Forensic investigators should routinely determine if backup files exist during their initial case assessment. A backup file is a like a snapshot of the devices memory in time. It is an excellent alternative to a lost or locked device or when other forensic procedures cannot recover the data. A backup may be found in the cloud or may be stored on a computer or mobile device. It would require the user’s credentials or a forensic acquisition of the device it was stored in. Attempts to restore a backup without the proper training could result in the contamination and permanent loss of data. A backup file is also a good alternative when faced with a locked device with an unknown pass code. However, advances in technology allow examiners to overcome more locked devices than ever before. Because of the rapid pace of technology, the forensic community lags behind. New tools are created regularly so reviewing the latest forensic capabilities periodically is recommended. Damaged devices can often be accessed after making only minor repairs, more often than not. For example, the simple and inexpensive process of replacing a broken screen may be the only thing preventing the examiner from accessing the device. Water damage can also be easily mitigated, but requires the investigator to follow a recently updated standard procedure. Depending on the device and the current state of the devices power certain actions should be taken. See the iPhone Collection Flowchart and the Android Collection Flowchart.
A New Haven, CT man who served 17 years in prison for murder and robbery was freed back on April 25, 2018 after he was exonerated by cellphone records. Read Article The digital evidence is out there to save more lives, but defense teams may not be as educated as the prosecution, who have access to state labs, as to what to look for, where to look for, and how to obtain all the necessary digital evidence needed to prevent or exonerate wrongful convictions. For further information see: Digital Evidence Case Assessment Method Digital Evidence Innocence Initiative
Location data from cellular service provider records can be key evidence in a case. Cell-site information from call detail records can place a person in a general are but are not very accurate. Cellular service providers have more accurate location data known as Per Call Measurement Data (PCMD). See Full Article> Advanced Cell-Site Analysis Using PCMD
In our earlier post on this topic, Best Practices for Searching Social Media for Evidence, we described a universal approach for searching the internet to locate and identify social media evidence. In this article we will discuss the best practices for preserving social media evidence, the rules of evidence that apply and steps that can be taken to overcome anticipated admissibility issues. Read the Full Article>
A Bridgeport man, who spent nine and a half months in prison after a woman claimed he raped her in a Stratford motel, was found not guilty of the charges. Mr. Joseph’s defense team reported that the cell phone evidence recovered by IRIS LLC was a crucial part of the defense. When IRIS LLC initially received Mr. Joseph's phone it was heavily damaged and not operational, but we were able to repair the phone so that the text message evidence could be successfully extracted and provided to the defense team. Read the Full Article>
New Investigation Yields Critical Evidence: In our assessment of the credibility of the State's star witness, Gregory Coleman, it was a simple matter of conducting due diligence. READ THE FULL HARTFORD COURANT ARTICLE HERE
Researching the online publicly available presence of potential parties, witnesses, the scene, even your own client should be a routine practice. It should follow the best practices, begin as soon as possible, be fully documented and be regularly monitored. Read the full article here>