6 essential computer forensic tips

Cybercrime is becoming even more of a concern, which makes computer forensics a growing science. The worst thing a business can do when digital forensic professionals are working is to proceed carelessly. That is why it is vital to keep these tips in mind when a computer is being investigated on your watch.

1. A computer is a crime scene, and it needs to be treated as such. All investigation activity needs to be logged and all the equipment inventoried.

2. The machine should be isolated from the network.

3. Investigators should almost never work with the original hard disk or media or any original files. Rare exceptions to this rule include situations when turning off the computer will destroy evidence. But most often, examiners should make copies—and not just any copies, but forensically sound ones. Just backing up a drive, for example, will not transfer slack space and deleted files that need to be searched.

4. Don’t violate the chain of custody. If evidence is to be used in a legal case, it must be clearly established what the evidence is, where the evidence was, and what was done to it at all times. If there’s any suspicion that the evidence was tampered with or altered, then you may be left without a case.

5. Don’t be in a fixed frame of mind. No two investigations are alike. Because of this, investigators use training and experience to narrow the scope of an investigation.

6. Don’t digress. Remember that the point of an investigation is to determine three things: whether a violation took place, the exact sequence of events that took place, and finally, who was responsible.

In this day and age, businesses are all too vulnerable to high tech crimes. Whether the computers are used to commit felonies or simply to violate company policy – businesses can be embarrassed, inconvenienced and even shut down. If you are ever in this situation, contact the digital forensic experts at DLA!

3 important reasons why you need a digital forensic examiner

I bet you haven’t seen the top 3 reasons you need to hire a digital forensic investigator!  Not to be outdone, we’ll try to keep it to only five:

1)  Data is everywhere

Think about all the digital devices you own and use.  Chances are, you probably use your handheld portable device in the morning, transition to laptop/desktop computer during work hours, then go back to mobile with heavy use of tablets during the evening hours (probably because you and your partner don’t want to watch the same TV shows).

So the bottom line is, virtually everything you do during the day will involve a digital device on some level and leave a digital footprint.  That data is stored on those devices and if you’re involved in some sort of dispute, accident, encounter, etc. that may lead to legal action down the road, you’re going to want a trained digital forensic expert to acquire, analyse and report that data for you. 

2)  Data breaches affect everyone

In the past year or so, there have been dozens of high-profile data breaches occur in the private commercial and government sectors.  For everyday consumers like us, it means that our personal information could be shared with unsavoury types, so whether you’re hiring a digital forensic examiner yourself or your bank is hiring one to help find out what happened and by whom, it does affect you.

3)  Chances are, you’ll be involved in litigation at some point

Not all legal matters are contested, but when they are, you want the data to show the truth.  And if you believe #1 (data is everywhere), the likelihood that you will not only be involved in some sort of contested litigation, but that the litigation will likely involve retrieving & reporting data that is critical to your case in a verifiable, forensically sound manner is very real.  From divorces to child custody to distracted driving personal injury to criminal cases, the universal nature of the devices we carry and the data they store cannot be denied.

So there’s the list.  If nothing else, we hope this serves to educate just some of the reasons why you may need a digital forensic examiner on speed-dial.  Is a digital forensic examiner someone you need every day?  No.  But much like your car mechanic, your exterminator and your lawyer, you sure want to know how to contact a good one when the time comes! Contact DLA Digital Forensics today – we can’t wait to be of service to you.

Here’s how digital forensics can help solve personal injury cases

If society has learned one thing over the past several years since the introduction of the smart phone, it’s that data is everywhere. Long gone are the days when data was mostly on your home PC or laptop computer. 

Now, everyone carries a microcomputer in their pocket, tracking their every move. Even better, it’s equipped with a camera capable of taking pictures and video in high-definition and a microphone for recording audio along with video or as a stand-alone feature. Smart phones are documenting machines. If they weren’t, companies wouldn’t seek to have you put apps on them to be able to market products to you. They document not for safety or security, but to make big data companies and retailers lots and lots of money.

But this fact has an ancillary benefit for the professionals in digital forensics. It means that the micro-computer that is tracking your moves in order to market certain products to you also stores valuable evidence for use in investigation and litigation. SMS and WhatsApp messages, pictures, videos, notes, voicemail, call logs, web history and more are all extremely valuable pieces of evidence that may be obtained from smart phones.

If you’ve never thought about it before, think now about how much you use your smart phone and what you use it for. Then, think about all the high-tech tracking devices it has installed in it -- GPS, cellular antennas, wireless internet antennas and Bluetooth. All of these things leave a digital trace in the form of metadata on your device and can be retrieved by most mobile forensic tools and analysed and reported by a competent examiner. It’s a digital mountain of information that most users can’t access or even realize is present on their device… All you have to do is ask for it!

So, now that you know what is accessible on the device, how can you use it to benefit your case? First, it’s important to realize that the “CSI Effect” is an actual phenomenon. To believe that we can extract data that will be the smoking gun in your case is (mostly) not realistic. However, if you take the totality of the circumstances in your case, to include the digital forensic findings, the data that we can retrieve may very well paint a much clearer picture of what was going on in your case.

The best example in personal injury cases is texting-while-driving, which is a big deal in motor vehicle crash personal injury cases these days. Most personal injury attorneys would love to have proof that the opposing party was texting at the moment of the collision. Unfortunately, that’s probably not realistic.

However, what we can show is the activity leading up to that collision. For example, if the opposing party was on their way home from work and we know this to be a 20 minute commute and the collision happened 7 minutes into the drive, that’s one piece of the puzzle. If they were involved in a text conversation prior to and during that 7 minutes directly leading up to the collision, that’s another piece.

If they were also searching for places to order pizza on their mobile internet for when they got home, that’s yet another piece. All of these instances are recorded on the device with dates and times and sometimes, specific location. In the case of Facebook Messenger, messages that are sent routinely have the geo-location (latitude & longitude) of where the person was when the message was sent, providing a message-by-message diagram of where they were, proving that they were in fact texting-while-driving directly prior to that collision. What’s even better, this information can’t be deleted or altered by most end-users.

Texting-while-driving is probably the most universally understood example of the value of digital forensics in personal injury cases, but it’s just one example. The overall point is, if you have any evidence that a mobile device was involved in the injury of another, it pays to call a digital forensic consultant as soon as you know, such as DLA Digital Forensics today! It’s best for the client, it’s best for you and it helps everyone get on with their lives much quicker in the wake of what may have been a tragic accident.

The Apple vs. FBI congressional hearing

For two weeks, there has been a heated debate over the Apple vs. FBI debacle, and the two sides of the argument have stated their cases before the House Judiciary Committee at a hearing called "The Encryption Tightrope: Balancing Americans' Security and Privacy."

On one side, the FBI wants to force Apple to help them get into the iPhone of San Bernardino shooter Syed Farook; on the other side, Apple wants to maintain the security integrity of its devices and not set a precedent of the government forcing tech companies to develop workarounds to encryption.

The hearing took place in Washington DC. If you're interested in watching the testimony, you can watch the live video right here:

https://www.youtube.com/watch?v=g1GgnbN9oNw

Digital Forensics (cellular & computer based) requires much more than some well-developed software that can be purchased over the internet. It requires a thorough understanding of investigative process, the law of evidence and of naturally the appropriate background to criminal and civil investigations.

DLA is based in Cape Town and combines the experience of two seasoned investigators with both criminal and civil backgrounds with the latest technologies to achieve the results that you require - contact DLA today!

What is “Cellular Forensics” anyway?

So, what exactly is Cellular Forensics anyway? Well, forensics means “tests and techniques used in connection with the detection of crime.” Cellular? Every ones knows that deals with mobile phones and their technology.

Cellular forensics can also be referred to as Mobile forensics. So, when someone says Cellular forensics there are describing “the utilization of technology (software, hardware, techniques) that enables an examiner to secure, acquire, document and present the data found in a mobile phone.”

What good is Cellular Forensics? As some people say – you are what you click – and a cell phone tells a bunch about a person. Contacts, WhatsApp messages, Photos, location, SMSs and call history are just a few of the tell-all items in your phone. Imagine an employee sharing company secrets with the competition or a married man messaging his secret lover on WhatsApp… the information on their phone can be very damaging and valuable.

So, is this like your favourite show, CSI Miami? No not really! There is no one piece of hardware or software that can be used for the thousands of models of phones out there. But cellular forensic experts, like the professionals at DLA certainly know how to get their hands on the data on your cellphone that you thought was long gone!

Cellular forensics is like archaeology: you dig and dig using whatever proven tools you can find, and sometimes you crack the nut and other times you come away exhausted with little to show for your efforts.

Cellular Forensics today is not really a brand new field, however as our cell phones get more and more advanced, our methods need to be too.

What to do if a computer in your business contains important evidence

First of all – STOP using the computer or device! Any use of this may damage or taint any evidence present. If the suspected computer is turned off, then leave it off.

If the computer or device is on, do not go through the normal “Shut Down” process… rather call the digital forensic experts first.

Do not allow your internal IT staff to conduct a preliminary investigation.

It is important to recognise that all you have initially is information and data, not actual evidence. Unless your IT staff is certified in computer forensics and trained on evidentiary procedures (very few are), they most likely have not followed other accepted evidence techniques. 

Another thing to keep in mind is that even if proper evidence handling techniques have been used, the collection process itself has most likely changed or altered the data collected. By opening, printing and saving files, the meta-data is changed! Lastly, the simple act of just turning on the computer changes files, caches, which along with the alteration of the meta-data, may have seriously damaged or destroyed any evidence that was present.

Depending on the damage done, a skilled computer forensic specialist may be able to salvage the damaged evidence. This however, can be an arduous and time-consuming process which often costs several times more than it should. However, it is always important to bear in mind that it is not always possible to restore evidence from computers that have been mishandled.

Keep a detailed log of who had access, what was done and where the computer has been stored since the dates in question.

Computer forensics may be an unknown and mysterious discipline to many, but it is easy to avoid the most common mistakes by following the guidelines outlined! Only use certified digital forensic experts, such as the professionals from DLA, contact them today and get the job done right.

Be careful what you text!

Couples who may be heading toward a nasty break-up should always be extra careful when they send SMSs or WhatsApp messages. These messages could end up as evidence against them in divorce court!

In the past years, because of advances in digital forensics, there has been a huge spike in the number of cases using evidence from iPhones and other smartphones.

With emails, you can always think about what you’re writing and rewrite them. There is a windows of opportunity to rethink what you are saying, however with instant messaging, it is immediate. Many people send out messages without even thinking.

This is described as “spontaneous venting” and it can come back to haunt you! These instant messages can be recovered at a later stage to reveal your thoughts, actions and intentions.

SMSs, WhatsApp messages and other instant messages have been the most common form of divorce evidence taken from smartphones, followed by emails, phone numbers, call history, GPS and internet search histories.

Divorce lawyers advise their clients not to use Facebook to send messages or post inappropriate statuses, as it is the main source of divorce evidence from social media. However, only about half the couples actually follow their advice.

Anything that is in writing, you have to assume that someday a judge is going to see it. So, if it is not something that you don’t want a judge to see – don’t write it down!

You can always erase your messages, but that doesn’t mean they erase theirs.

With the latest tools and forensic software, the digital investigators at DLA are able to assist investigators and attorneys from their Cape Town offices on a national basis.

At DLA, it is possible to forensically acquire material from basic handsets to the latest smartphones, from all mobile and cell phone manufacturers using a range of advanced forensic and data recovery techniques.