When digital evidence is encountered during an investigation, many questions arise: What is the best method to preserve the evidence? How should the evidence be handled? How should valuable or potentially relevant data contained be preserved? The key to answering these questions begins with a firm understanding of the characteristics of digital evidence. Organizations comprised of digital forensics experts such as National Institute of Standards and Technology (NIST), the National Institute of Justice (NIJ), and Scientific Working Group for Digital Evidence (SWGDE) have published guides for ensuring quality and consistency within the forensic community. IRIS LLC has updated our Digital Evidence Toolbox with the newest Standards and Best Practices from SWGDE along with other free tools and resources for the legal professional.
Be proactive and know what the crooks need to rip you off. Identify vulnerable points and take measures to protect yourself against identity theft. An ounce of prevention is worth a pound of cure. You lock your door, why not your mail box? But why stop there? What about your email box and all the devices and vulnerable points in-between. Read Full Article>
“3 things you can do to prevent a ransomware attack” 1. Never open any attachment from ANY e-mail unless you are 100% sure it is legitimate and from a source that you trust (there are examples where an e-mail may come from someone you trust but that does not mean that they don’t have the virus and the attacker is using their PC to spread the malicious code). PLEASE always ensure the attachment is NOT a ZIP, EXE or other executable code. There are some instances where a .doc is followed by a .zip (BE CAREFUL). There are very common ones which are from USPS, UPS, FedEx, Etc… all stating to have your package tracking information. 2. Don’t search websites or visit links that you are not familiar with. We have seen where clients have clicked on a picture in Facebook and received a virus. 3. VERY IMPORTANT. Always make sure you have a good backup of your server and data. This is however not the magic answer because if your server gets hit with Ransomware it may also encrypt your backup drive thus rendering it useless. The SOLUTION to this issue is to always ensure that you have a backup drive that you take off-site for the recovery of your data. You are the only one who can ensure that if you are hit with Ransomware that you have the proper backup off-site and that the backup is current. We hope you never have to deal with Ransomware, but if you are prepared the damage can be very minimal without paying the requested ransom. Have questions or need help, our team at I.R.I.S. LLC consists of experienced, computer forensic IT experts that can assist [...]
“While it’s sometimes easy to find a person’s social media page by their name, finding a page which a user has created under a different name or alias - making sure you have the correct page as well as assuring that you have captured all the data in accordance with the best practices can be a challenging task.” The approach involves a two step process of first conducting the searches and second preserving the evidence using a forensic approach that captures all the data. The purpose of this article is to provide a consistent, comprehensive approach for searching the internet while following the best practices and ethical standards. See Full Article: Best Practices for Searching Social Media for Evidence
Digital evidence is evidence. It can have real impact on legal proceedings. So just as with physical evidence, it’s essential that law enforcement maintain a clear, documented chain of custody, just as it would for any other physical evidence. From the moment evidence is obtained, a trail must document how it has been handled, by whom, and for what purpose. Read More>
The FBI on Saturday rebutted media reports that San Bernardino County technicians acted without the agency's consent when they reset the password for the Apple iCloud account belonging to one of the shooters involved in the Dec. 2 terror attack at a county facility that killed 14 people. “This is not true,” FBI spokeswoman Laura Eimiller said in a statement released late Saturday night. “FBI investigators worked cooperatively with the county of San Bernardino in order to exploit crucial data contained in the iCloud account associated with a county-issued iPhone that was assigned to the terror suspect, Syed Rizwan Farook.” Apple has refused to give the FBI the tools to unlock Farook’s iPhone, and the battle escalated Friday when the government urged a federal judge to immediately compel the tech giant to comply, arguing that it appears more concerned with marketing strategy than national security. Separately on Friday, federal prosecutors and senior Apple executives also disclosed new details about what transpired privately in the weeks leading up to their very public legal battle, including their previous efforts to access the phone’s content. Apple's fight with the FBI Apple said that in early January it provided four alternatives to access data from the iPhone besides the controversial method the FBI is now proposing. But one of the most encouraging options was ruled out after the phone’s owner – Farook’s employer, the San Bernardino County Public Health Department – reset the password to his iCloud account in order to access data from the backup, according to Apple officials. That means the iCloud password on the iPhone itself is now wrong, and it won’t back up unless someone can get past the phone’s passcode and change it. The issue was [...]
Reversing course, a key congressman said lawmakers will need to step into the debate over encryption vs. privacy after Apple said it would oppose a court order demanding it help the FBI hack a spree killer’s cell phone. Rep. Adam Schiff (D-California) had previously said a legislative approach to the encryption debate was not feasible. But in a statement Wednesday, Schiff said the questions posed by the Apple case “will ultimately need to be resolved by Congress, the administration and industry, rather than the courts alone,” according to a Reuters report. Schiff is the top Democrat on the House Intelligence Committee. The iPhone of San Bernardino mass killer Syed Farook remains locked in the FBI’s possession. Farook and his wife Tashfeen Malik allegedly killed 14 people and wounded 21 others at the Inland Regional Center in San Bernardino, Calif., on Dec. 2. Of particular interest to detectives is an 18-minute window in which authorities cannot account for the two killers’ whereabouts. The couple was chased down and killed in a shootout roughly two hours after the massacre. James Comey, director of the FBI, told the Senate Intelligence Committee’s annual Hearing on Worldwide Threats earlier this month that Farook’s work-issued phone remained locked. READ MORE: FBI Struggles to Crack San Bernardino Terrorist’s Encrypted Phone, Two Months Later “We still have one of those killers’ phones that we have not been able to open,” he said. “It’s been over two months, we’re still working on it.” The White House abandoned a push for encryption-access legislation last year, amid outcry from privacy advocates and opposition from industry players, according to Reuters. Reuters also reported that the House Judiciary Committee has scheduled a hearing on encryption for March 1 [...]
Apple will fight a federal judge’s order to help crack the locked iPhone of one of the San Bernardino shooters, the CEO said in a letter to customers Wednesday. The unlocking of the single cell phone would involve new software that would create a “master key, capable of opening hundreds of millions of locks,” essentially forming new cybersecurity problems, according to Tim Cook, Apple CEO. “The U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to be build a backdoor to the iPhone,” Cook said in his statement. “In the wrong hands, this software – which does not exist today – would have the potential to unlock any iPhone in someone’s physical possession.” Of particular interest to detectives is a window of approximately 18 minutes, in which, authorities cannot account for the two killers’ whereabouts. The couple was chased down and killed in a shootout roughly two hours after they allegedly killed 14 people and wounded 21 others at the Inland Regional Center in San Bernardino, Calif., on Dec. 2. James Comey, director of the FBI, told the Senate Intelligence Committee's annual Hearing on Worldwide Threats last week that Bureau experts had been unable to crack open the Farook phone. Source: Apple Rejects Court Order for 'Master Key' into San Bernardino Shooter’s iPhone