed in this post are based on Windows … Continue reading

What are ‘gdocs’? Google Drive Data

As “the Cloud” (a varied mix of internet based services ranging from web-based email accounts, on-line storage and services that synchronise data across multiple computers) becomes more relevant and the dominance of the PC or tablet as the exclusive “home” for data reduces, the days when simply taking a snapshot of a computer to capture … Continue reading

Windows 8: Important Considerations for Computer Forensics and Electronic Discovery

Introduction Documents identified by computer forensic investigations in civil litigation typically require review and analysis by attorneys to determine if the uncovered evidence could support causes of action such as breach of contract, breach of fiduciary duty, misappropriation of trade secrets, tortious interference, or unfair competition.  In addition, bit-for-bit forensic imaging of workstations is also … Continue reading

Collecting and Processing Bloomberg Data

A few years ago, Bloomberg data may have been relatively unusual, however today we see Bloomberg chat and email data being collected quite frequently. Not a surprise really considering some of the headlines relating to certain Banks and Financial institutions of late. Below are some examples of the tips, tricks and considerations involved in working … Continue reading

Evernote from a Forensic Investigation Perspective

by Stuart Clarke, Millnet Recently we have been looking at Evernote from a forensic investigation perspective, as we feel it is a great product which will grow in popularity therefore wanted to share some initial findings. While at the 2012 CEIC conference I had a discussion with Chris Dale from the e-Disclosure Information Project about … Continue reading

Generating computer forensic supertimelines under Linux: A comprehensive guide for Windows-based disk images

When the authors first published this paper, their intentions were to develop a comprehensive guide to digital forensic timelines in order to consolidate the many fragmented sources of information concerning this topic.  What they discovered, however, was that quality references were often challenging to find among various books, papers, periodicals, filesystem specifications and source code. … Continue reading

Authenticating Internet Web Pages as Evidence: a New Approach

By John Patzakis [1] and Brent Botta [2] Previously, in Forensic Focus, we addressed the issue of evidentiary authentication of social media data (see previous entries here and here). General Internet site data available through standard web browsing, instead of social media data provided by APIs or user credentials, presents slightly different but just as compelling challenges, … Continue reading

Digital Forensics and eDiscovery Employment – The State of the Market 2012

Forensic Focus recently asked a number of digital forensics and eDiscovery recruitment specialists to comment on the current state of the employment market. Here are their thoughts, please leave your comments below.   Jared Coseglia President, TRU Staffing Partners, US – http://www.trustaffingpartners.com “The current state of affairs for employment in eDiscovery, Litigation Support, and Forensics … Continue reading

Key Twitter and Facebook Metadata Fields Forensic Investigators Need to be Aware of

Authentication of social media evidence can present significant challenges when you collect by screen shots, printouts or raw html feeds from an archive tool. This is just one reason why social media data must be properly collected, preserved, searched and produced in a manner consistent with best practices. When social media is collected with a … Continue reading

689 Published Cases Involving Social Media Evidence (with full case listing)

The torrent of social media evidence continues to grow. In November 2011 we, at X1 Discovery, searched online legal databases of state and federal court decisions across the United States to identify the number of cases from 2010 and through November 2011 where evidence from social networking sites played a significant role.  As we mentioned … Continue reading

Follow

Get every new post delivered to your Inbox.

Join 691 other followers