Friday, 26 February 2016

What is “Cellular Forensics” anyway?

So, what exactly is Cellular Forensics anyway? Well, forensics means “tests and techniques used in connection with the detection of crime.” Cellular? Every ones knows that deals with mobile phones and their technology.

Cellular forensics can also be referred to as Mobile forensics. So, when someone says Cellular forensics there are describing “the utilization of technology (software, hardware, techniques) that enables an examiner to secure, acquire, document and present the data found in a mobile phone.”

What good is Cellular Forensics? As some people say – you are what you click – and a cell phone tells a bunch about a person. Contacts, WhatsApp messages, Photos, location, SMSs and call history are just a few of the tell-all items in your phone. Imagine an employee sharing company secrets with the competition or a married man messaging his secret lover on WhatsApp… the information on their phone can be very damaging and valuable.

So, is this like your favourite show, CSI Miami? No not really! There is no one piece of hardware or software that can be used for the thousands of models of phones out there. But cellular forensic experts, like the professionals at DLA certainly know how to get their hands on the data on your cellphone that you thought was long gone!

Cellular forensics is like archaeology: you dig and dig using whatever proven tools you can find, and sometimes you crack the nut and other times you come away exhausted with little to show for your efforts.

Cellular Forensics today is not really a brand new field, however as our cell phones get more and more advanced, our methods need to be too.

Tuesday, 16 February 2016

What to do if a computer in your business contains important evidence

First of all – STOP using the computer or device! Any use of this may damage or taint any evidence present. If the suspected computer is turned off, then leave it off.

If the computer or device is on, do not go through the normal “Shut Down” process… rather call the digital forensic experts first.

Do not allow your internal IT staff to conduct a preliminary investigation.

It is important to recognise that all you have initially is information and data, not actual evidence. Unless your IT staff is certified in computer forensics and trained on evidentiary procedures (very few are), they most likely have not followed other accepted evidence techniques. 

Another thing to keep in mind is that even if proper evidence handling techniques have been used, the collection process itself has most likely changed or altered the data collected. By opening, printing and saving files, the meta-data is changed! Lastly, the simple act of just turning on the computer changes files, caches, which along with the alteration of the meta-data, may have seriously damaged or destroyed any evidence that was present.

Depending on the damage done, a skilled computer forensic specialist may be able to salvage the damaged evidence. This however, can be an arduous and time-consuming process which often costs several times more than it should. However, it is always important to bear in mind that it is not always possible to restore evidence from computers that have been mishandled.

Keep a detailed log of who had access, what was done and where the computer has been stored since the dates in question.

Computer forensics may be an unknown and mysterious discipline to many, but it is easy to avoid the most common mistakes by following the guidelines outlined! Only use certified digital forensic experts, such as the professionals from DLA, contact them today and get the job done right.