Attribution is a major goal and log files can record which account was used to access a system at a given time. User accounts allow two forms of access to computers interactive login and access to shared resources. Both forms of access can significantly expand the pool of suspects in an investigation. If illegal materials are found on a computer, individuals with legitimate access to the computer are the obvious suspects. However, there is the possibility that someone gained unauthorized access to the computer and stored illegal materials on the disk. Similarly, if secret information is stolen from a computer ...
Read more
There are two main forms of data recovery in FAT and NTFS file systems: recovering deleted data from unallocated space and recovering data from slack space. WINDOWS BASED RECOVERY TOOLS EnCase, FTK, and X-Ways UNIX BASED RECOVERY TOOLS Sleuth Kit and SMART FILE CARVING WITH WINDOWS Forensic tools such as EnCase, FTK, and X-Ways have file carving functionality and can be configured with user-defined file headers and footers. In addition, specialized file carving tools such as DataLifter (Figure 17.9) can recover many types of files including graphics, word processing, and executable files. Some of these tools can extract images from ...
Read more
The simplest Windows file systems to understand are the FAT (file allocation table) file systems: FAT12, FAT16, and FAT32. Although relatively old, FAT file systems are still used on many storage systems such as removable storage media in digital cameras and mobile devices. Given their widespread use and simple structure, FAT file systems are a good starting point for forensic analysts to understand file systems and recovery of deleted data. It is also important to understand the fundamentals of NTFS, which is more complex than FAT and has substantially different structures. FAT A FAT formatted volume uses directories and ...
Read more
INTRODUCTION Powerful commercial forensic tools have been developed to facilitate the forensic examination of Windows systems. In addition to being familiar with the tools and techniques for acquiring and examining digital evidence from a computer running Microsoft Windows, digital investigators should develop a familiarity with the underlying operating systems, files systems, and applications. Individuals who attempt to dabble in digital forensics without this underlying knowledge risk making fundamental mistakes that harm not only the case at hand but also the forensic discipline as a whole. Understanding file systems helps appreciate how information is arranged, giving insight into where it can ...
Read more
Digital evidence examiners extract valuable bits from large masses of data and present them in ways that decision makers can comprehend. Flaws in the underlying material or the way it is processed reduce the value of the final product. Digital investigators often perform all of the requisite tasks from collecting, documenting, and preserving digital evidence to extracting useful data and combining them to create an increasingly clearer picture of the crime as a whole. Digital investigators need a methodology to help them perform all of these tasks properly, find the scientific truth, and ultimately have the evidence admitted in court. ...
Read more
Many kinds of files have a distinctive structure that was designed by software developers or standards bodies, and that can be useful for classifying and salvaging(Retrieve or preserve) data fragments. For instance, a graphics file format such as JPEG has a completely different structure from Microsoft Word documents, starting with the first few bytes at the beginning of the file (the “header”), continuing into the locations where data are stored in the main body of the file, and terminating with a few distinctive bytes at the end of the file (the “footer”). The headers and footers for some common file ...
Read more
Cyberstalking is the use of the Internet or other electronic means to stalk or harass an individual, a group of individuals, or an organization. HOW VICTIMS ARE STALKED? false accusations making threats identity theft the solicitation of minors for sex monitoring TYPES OF STALKERS Vindicative Cyberstalkers: They are noted for the ferocity of their attacks. Composed Cyberstalkers: Their only motive is to annoy Intimate Cyberstalkers: They’re attept is to form a relationship with the victim but turns on them if rebuffed Collective Cyberstalkers: Groups with motive. HOW DO CYBERSTALKERS MEET THEIR TARGETS? search engines online forums chat rooms online communities ...
Read more
PHYSICAL MODEL STAIRCASE MODEL The goal of any investigation is to uncover and present the truth. Digital investigations inevitably vary depending on technical factors such as the type of computing or communications device, whether the investigation is in a criminal, civil, commercial, military, or other context, and case-based factors such as the specific claims to be investigated. The most common steps for conducting a complete and competent digital investigation are: Preparation, Survey / Identification, Preservation, Examination and Analysis, Presentation APPLYING THE SCIENTIFIC METHOD IN DIGITAL INVESTIGATIONS The scientific method provides such a simple, flexible methodology. The scientific method begins ...
Read more
Courts need to determine whether evidence is “safe” to put before a jury and will help provide a solid foundation for making a decision in the case. In practice, admissibility is a set of legal tests carried out by a judge to assess an item of evidence. This assessment process can become complicated, particularly when the evidence was not handled properly or has traits that make it less reliable or more prejudicial. Some jurisdictions have rules relating to admissibility that are formal and sometimes inflexible, while other jurisdictions give judges more discretion. In this case, both parties offered copies of ...
Read more
INTRODUCTION In general terms, experts have a duty to present the objective, unbiased truth of the matter before the court. It is not their role to advocate for one side; that burden is on the attorneys. The UK Criminal Procedure Rules (CPR) specifically address this issue with the following statements: 1. An expert must help the court to achieve the overriding objective by giving objective, unbiased opinion on matters within his expertise. 2. This duty overrides any obligation to the person from whom he receives instructions or by whom he is paid. 3. This duty includes an obligation to inform ...
Read more