6 essential computer forensic tips

Cybercrime is becoming even more of a concern, which makes computer forensics a growing science. The worst thing a business can do when digital forensic professionals are working is to proceed carelessly. That is why it is vital to keep these tips in mind when a computer is being investigated on your watch.

1. A computer is a crime scene, and it needs to be treated as such. All investigation activity needs to be logged and all the equipment inventoried.

2. The machine should be isolated from the network.

3. Investigators should almost never work with the original hard disk or media or any original files. Rare exceptions to this rule include situations when turning off the computer will destroy evidence. But most often, examiners should make copies—and not just any copies, but forensically sound ones. Just backing up a drive, for example, will not transfer slack space and deleted files that need to be searched.

4. Don’t violate the chain of custody. If evidence is to be used in a legal case, it must be clearly established what the evidence is, where the evidence was, and what was done to it at all times. If there’s any suspicion that the evidence was tampered with or altered, then you may be left without a case.

5. Don’t be in a fixed frame of mind. No two investigations are alike. Because of this, investigators use training and experience to narrow the scope of an investigation.

6. Don’t digress. Remember that the point of an investigation is to determine three things: whether a violation took place, the exact sequence of events that took place, and finally, who was responsible.

In this day and age, businesses are all too vulnerable to high tech crimes. Whether the computers are used to commit felonies or simply to violate company policy – businesses can be embarrassed, inconvenienced and even shut down. If you are ever in this situation, contact the digital forensic experts at DLA!

3 important reasons why you need a digital forensic examiner

I bet you haven’t seen the top 3 reasons you need to hire a digital forensic investigator!  Not to be outdone, we’ll try to keep it to only five:

1)  Data is everywhere

Think about all the digital devices you own and use.  Chances are, you probably use your handheld portable device in the morning, transition to laptop/desktop computer during work hours, then go back to mobile with heavy use of tablets during the evening hours (probably because you and your partner don’t want to watch the same TV shows).

So the bottom line is, virtually everything you do during the day will involve a digital device on some level and leave a digital footprint.  That data is stored on those devices and if you’re involved in some sort of dispute, accident, encounter, etc. that may lead to legal action down the road, you’re going to want a trained digital forensic expert to acquire, analyse and report that data for you. 

2)  Data breaches affect everyone

In the past year or so, there have been dozens of high-profile data breaches occur in the private commercial and government sectors.  For everyday consumers like us, it means that our personal information could be shared with unsavoury types, so whether you’re hiring a digital forensic examiner yourself or your bank is hiring one to help find out what happened and by whom, it does affect you.

3)  Chances are, you’ll be involved in litigation at some point

Not all legal matters are contested, but when they are, you want the data to show the truth.  And if you believe #1 (data is everywhere), the likelihood that you will not only be involved in some sort of contested litigation, but that the litigation will likely involve retrieving & reporting data that is critical to your case in a verifiable, forensically sound manner is very real.  From divorces to child custody to distracted driving personal injury to criminal cases, the universal nature of the devices we carry and the data they store cannot be denied.

So there’s the list.  If nothing else, we hope this serves to educate just some of the reasons why you may need a digital forensic examiner on speed-dial.  Is a digital forensic examiner someone you need every day?  No.  But much like your car mechanic, your exterminator and your lawyer, you sure want to know how to contact a good one when the time comes! Contact DLA Digital Forensics today – we can’t wait to be of service to you.

Here’s how digital forensics can help solve personal injury cases

If society has learned one thing over the past several years since the introduction of the smart phone, it’s that data is everywhere. Long gone are the days when data was mostly on your home PC or laptop computer. 

Now, everyone carries a microcomputer in their pocket, tracking their every move. Even better, it’s equipped with a camera capable of taking pictures and video in high-definition and a microphone for recording audio along with video or as a stand-alone feature. Smart phones are documenting machines. If they weren’t, companies wouldn’t seek to have you put apps on them to be able to market products to you. They document not for safety or security, but to make big data companies and retailers lots and lots of money.

But this fact has an ancillary benefit for the professionals in digital forensics. It means that the micro-computer that is tracking your moves in order to market certain products to you also stores valuable evidence for use in investigation and litigation. SMS and WhatsApp messages, pictures, videos, notes, voicemail, call logs, web history and more are all extremely valuable pieces of evidence that may be obtained from smart phones.

If you’ve never thought about it before, think now about how much you use your smart phone and what you use it for. Then, think about all the high-tech tracking devices it has installed in it -- GPS, cellular antennas, wireless internet antennas and Bluetooth. All of these things leave a digital trace in the form of metadata on your device and can be retrieved by most mobile forensic tools and analysed and reported by a competent examiner. It’s a digital mountain of information that most users can’t access or even realize is present on their device… All you have to do is ask for it!

So, now that you know what is accessible on the device, how can you use it to benefit your case? First, it’s important to realize that the “CSI Effect” is an actual phenomenon. To believe that we can extract data that will be the smoking gun in your case is (mostly) not realistic. However, if you take the totality of the circumstances in your case, to include the digital forensic findings, the data that we can retrieve may very well paint a much clearer picture of what was going on in your case.

The best example in personal injury cases is texting-while-driving, which is a big deal in motor vehicle crash personal injury cases these days. Most personal injury attorneys would love to have proof that the opposing party was texting at the moment of the collision. Unfortunately, that’s probably not realistic.

However, what we can show is the activity leading up to that collision. For example, if the opposing party was on their way home from work and we know this to be a 20 minute commute and the collision happened 7 minutes into the drive, that’s one piece of the puzzle. If they were involved in a text conversation prior to and during that 7 minutes directly leading up to the collision, that’s another piece.

If they were also searching for places to order pizza on their mobile internet for when they got home, that’s yet another piece. All of these instances are recorded on the device with dates and times and sometimes, specific location. In the case of Facebook Messenger, messages that are sent routinely have the geo-location (latitude & longitude) of where the person was when the message was sent, providing a message-by-message diagram of where they were, proving that they were in fact texting-while-driving directly prior to that collision. What’s even better, this information can’t be deleted or altered by most end-users.

Texting-while-driving is probably the most universally understood example of the value of digital forensics in personal injury cases, but it’s just one example. The overall point is, if you have any evidence that a mobile device was involved in the injury of another, it pays to call a digital forensic consultant as soon as you know, such as DLA Digital Forensics today! It’s best for the client, it’s best for you and it helps everyone get on with their lives much quicker in the wake of what may have been a tragic accident.

The Apple vs. FBI congressional hearing

For two weeks, there has been a heated debate over the Apple vs. FBI debacle, and the two sides of the argument have stated their cases before the House Judiciary Committee at a hearing called "The Encryption Tightrope: Balancing Americans' Security and Privacy."

On one side, the FBI wants to force Apple to help them get into the iPhone of San Bernardino shooter Syed Farook; on the other side, Apple wants to maintain the security integrity of its devices and not set a precedent of the government forcing tech companies to develop workarounds to encryption.

The hearing took place in Washington DC. If you're interested in watching the testimony, you can watch the live video right here:

https://www.youtube.com/watch?v=g1GgnbN9oNw

Digital Forensics (cellular & computer based) requires much more than some well-developed software that can be purchased over the internet. It requires a thorough understanding of investigative process, the law of evidence and of naturally the appropriate background to criminal and civil investigations.

DLA is based in Cape Town and combines the experience of two seasoned investigators with both criminal and civil backgrounds with the latest technologies to achieve the results that you require - contact DLA today!