Matt Danner Flashback Data
|
|
- Lucas Hill
- 6 years ago
- Views:
Transcription
1 Preservation Strategies and Data Collection from a Forensic Expert's Point of View Best practices on executing preservation and administering collection protocols with emphasis on forensically sound methods Matt Danner Flashback Data
2 ediscovery Webinar Series About our Webinars Webinars take place monthly and cover a variety of relevant e-discovery topics If you have technical issues or questions, please webinars@lexbe.com Lexbe webinars are available for viewing (streaming video), and downloadable as a PDF Presentation or an MP3 podcast. This Webinar and a complete listing of other ondemand webinars is part of the: Lexbe ediscovery Webinar Series For notices of future live and on-demand webinars as part of this series please us at webinars@lexbe.com or: Follow us on LinkedIN Preservation Strategies and Data Collection from a Forensic Expert's Point of View
3 ediscovery Webinar Series About Lexbe We are an Austin, TX based ediscovery software and services provider, specializing in serving small & medium-sized law firms and organizations. We provide: Cloud-based DIY ediscovery processing & document review software High-speed ESI document processing and data conversion services Experienced ediscovery specialists and expert consultants Cost-effective ediscovery Secure, easy-to-use and a great review tool for consideration A powerful litigation document management service Lexbe Sales sales@lexbe.com (800) x22 Preservation Strategies and Data Collection from a Forensic Expert's Point of View
4 ediscovery Webinar Series Matt Danner bio Current position Digital Forensics with FlashBack Data, LLC Prior experience: Special Investigations Unit with Texas State Auditor's Office Special Investigations Unit with Texas Workforce Commission Regularly presents on digital evidence collection and the analysis to legal organizations and law enforcement Frequently testifies as an expert witness related to analysis of computers and mobile devices. His background in criminal investigations makes him a specialist in both criminal defense and prosecution cases related to digital evidence. Preservation Strategies and Data Collection from a Forensic Expert's Point of View Matt Danner matt@flashback.com
5 WHAT IS DIGITAL FORENSICS? Scientific Working Groups on Digital Evidence (SWGDE) Definition The scientific examination, analysis, and/or evaluation of digital evidence in legal matters. Digital evidence is information of probative value that is stored or transmitted in binary form.
6 DF FOUNDATIONS Forensically sound acquisition of digital evidence data How do we ensure this? How do we know the data is accurate? Procedure Methodology
7 FORENSIC IMAGES Bit-for-bit copy of data stored on a digital device. Physical Vs. Logical Images Software used to accomplish this: AccessData FTK Imager Guidance Software EnCase X-ways Forensics Cellebrite Forensic Hardware/Software (Mobile devices) Hardware based imaging devices
8
9 WRITE BLOCKING Prevent changes to data during acquisition Prevents operating system write commands from reaching digital device Software write blockers Hardware write blockers
10 HASH VALUES Mathematically generated values that are unique to specific data patterns Examples: MD5: CB2711B9ECEA8A0075C6EEBA0 SHA-1: 5D30BA22A0C8A411F9CFF9376D21F447D0D2D679 SHA-256: 4C1A379B3C62A A02E043C8AAB5CFA D056784D Commonly referred to as fingerprints for digital data such as storage devices, forensic images, and files.
11 EVIDENCE PRESERVATION Best method is forensic imaging Forensic images are industry standard Backups are not as useful and may not contain crucial system artifacts Computer should be turned off Remove hard drive and acquire forensic image via write blocker Possible to use forensically sound Boot software
12 OPTIONS FOR REVIEW Get the forensic image first! After imaging, a preview of the system files can be conducted Evidence is preserved through the image process Any changes made by preview will not affect the preserved image If imaging is not possible, do not review the device files Turn off device and store it in a secure place Wait until a forensic examination can be conducted
13 BASIS FOR CONCLUSIONS Conclusions should be based on evidence Speculation is not evidence Assumptions should not be made BIG DIFFERENCE This text message was never sent from this mobile device Using the forensic methods described, no evidence was found to indicate that the text message was sent from this mobile device.
14 DELETED DATA Data is not instantly gone after deletion Overwrites with new data has to occur Rate of data loss is variable and difficult to predict Typically, the sooner data has been deleted the easier it is to recover This applies to most types of data Computers are easier than mobile devices
15
16 clients Microsoft Outlook Thunderbird Apple Mail Archive Files Personal Storage Table (PST) - Outlook Offline Storage Table (OST) - Outlook MBOX - Thunderbird files Apple Mail
17 (CONT.) Web Based Google Gmail Yahoo! Mail Hotmail Several Others Fragments can be recovered via Web Cache Web browsers will store data related to webmail sessions Includes Senders/Recipients, dates, subject, and message content Not as simple as archive files
18 METADATA Information about data Author Creation/modified timestamp Editing time Last printed timestamp Creation Tool Microsoft Office Metadata Adobe PDF Metadata Image Metadata (EXIF data) Device information Creation timestamps GPS data
19
20 USER ARTIFACTS (WINDOWS) User names Last logon timestamp Recent file activity Did a user view a file? w/timestamps Folder activity Did a user view a folder w/timestamps Did they delete any files? Recycle Bin Recycle Bin Bypass USN Journal External storage devices
21 EXTERNAL STORAGE DEVICES Was a thumb drive connected? Manufacturer Device name Device serial number Volume serial number First connected date Last connected date Files on device Great evidence for IP theft cases
22
23 MOBILE DEVICES Issues with forensic imaging Logical Vs. Physical Text messages Call logs Contacts Images and videos Application data
24 MOBILE DEVICES (CONT.) Internet history Deleted Items GPS data Timestamps
25 MOBILE DEVICE SECURITY Passcode lock or Damaged Boot Loaders Chip-off acquisition JTAG Encryption ios operating system Android operating system
26 CASE EXAMPLES Fraudulent Computers provided with wrong hard drives iphone text message screen shot sends man to jail Homicide Phones Attempted Destruction of Phone
27 FRAUDULENT
28
29
30
31
32
33 FLASHBACK DATA, LLC ISO/IEC 17025:2005 Compliant ASCLD Accredited Same as FBI and Texas DPS Digital Forensics Data Recovery In Operation since 2004.
34 Data Collection Full Disk Acquisition We work with Forensic partners, like Flashback Extensive network of partners spans all major markets Seamless transition of data from forensics firm to the Lexbe platform Our ediscovery consultants can help you determine if you need forensic collection Preservation Strategies and Data Collection from a Forensic Expert's Point of View
35 Data Collection Remote Collection Parties to a litigation are generally required to use reasonable, good faith, and proportional efforts to preserve, identify, and produce relevant information Defensible remote collection of ESI by Lexbe s technical services team Limited to certain file types on a computer and/or certain standard directories on a computer where files are usually stored Metadata can be preserved to an extent, we can help you determine whether additional steps (hardware/ software) are need to be taken to preserve sensitive metadata Preservation Strategies and Data Collection from a Forensic Expert's Point of View
36 Data Collection Remote Collection, cont. Remote log-in to work stations Specialty collection software Cloud Based-storage Collection Media Report for Chain of Custody Preservation Strategies and Data Collection from a Forensic Expert's Point of View
37 Thank You Thank You For Attending We ll be making the following available to webinar attendees: A recorded streaming version MP3 podcast PDF Please let us know if you have any questions or comments about this webinar or suggestions for future topics. This webinar is part of the Lexbe ediscovery Webinar Series. For notices of future live and on-demand webinars as part of this series please us at webinars@lexbe.com or Follow us on LinkedIN. Presenter: Matt Danner matt@flashback.com Moderator: Frank Krafka fkrafka@lexbe.com (512) Webinar Questions: webinars@lexbe.com Preservation Strategies and Data Collection from a Forensic Expert's Point of View
38 Lexbe ediscovery Platform Learn More About Lexbe The Lexbe ediscovery Platform, is our cloud-based processing, review and production tool. Designed for Attorneys/legal staff to be DIY and easy to use, with no users fees or case fees. Free standard loading with annual plans. Learn about our high-speed/high-capacity ediscovery services, and expert professional services. Request a personalized demo and expert consultation today! Cost-effective ediscovery Secure, easy-to-use and a great review tool for consideration Lexbe cost advantages, SaaS convenience and search capabilities appeal to many small firms Because of the Lexbe software, the entire playing field has been leveled for my firm. Preservation Strategies and Data Collection from a Forensic Expert's Point of View A powerful litigation document management service Lexbe is the easiest ediscovery software I have ever used Lexbe Sales sales@lexbe.com (800) x22
A Lawyer s Guide to ediscovery Processing
A Lawyer s Guide to ediscovery Processing What You Should Know to Competently Handle Your Case Christian DeTrude Lexbe ediscovery Webinar Series About our Webinars If you have technical issues or questions,
More informationFinding Holes in Productions Best Practices in Testing & Reporting on ESI Adequacy Using Modern Analytics
Best Practices in Testing & Reporting on ESI Adequacy Using Modern Analytics September 30, 2015 Karsten Weber Lexbe LC ediscovery Webinar Series Downloadable Resources This webinar is available for viewing
More informationA Litigator's Guide to Going Native
A Litigator's Guide to Going Native Pros, Cons and Tips for Native Review and Productions July 13, 2016 Gene Albert CEO Lexbe ediscovery Webinar Series Info and Future Webinars Webinars take place monthly
More informationBest Practices to Avoid Missing Key Evidence in Large Document Reviews
Best Practices to Avoid Missing Key Evidence in Large Document Reviews How Proper or Improper Search, Processing and Indexing can Make or Break Your Case Erin Derby, ACEDS Lexbe ediscovery Webinar Series
More informationAccessData offers a broad array of training options.
Forensics Training AccessData offers a broad array of training options. Our trainers have more than two centuries of cumulative experience in their respective fields. Take Advantage of the All Access Pass
More informationCourse 832 EC-Council Computer Hacking Forensic Investigator (CHFI)
Course 832 EC-Council Computer Hacking Forensic Investigator (CHFI) Duration: 5 days You Will Learn How To Understand how perimeter defenses work Scan and attack you own networks, without actually harming
More informationCertified Digital Forensics Examiner
Certified Digital Forensics Examiner ACCREDITATIONS EXAM INFORMATION The Certified Digital Forensics Examiner exam is taken online through Mile2 s Assessment and Certification System ( MACS ), which is
More informationCertified Digital Forensics Examiner
Certified Digital Forensics Examiner Course Title: Certified Digital Forensics Examiner Duration: 5 days Class Format Options: Instructor-led classroom Live Online Training Prerequisites: A minimum of
More informationAccessData Advanced Forensics
This advanced five-day course provides the knowledge and skills necessary to install, configure and effectively use Forensic Toolkit (FTK ), FTK Imager Password Recovery Toolkit (PRTK ) and Registry Viewer.
More informationSource: https://articles.forensicfocus.com/2018/03/02/evidence-acquisition-using-accessdata-ftk-imager/
by Chirath De Alwis Source: https://articles.forensicfocus.com/2018/03/02/evidence-acquisition-using-accessdata-ftk-imager/ Forensic Toolkit or FTK is a computer forensics software product made by AccessData.
More information10 th National Investigations Symposium
10 th National Investigations Symposium AVOIDING FORENSIC PITFALLS First Responders Guide to Preserving Electronic Evidence 6 November 2014 Bronwyn Barker Electronic Evidence Specialist Investigation 5
More informationGOOGLE VAULT AND SPANNING BACKUP
Understanding the difference between GOOGLE VAULT AND SPANNING BACKUP SPANNING BACKUP VS. Many people concerned about data loss in G Suite wonder if Google Vault is the solution to their problems. It s
More informationIncident Response Data Acquisition Guidelines for Investigation Purposes 1
Incident Response Data Acquisition Guidelines for Investigation Purposes 1 1 Target Audience This document is aimed at general IT staff that may be in the position of being required to take action in response
More informationGuide to Computer Forensics and Investigations Fourth Edition. Chapter 2 Understanding Computer Investigations
Guide to Computer Forensics and Investigations Fourth Edition Chapter 2 Understanding Computer Investigations Objectives Explain how to prepare a computer investigation Apply a systematic approach to an
More informationCOMPUTER HACKING FORENSIC INVESTIGATOR (CHFI) V9
COMPUTER HACKING FORENSIC INVESTIGATOR (CHFI) V9 Course Code: 3401 Prepare for the CHFI certification while learning advanced forensics investigation techniques. EC-Council released the most advanced computer
More informationVendor: ECCouncil. Exam Code: EC Exam Name: Computer Hacking Forensic Investigator Exam. Version: Demo
Vendor: ECCouncil Exam Code: EC1-349 Exam Name: Computer Hacking Forensic Investigator Exam Version: Demo QUESTION 1 What is the First Step required in preparing a computer for forensics investigation?
More informationMOBILE DEVICE FORENSICS
MOBILE DEVICE FORENSICS Smart phones and other handheld electronics have become an important part of our everyday lives and the ever changing technology is making these devices a major source of digital
More informationUnderstanding Computer Forensics
Understanding Computer Forensics also known as: How to do a computer forensic investigation... and not get burned Nick Klein SANS Canberra Community Night 11 February 2013 The scenario... Your boss tells
More informationTop 10 Mistakes to Avoid When Creating Productions
Top 10 Mistakes to Avoid When Creating Productions Steer Clear of Common Pitfalls and Flawlessly Execute Productions October 30, 2014 Gene Albert Principal, Lexbe LC ediscovery Webinar Series Info Takes
More informationEd Ferrara, MSIA, CISSP
MIS 5208 - Lecture 12 Investigation Methods Data Acquisition Ed Ferrara, MSIA, CISSP eferrara@temple.edu Objectives List digital evidence storage formats Explain ways to determine the best acquisition
More informationForensic Discovery By Wietse Venema, Dan Farmer READ ONLINE
Forensic Discovery By Wietse Venema, Dan Farmer READ ONLINE Get this from a library! Forensic discovery. [Dan Farmer; Wietse Venema] -- "Computer forensics - the art and science of gathering and analyzing
More informationScientific Working Group on Digital Evidence
Disclaimer: As a condition to the use of this document and the information contained therein, the SWGDE requests notification by e-mail before or contemporaneous to the introduction of this document, or
More informationTake control of your e-discovery process. Increase efficiency, reduce risk and keep costs in line with an integrated solution.
AD ediscovery Collect, Audit and Analyze with a Seamless, Secure Solution Take control of your e-discovery process. Increase efficiency, reduce risk and keep costs in line with an integrated solution.
More informationTrends in Mobile Forensics from Cellebrite
Trends in Mobile Forensics from Cellebrite EBOOK 1 Cellebrite Survey Cellebrite is a well-known name in the field of computer forensics, and they recently conducted a survey as well as interviews with
More informationWhen Recognition Matters WHITEPAPER CLFE CERTIFIED LEAD FORENSIC EXAMINER.
When Recognition Matters WHITEPAPER CLFE www.pecb.com CONTENT 3 4 5 6 6 7 7 8 8 Introduction So, what is Computer Forensics? Key domains of a CLFE How does a CLFE approach the investigation? What are the
More informationDIGITAL EVIDENCE TOOL BOX
DIGITAL EVIDENCE TOOL BOX Toolbox Page 1 of 23 Introduction This guide is meant to provide a basic understanding of the industry standards, best practices and practical applications for the use of digital
More informationCOMPUTER FORENSICS THIS IS NOT CSI COLORADO SPRINGS. Frank Gearhart, ISSA Colorado Springs
COMPUTER FORENSICS THIS IS NOT CSI COLORADO SPRINGS Frank Gearhart, ISSA Colorado Springs TECHNOLOGY + INVESTIGATION + STORYTELLING Know the case Find the evidence Follow the facts Create the timeline
More informationPROFILE: ACCESS DATA
COMPANY PROFILE PROFILE: ACCESS DATA MARCH 2011 AccessData Group provides digital investigations and litigation support software and services for corporations, law firms, law enforcement, government agencies
More informationUNCLASSIFIED. Mimecast UK Archiving Service Description
UNCLASSIFIED 26/05/2016 v2.3 Mimecast UK Email Archiving Service Description Mimecast UK Email Archiving, provides businesses with a secure, scalable cloud-based message archive. It s designed to significantly
More informationSYSTEM SPECIFICATIONS GUIDE
SYSTEM SPECIFICATIONS GUIDE AD Enterprise NETWORK INVESTIGATION AND POST-BREACH ANALYSIS v6.5 Revision (May 8, 2018) www.accessdata.com Contents AccessData Enterprise Overview and System Specifications
More informationComputer Forensics: Investigating Data and Image Files, 2nd Edition. Chapter 3 Forensic Investigations Using EnCase
Computer Forensics: Investigating Data and Image Files, 2nd Edition Chapter 3 Forensic Investigations Using EnCase Objectives After completing this chapter, you should be able to: Understand evidence files
More informationThis version has been archived. Find the current version at on the Current Documents page. Archived Version. Capture of Live Systems
Scientific Working Group on Digital Evidence Capture of Live Systems Disclaimer: As a condition to the use of this document and the information contained therein, the SWGDE requests notification by e-mail
More informationAffordable Hosting Alternatives for Summation & Concordance Productions
Affordable Hosting Alternatives for Summation & Concordance Productions Fast, Cost-Effective Document Reviews of TIFF Images and Loadfiles April 29, 2014 Gene Albert Principal, Lexbe LC ediscovery Webinar
More informationWindows Forensics Advanced
Windows Forensics Advanced Index: CF102 Description Windows Forensics - Advanced is the next step for forensics specialists, diving deeper into diverse processes on Windows OS serving computer investigators.
More informationForensics for Cybersecurity. Pete Dedes, CCE, GCFA, GCIH
Forensics for Cybersecurity Pete Dedes, CCE, GCFA, GCIH WHO AM I? Pete Dedes, Forensics Analyst, Sword & Shield Enterprise Security Education Bachelor s of Science Computer Science, University of Tennessee
More informationWindows Core Forensics Forensic Toolkit / Password Recovery Toolkit /
The Windows Forensics Core Training follows up the AccessData BootCamp training. This advanced AccessData training class provides the knowledge and skills necessary to use AccessData products to conduct
More informationIntroduction to Computer Forensics
Introduction to Computer Forensics Subrahmani Babu Scientist- C, Computer Forensic Laboratory Indian Computer Emergency Response Team (CERT-In) Department of Information Technology, Govt of India. babu_sivakami@cert-in.org.in
More informationTHE INTERNATIONAL INSTITUTE OF CERTIFIED FORENSIC ACCOUNTANTS, INC. USA. CERTIFIED IN FRAUD & FORENSIC ACCOUNTING (Cr.
THE INTERNATIONAL INSTITUTE OF CERTIFIED FORENSIC ACCOUNTANTS, INC. USA CERTIFIED IN FRAUD & FORENSIC ACCOUNTING (Cr.FFa) BROCHURE Contents INTRODUCTION... 3 THE IICFA... 4 Basic Entry qualifications...
More informationOHLONE COLLEGE Ohlone Community College District OFFICIAL COURSE OUTLINE
OHLONE COLLEGE Ohlone Community College District OFFICIAL COURSE OUTLINE I. Description of Course: 1. Department/Course: CNET - 174 2. Title: Computer Forensics 3. Cross Reference: 4. Units: 3 Lec Hrs:
More informationProduct Overview Archive2Azure TM. Compliance Storage Solution Based on Microsoft Azure. From Archive360
Product Overview Compliance Storage Solution Based on Microsoft Azure From Archive360 1 Introduction The cloud has quickly become the preferred option for companies to help reverse the growing issues associated
More informationExam Questions EC1-349
Exam Questions EC1-349 ECCouncil Computer Hacking Forensic Investigator https://www.2passeasy.com/dumps/ec1-349/ 1.What is the First Step required in preparing a computer for forensics investigation? A.
More informationOperating System Specification Mac OS X Snow Leopard (10.6.0) or higher and Windows XP (SP3) or higher
BlackLight is a multi-platform forensic analysis tool that allows examiners to quickly and intuitively analyze digital forensic media. BlackLight is capable of analyzing data from Mac OS X computers, ios
More informationUNITRENDS CLOUD BACKUP FOR OFFICE 365
UNITRENDS CLOUD BACKUP FOR OFFICE 365 FREQUENTLY ASKED QUESTIONS Unitrends Cloud Backup for Office 365 provides full, automatic protection that is purpose-built for Microsoft SaaS applications, eliminating
More informationECCouncil Computer Hacking Forensic Investigator (V8)
ECCouncil 312-49v8 ECCouncil Computer Hacking Forensic Investigator (V8) Version: 9.0 QUESTION NO: 1 ECCouncil 312-49v8 Exam What is the First Step required in preparing a computer for forensics investigation?
More informationDigital Forensics Lecture 01- Disk Forensics
Digital Forensics Lecture 01- Disk Forensics An Introduction to Akbar S. Namin Texas Tech University Spring 2017 Digital Investigations and Evidence Investigation of some type of digital device that has
More informationDigital Forensics Validation, Performance Verification And Quality Control Checks. Crime Scene/Digital and Multimedia Division
Validation, Performance Verification And Quality Control Checks 5. VALIDATION, PERFORMANCE VERIFICATION AND QUALITY CONTROL CHECKS 5.1. Purpose 5.1.1. The purpose of this procedure is to establish guidelines
More informationAnalysis Villanova University Department of Computing Sciences D. Justin Price Spring 2014
Email Analysis Villanova University Department of Computing Sciences D. Justin Price Spring 2014 EMAIL ANALYSIS With the increase in e-mail scams and fraud attempts with phishing or spoofing Investigators
More informationDuncanPowell RESTRUCTURING TURNAROUND FORENSIC
Forensic Technology and the Cloud DuncanPowell RESTRUCTURING TURNAROUND FORENSIC 12 October 2017 DucanPowell Forensic Team Peter Lanthois Partner Office: (08) 8223 8107 Mobile: 0407 258 959 Email: planthois@duncanpowell.com.au
More informationAnalysis Villanova University Department of Computing Sciences D. Justin Price Fall 2014
Email Analysis Villanova University Department of Computing Sciences D. Justin Price Fall 2014 EMAIL ANALYSIS With the increase in e-mail scams and fraud attempts with phishing or spoofing Investigators
More informationArchiving. Services. Optimize the management of information by defining a lifecycle strategy for data. Archiving. ediscovery. Data Loss Prevention
Symantec Enterprise Vault TransVault CommonDesk ARCviewer Vault LLC Optimize the management of information by defining a lifecycle strategy for data Backup is for recovery, archiving is for discovery.
More informationC HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR
Page: 1 TM C HFI Computer C HFI Computer Hacking Forensic INVESTIGATOR Hacking Forensic INVESTIGATOR TM v8 v8 Page: 2 Be the leader. Deserve a place in the CHFI certified elite class. Earn cutting edge
More informationRunning Head: IPHONE FORENSICS 1. iphone Forensics Jaclyn Sottilaro Monica Figueroa-Santos Antonina Spinella Saint Leo University
Running Head: IPHONE FORENSICS 1 iphone Forensics Jaclyn Sottilaro Monica Figueroa-Santos Antonina Spinella Saint Leo University IPHONE FORENSICS 2 Abstract With an ever-growing evolution on technology,
More informationANALYSIS AND VALIDATION
UNIT V ANALYSIS AND VALIDATION Validating Forensics Objectives Determine what data to analyze in a computer forensics investigation Explain tools used to validate data Explain common data-hiding techniques
More informationMOBILedit Forensic Express
MOBILedit Forensic Express All-in-one phone forensic tool from pioneers in the field MOBILedit Forensic Express is a phone and cloud extractor, data analyzer and report generator all in one solution. A
More informationE-DISCOVERY. The process in which electronic data is sought, located, secured, using it as evidence in a civil or criminal legal case.
E-DISCOVERY The process in which electronic data is sought, located, secured, and analyzed with the intent of using it as evidence in a civil or criminal legal case. I. Guidance Regarding the Amended Federal
More informationARCHIVE ESSENTIALS
EMAIL ARCHIVE ESSENTIALS KEY CONSIDERATIONS WHEN MOVING TO OFFICE 365 DISCUSSION PAPER PREFACE The last few years have seen significant changes in the way that organisations conduct business. There has
More informationCOMPUTER HACKING Forensic Investigator
COMPUTER HACKING Forensic Investigator H.H. Sheik Sultan Tower (0) Floor Corniche Street Abu Dhabi U.A.E www.ictd.ae ictd@ictd.ae Course Introduction: CHFIv8 presents a detailed methodological approach
More informationDigital Forensics for Attorneys
Lars E. Daniel, EnCE, ACE, AME, CTNS Digital Forensics Examiner Digital Forensics for Attorneys Overview of Digital Forensics Digital Forensics For Attorneys Overview of Digital Forensics Types of Digital
More informationReport For Algonquin Township Highway Department
Report For Algonquin Township Highway Department Prepared For: Prepared By: Robert Hanlon Attorney at Law robert@robhanlonlaw.com Andy Garrett Garrett Discovery Inc agarrett@garrettdiscovery.com Date:
More informationRunning head: FTK IMAGER 1
Running head: FTK IMAGER 1 FTK Imager Jean-Raymond Ducasse CSOL-590 June 26, 2017 Thomas Plunkett FTK IMAGER 2 FTK Imager Outline Process for Adding Individual Files & Folders as Evidence Items Although
More informationKillTest 䊾 䞣 催 ࢭ ད ᅌ㖦䊛 ᅌ㖦䊛 NZZV ]]] QORRZKYZ TKZ ϔᑈܡ䊏 ᮄ ࢭ
KillTest Exam : 312-49v8 Title : ECCouncil Computer Hacking Forensic Investigator (V8) Version : Demo 1 / 6 1.What is the First Step required in preparing a computer for forensics investigation? A. Do
More informationPinpoint Labs ESI Collection Tools
Pinpoint Labs ESI Collection Tools Pinpoint Labs offers two separate product families that enable users to perform defensible electronically stored information (ESI) collections. The products are SafeCopy
More informationTomTom GPS Device Forensics
TomTom GPS Device Forensics Written by Ben LeMere & Andy Sayers For more information visit GPSForensics.org blemere@gpsforensics.org asayers@gpsforensics.org Introduction: The sales of portable navigation
More informationGlobal Cybercrime Certification
Global Cybercrime Certification Yves Vandermeer ECTEG chair yves.vandermeer@ Way to a new IT crime ecosystem Standard Operation Procedures and Education docs ACPO - Good Practice Guide For Digital Evidence
More informationAccessData Forensic Toolkit Release Notes
AccessData Forensic Toolkit 6.0.1 Release Notes Document Date: 11/30/2015 2015 AccessData Group, Inc. All rights reserved Introduction This document lists the new features, fixed issues, and known issues
More informationMobile Devices Villanova University Department of Computing Sciences D. Justin Price Spring 2014
Mobile Devices Villanova University Department of Computing Sciences D. Justin Price Spring 2014 INTRODUCTION The field of computer forensics has long been centered on traditional media like hard drives.
More informationOverview. Top. Welcome to SysTools MailXaminer
Table of Contents Overview... 2 System Requirements... 3 Installation of SysTools MailXaminer... 4 Uninstall Software... 6 Software Menu Option... 8 Software Navigation Option... 10 Complete Steps to Recover,
More informationCNIT 121: Computer Forensics. 14 Investigating Applications
CNIT 121: Computer Forensics 14 Investigating Applications Applications Not part of the operating system User applications Internet browsers, email clients, office suites, chat programs, and more Service
More informationQuick Start User Guide For Cellebrite Extraction Reports
I.R.I.S. LLC Quick Start User Guide For Cellebrite Extraction Reports Impartial, objective advocates for the truth Quick start user guide for opening, navigating and creating custom reports in Cellebrite.
More informationGetting the best digital evidence is what matters XRY extracts more data faster, with full integrity
Getting the best digital evidence is what matters XRY extracts more data faster, with full integrity Successful investigations rely on fast, high quality extraction of data from mobile phones. Without
More informationCOMP116 Final Project. Shuyan Guo Advisor: Ming Chow
Digital Forensics with ios Devices COMP116 Final Project Shuyan Guo Shuyan.guo@tufts.edu Advisor: Ming Chow Abstract This project focuses on ios device forensics. The study provides a general overview
More informationHow to Like E-Discovery, Security and Social Media. Dr. Gavin W. Manes, CEO
How to Like E-Discovery, Security and Social Media Dr. Gavin W. Manes, CEO Gavin W. Manes, Ph.D. CEO, Avansic Doctorate in Computer Science from TU Scientific approach to e- discovery Published over fifty
More informationCertification. Forensic Certification Management Board. Robert J. Garrett, Director
Certification Forensic Certification Management Board Robert J. Garrett, Director Crime Lab Accreditation and Certification Essentials National Clearinghouse for Science, Technology, and the Law What is
More informationGetting the best digital evidence is what matters XRY extracts more data faster, with full integrity
Getting the best digital evidence is what matters XRY extracts more data faster, with full integrity Successful investigations rely on fast, high quality extraction of data from mobile phones. Without
More informationReviewing the Results of the Forensic Analysis
CYBERSECURITY FORENSICS WORKSHOP Reviewing the Results of the Forensic Analysis Ian M Dowdeswell Incident Manager, Q-CERT 2 CYBERSECURITY FORENSICS WORKSHOP Caveats This is not an actual crime it has been
More informationEXAM - CFA-001. Certified Forensic Analyst (CFA) Buy Full Product.
GAQM EXAM - CFA-001 Certified Forensic Analyst (CFA) Buy Full Product http://www.examskey.com/cfa-001.html Examskey GAQM CFA-001 exam demo product is here for you to test the quality of the product. This
More informationIntro. This program can retrieve messages, call logs, pictures, contacts, apps, calendar events, s, passwords, deleted data, and much more.
FAQ Intro Thank you for purchasing MOBILedit Forensic Express. This tool preforms mobile phone content extractions and is used by professionals in law enforcement, military as well as the corporate and
More informationComputer forensics Aiman Al-Refaei
Computer forensics Aiman Al-Refaei 29.08.2006 Computer forensics 1 Computer forensics Definitions: Forensics - The use of science and technology to investigate and establish facts in criminal or civil
More informationA forensically robust method for acquisition of icloud data. Kurt Oestreicher Champlain College
A forensically robust method for acquisition of icloud data Kurt Oestreicher Champlain College Background Data stored on cloud services increasingly important to forensic investigations As of June 2013:
More informationMoving to computing are auditors ready for the security challenges? Albert Otete CPA CISA ISACA Uganda Workshop
Moving to computing are auditors ready for the security challenges? Albert Otete CPA CISA ISACA Uganda Workshop 10.08.2011 What is computing? Examples of service providers Computing preface Cloud computing
More informationARCHIVE ESSENTIALS: Key Considerations When Moving to Office 365 DISCUSSION PAPER
EMAIL ARCHIVE ESSENTIALS: Key Considerations When Moving to Office 365 DISCUSSION PAPER preface The last few years have seen significant changes in the way organisations conduct business. There has been
More informationBasic. $5/user per mo.
Product Suite Intelligent office suite Secure cloud-based file storage per user 30 GB Unlimited Unlimited Access across devices (computer, phone, or tablet) Works without an Internet connection Compatible
More informationDigital Forensics. Also known as. General definition: Computer forensics or network forensics
TEL2813/IS2621 Security Management James Joshi Associate Professor Lecture 3 Jan 29, 2014 Introduction ti to Digital Forensics Digital Forensics Also known as Computer forensics or network forensics General
More informationAndroid Forensics: Simplifying Cell Phone Examinations
Android Forensics: Simplifying Cell Phone Examinations Jeff Lessard, Gary Kessler 2010 Presented By: Manaf Bin Yahya Outlines Introduction Mobile Forensics Physical analysis Logical analysis CelleBrite
More informationDeloitte Discovery Caribbean & Bermuda Countries Guide
Deloitte Discovery Caribbean & Bermuda Countries Guide Deloitte Discovery Caribbean & Bermuda Countries Guide Caribbean & Bermuda Countries Our Region Deloitte CBC primarily serves businesses located or
More informationAccessData Enterprise Release Notes
AccessData Enterprise 6.0.2 Release Notes Document Date: 3/09/2016 2016 AccessData Group, Inc. All rights reserved Introduction This document lists the new features, fixed issues, and known issues for
More informationTrends in Electronic Evidence.
Trends in Electronic Evidence. Collecting and Processing Large Data Sets in Digital Forensic Investigations With Dr Allan Watt CFCE, CFE Webinar outline Authentication of electronic documents: contracts,
More informationFinancial CISM. Certified Information Security Manager (CISM) Download Full Version :
Financial CISM Certified Information Security Manager (CISM) Download Full Version : http://killexams.com/pass4sure/exam-detail/cism required based on preliminary forensic investigation, but doing so as
More informationKNOPPIX Bootable CD Validation Study for Live Forensic Preview of Suspects Computer
KNOPPIX Bootable CD Validation Study for Live Forensic Preview of Suspects Computer By: Ernest Baca www.linux-forensics.com ebaca@linux-forensics.com Page 1 of 18 Introduction I have recently become very
More informationTHINGS YOU NEED TO KNOW BEFORE DELVING INTO THE WORLD OF DIGITAL EVIDENCE. Roland Bastin Partner Risk Advisory Deloitte
Inside magazine issue 16 Part 03 - From a risk and cyber perspective perspective Roland Bastin Partner Risk Advisory Deloitte Gunnar Mortier Senior Manager Risk Advisory Deloitte THINGS YOU NEED TO KNOW
More informationThe UNIX file system! A gentle introduction"
ISA 785 Research in Digital Forensics The UNIX file system! A gentle introduction" ISA 785! Angelos Stavrou, George Mason University! File System Basics 2! Readings from the Textbook! Unix / EXT3! FAT/NTFS!
More informationPreservation, Retrieval & Production. Electronic Evidence: Tips, Tactics & Technology. Issues
Electronic Evidence: Preservation, Retrieval & Production Issues Tips, Tactics & Technology April 19, 2004 Discussion Outline 21 st Century Discovery E-Evidence Uncovered Preservation / Spoliation Computer
More informationDIS10.3:CYBER FORENSICS AND INVESTIGATION
DIS10.3:CYBER FORENSICS AND INVESTIGATION ABOUT DIS Why choose Us. Data and internet security council is the worlds top most information security certification body. Our uniquely designed course for information
More informationProduct Questions: 486 Version: 12.0
Vendor: Eccouncil Exam Code: 312-49 Exam Name: Computer Hacking Forensic Investigator Exam v9 Version: DEMO Question: 1 Product Questions: 486 Version: 12.0 This organization maintains a database of hash
More informationJanuary 17, 2013 CLE 1 General Credit Presented to: Association of Corporate Counsel
January 17, 2013 CLE 1 General Credit Presented to: Association of Corporate Counsel Current Sources for Collection & Forensics Laptops, Desktops, Tablets Virtual Machines Cell Phones Network Shares CDs/DVD,
More informationCOMPUTER FORENSICS (CFRS)
Computer Forensics (CFRS) 1 COMPUTER FORENSICS (CFRS) 500 Level Courses CFRS 500: Introduction to Forensic Technology and Analysis. 3 credits. Presents an overview of technologies of interest to forensics
More informationIncident Response Services
Services Enhanced with Supervised Machine Learning and Human Intelligence Empowering clients to stay one step ahead of the adversary. Secureworks helps clients enable intelligent actions to outsmart and
More information11 th National Investigations Symposium
11 th National Investigations Symposium Making the most of electronic data How Computer Forensics can assist investigations 10 November 2016 David Sinden Electronic Evidence Specialist Introduction 10
More informationForensic Analysis Approach Based on Metadata and Hash Values for Digital Objects in the Cloud
Forensic Analysis Approach Based on Metadata and Hash Values for Digital Objects in the Cloud Ezz El-Din Hemdan 1, Manjaiah D.H 2 Research Scholar, Department of Computer Science, Mangalore University,
More informationDiscovery Attender. Version 2.2. White Paper. Discovery Attender is a member of the Attender Utilities family.
Discovery Attender Version 2.2 White Paper Discovery Attender is a member of the Attender Utilities family Table of Contents Introduction...3 Benefits...4 Product Overview...5 FAQ...8 Product History...12
More information