Computer Forensics

/Computer Forensics

Is Your Mobile Device Lost, Locked or Damaged?

  Forensic investigators should routinely determine if backup files exist during their initial case assessment.  A backup file is a like a snapshot of the devices memory in time.  It is an excellent alternative to a lost or locked device or when other forensic procedures cannot recover the data.  A backup may be found in the cloud or may be stored on a computer or mobile device.  It would require the user’s credentials or a forensic acquisition of the device it was stored in.  Attempts to restore a backup without the proper training could result in the contamination and permanent loss of data.  A backup file is also a good alternative when faced with a locked device with an unknown pass code. However, advances in technology allow examiners to overcome more locked devices than ever before.  Because of the rapid pace of technology, the forensic community lags behind.  New tools are created regularly so reviewing the latest forensic capabilities periodically is recommended. Damaged devices can often be accessed after making only minor repairs, more often than not.  For example, the simple and inexpensive process of replacing a broken screen may be the only thing preventing the examiner from accessing the device.  Water damage can also be easily mitigated, but requires the investigator to follow a recently updated standard procedure.  Depending on the device and the current state of the devices power certain actions should be taken.  See the iPhone Collection Flowchart and the Android Collection Flowchart.

ICYMI: CT Man Jailed for 17 Years, Exonerated Thanks to Digital Evidence

A New Haven, CT man who served 17 years in prison for murder and robbery was freed back on April 25, 2018 after he was exonerated by cellphone records. Read Article The digital evidence is out there to save more lives, but defense teams may not be as educated as the prosecution, who have access to state labs, as to what to look for, where to look for, and how to obtain all the necessary digital evidence needed to prevent or exonerate wrongful convictions. For further information see: Digital Evidence Case Assessment Method Digital Evidence Innocence Initiative

NEW!!! Digital Evidence Case Assessment Method (DECAM) White Paper

FROM COLLECTION TO THE COURTROOM: DIGITAL EVIDENCE A NEW Standardized Method for Investigators and Attorneys IRIS LLC is proud to announce the creation of the first standardized Digital Evidence Case Assessment Method (DECAM) for indigent defense organizations.  Developed for the defense community to reduce pre-trial incarceration and prevent future wrongful convictions in cases involving digital evidence. Click here to read the New DECAM White Paper  

2019-09-19T15:19:49-04:00May 20th, 2019|Categories: Cell Phone Forensics, Computer Forensics, Investigations, Location Data, Social Media, Standards-Best Practices, Training, Uncategorized|Comments Off on NEW!!! Digital Evidence Case Assessment Method (DECAM) White Paper

Updated Standards and Best Practice Guides in IRIS Digital Evidence Toolbox

When digital evidence is encountered during an investigation, many questions arise: What is the best method to preserve the evidence? How should the evidence be handled? How should valuable or potentially relevant data contained be preserved? The key to answering these questions begins with a firm understanding of the characteristics of digital evidence. Updated standards can be found in our Digital Evidence Toolbox at https://www.irisinvestigations.com/iris-digital-evidence-toolbox/

2019-09-19T16:11:54-04:00July 25th, 2018|Categories: Cell Phone Forensics, Computer Forensics, Crime Scene Examination, Investigations, Standards-Best Practices|Comments Off on Updated Standards and Best Practice Guides in IRIS Digital Evidence Toolbox

The Best Data Security and Identity Theft Prevention Methods for 2018

Learn how to take a proactive approach to data security and prevent becoming a victim in the first place. READ THE ARTICLE: The best data security and id theft protection for 2018

Hackers sought a $23,000 ransom after freezing a N.C. county’s website. They’re not getting it.

A county employee in North Carolina on Monday opened their inbox and clicked on a phishing email, inadvertently pulling up an attachment containing spyware and appearing to expose the county's computer system to hackers overseas.  The hackers, believed to be operating from Iran or Ukraine, asked the county for $23,000 to unfreeze the system, Mecklenburg County officials said. They gave the county an email address and instructions on how to pay the ransom.  They also gave the county a deadline — 1 p.m. Wednesday. READ THE FULL CHICAGO TRIBUNE ARTICLE HERE>

2019-09-19T14:15:27-04:00December 11th, 2017|Categories: Computer Forensics, Investigations|Tags: , , , |Comments Off on Hackers sought a $23,000 ransom after freezing a N.C. county’s website. They’re not getting it.

Best Practices for Searching Social Media for Evidence

Researching the online publicly available presence of potential parties, witnesses, the scene, even your own client should be a routine practice.  It should follow the best practices, begin as soon as possible, be fully documented and be regularly monitored. Read the full article here>

2019-09-19T14:06:29-04:00December 5th, 2017|Categories: Computer Forensics, Investigations|Tags: , , |Comments Off on Best Practices for Searching Social Media for Evidence

FBI rebuts reports that county reset San Bernardino shooter’s iCloud password without consent

The FBI on Saturday rebutted media reports that San Bernardino County technicians acted without the agency's consent when they reset the password for the Apple iCloud account belonging to one of the shooters involved in the Dec. 2 terror attack at a county facility that killed 14 people. Read the full LA Times Article here>

2019-06-28T13:14:23-04:00February 22nd, 2016|Categories: Cell Phone Forensics, Computer Forensics|Tags: , , , , , , |Comments Off on FBI rebuts reports that county reset San Bernardino shooter’s iCloud password without consent

Congress to Consider Encryption after Apple Refuses to Build ‘Backdoor’

Reversing course, a key congressman said lawmakers will need to step into the debate over encryption vs. privacy after Apple said it would oppose a court order demanding it help the FBI hack a spree killer's cell phone. Read the full article here>

2019-06-28T13:18:35-04:00February 22nd, 2016|Categories: Cell Phone Forensics, Computer Forensics|Tags: , , , , , |Comments Off on Congress to Consider Encryption after Apple Refuses to Build ‘Backdoor’