Legal

Windows 8: Important Considerations for Computer Forensics and Electronic Discovery

Posted by Larry Lieb ⋅ December 9, 2012 ⋅ 1 Comment

Introduction Documents identified by computer forensic investigations in civil litigation typically require review and analysis by attorneys to determine if the uncovered evidence could support causes of action such as breach of contract, breach of fiduciary duty, misappropriation of trade secrets, tortious interference, or unfair competition. In addition, bit-for-bit forensic imaging of workstations is also … Continue reading »

Unacceptable Acceptable Use Policy

Posted by ThinkingSec ⋅ November 27, 2012 ⋅ 3 Comments

I had an opportunity this week to be on the receiving end of an acceptable use policy (AUP) – something that I should experience each and every time I work for a new client on their hardware, but something that isn’t often the case and thus is a bit of a novelty to me. It … Continue reading »

Authenticating Internet Web Pages as Evidence: a New Approach

Posted by John Patzakis ⋅ July 13, 2012 ⋅ 1 Comment

By John Patzakis [1] and Brent Botta [2] Previously, in Forensic Focus, we addressed the issue of evidentiary authentication of social media data (see previous entries here and here). General Internet site data available through standard web browsing, instead of social media data provided by APIs or user credentials, presents slightly different but just as compelling challenges, … Continue reading »

Key Twitter and Facebook Metadata Fields Forensic Investigators Need to be Aware of

Posted by John Patzakis ⋅ April 25, 2012 ⋅ 4 Comments

Authentication of social media evidence can present significant challenges when you collect by screen shots, printouts or raw html feeds from an archive tool. This is just one reason why social media data must be properly collected, preserved, searched and produced in a manner consistent with best practices. When social media is collected with a … Continue reading »

689 Published Cases Involving Social Media Evidence (with full case listing)

Posted by John Patzakis ⋅ April 16, 2012 ⋅ 2 Comments

The torrent of social media evidence continues to grow. In November 2011 we, at X1 Discovery, searched online legal databases of state and federal court decisions across the United States to identify the number of cases from 2010 and through November 2011 where evidence from social networking sites played a significant role. As we mentioned … Continue reading »

Overcoming Potential Legal Challenges to the Authentication of Social Media Evidence

Posted by John Patzakis ⋅ April 2, 2012 ⋅ 3 Comments

By John Patzakis1 Summary: Social media evidence is highly relevant to most legal disputes and broadly discoverable, but challenges lie in evidentiary authentication without best practices technology and processes. This whitepaper examines these challenges faced by eDiscovery practitioners and investigators and illustrates best practices for collection, preservation, search and production of social media data. Also … Continue reading »

Eleventh Circuit Rules Defendant Cannot Be Compelled to Divulge Encryption Passphrase

Posted by barristerharri ⋅ February 26, 2012 ⋅ Leave a Comment

Barely three weeks after I penned Another Judge Rules Encryption Passphrase not Testimonial Under Fifth Amendment Analysis, the Eleventh Circuit has held that a defendant’s “decryption and production of the hard drives’ contents would trigger Fifth Amendment protection because it would be testimonial, and that such protection would extend to the Government’s use of the drives’ contents.” For … Continue reading »

Another Judge Rules Encryption Passphrase not Testimonial Under Fifth Amendment Analysis

Posted by barristerharri ⋅ February 9, 2012 ⋅ Leave a Comment

I previously discussed, on a bar association section blog in 2007 (here) and 2009 (here), the case of In re Boucher, where a U.S. judge for the District of Vermont ruled that requiring a criminal defendant to produce an unencrypted version of his laptop’s hard-drive, which was believed to contain child pornography,did not constitute compelled testimonial communication. Professor Orin Kerr … Continue reading »

Can Your Digital Images Withstand A Court Challenge?

Posted by D. Eric Johnson, CEP ⋅ January 23, 2012 ⋅ 4 Comments

The term “digital” in law enforcement is almost immediately associated with digital forensics, i.e.; computer crimes, cyber terrorism, child porn on computer hard drives, and other areas that require special training, expertise, and equipment to investigate these types of digital threats. Media attention is widespread, grant opportunities abound, and a seemingly endless supply of resources … Continue reading »

Is your client an attorney? Be aware of possible constraints on your investigation. (Part 2 of a multi-part series)

Posted by barristerharri ⋅ November 22, 2011 ⋅ 4 Comments

In my first post several weeks ago, I discussed some of the special obligations that digital forensics investigators may have while in the employ of a lawyer. I elaborated briefly on the duty to zealously guard the attorney-client privilege, to correctly apply the work product doctrine, and to conduct investigations in a way that does … Continue reading »

Is your client an attorney? Be aware of possible constraints on your investigation. (Part 1 of a multi-part series)

Posted by barristerharri ⋅ September 24, 2011 ⋅ 4 Comments

Significant legal and ethical challenges confront digital forensics investigators, for which some may not be well prepared. Just as many lawyers may be confounded by technology in dealing with digital forensics matters, many digital forensics experts lack formal legal training, and are uninformed about their special obligations in the employ of a lawyer. These obligations include … Continue reading »

My cat did it – honest, Guv!

Posted by forensicfocus ⋅ July 20, 2011 ⋅ Leave a Comment

and he did it via remote access… by Sam Raincock, IT and telecommunications expert witness When evaluating computer forensics cases the tricky part is often not just evaluating what is found but determining how it came to reside there. “It was downloaded via a web browser because I identified it in Temporary Internet Files…” “I … Continue reading »

Serving search warrants in Spain

Posted by forensicfocus ⋅ July 18, 2011 ⋅ Leave a Comment

First published January 2010 The expert witness perspective by Joaquim Anguas Abstract This article describes the most common schema and basic procedure in which search warrants related to computer evidence are served in Spain from the expert witness perspective, and presents a guide, concrete tools, commands and recommendations oriented to maximize the effectiveness and validity … Continue reading »

Malicious Phone Call Legislation in the UK

Posted by forensicfocus ⋅ July 15, 2011 ⋅ Leave a Comment

First published February 2009 by Greg Smith Mobile Telephone Evidence & Forensics trewmte.blogspot.com It is being noted that there is an exponential growth in harassing and intimidating calls from financial companies, card companies and from outsource debt collection firms chasing payments where people have got behind with payment due as a direct consequence of this … Continue reading »

Computer Forensic ‘Expert’ Witnesses – Do You Know Who is Representing You?

Posted by forensicfocus ⋅ July 13, 2011 ⋅ Leave a Comment

First published November 2007 submitted by CY4OR Computer forensic experts deal with some of the most grave and serious of criminal cases that involve digital evidence. However it may be surprising to hear that currently there is no regulatory body in the UK to ensure the quality of their work, their security, and the expert’s … Continue reading »

Forensic Focus – Articles

Search