You are here: Home / Archives for forensics

Employee Theft Investigations: Intellectually Property Theft and Business Trade Secrets Investigations | Computer Forensics Associates

November 2, 2011 By Leave a Comment

Intellectual property theft and trade secret theft often go unnoticed until an employee is terminated. Suddenly a competitor introduces a new product or process that is virtually identical to yours. By performing a computer forensic investigation on any electronic devices the employee had access to, sufficient evidence can be found to prove theft of intellectual business property and and business trade secrets. This evidence can be used in court to stop the competitor’s use, prosecute the responsible party(s) and win compensatory damages.

Computer Forensic investigations help businesses uncover suspected intellectual property theft, trade secret theft and patent infringement by investigating computers, smart phones, cell phones, hard drives, servers and other data storage devices. Common types of intellectual property include copyrights, trademarks, patents, industrial design rights and trade secrets including but not limited to intangible assets like musical, literary, and artistic works; discoveries and inventions; and words, phrases, symbols, and designs.

Take these steps if you suspect theft of intellectual property by an employee:

  1. Identify all computers, laptops, smart phones,and external devices that may hold potential evidence.
  2. Secure the suspect computers and prevent further use until a forensic image can be collected.
  3. Begin documenting why you suspect IP theft, fraud or patent infringement.
  4. Contact a computer forensics company like Computer Forensics Associates and make arrangements to capture a forensically sound image so you preserve the evidence and prevent tampering or spoliation.

via Employee Theft Investigations: Intellectually Property Theft and Business Trade Secrets Investigations.

Filed Under: From The News Tagged With: , , , , , , , , ,

Jackson Death Trial Showcases iPhone Forensic Capabilities – PR Newswire – sacbee.com

October 11, 2011 By Leave a Comment

“iPhone users would be stunned to learn the amount of recoverable data we can get”, says Mark McLaughlin of Los Angeles based Computer Forensics International. “When you hit delete it doesn’t necessarily mean that message, text or picture is gone forever. You’re just telling the iPhone, don’t show it to me anymore and it flags that deleted data so it can be overwritten. So depending on the activity after the deletion, we may be able to bring it back like it was never deleted.”

DEA Computer Forensics Examiner Stephen Marx testified today in the Michael Jackson Death Trial that he found emails the defendant Dr. Conrad Murray had sent hours before Michael Jackson died on June 25, 2009. Not only did Marx recover critical timeline emails, he also discovered digital medical charts thought to be non-existent. But the key piece of evidence was a damaging audio recording of an impaired Michael Jackson reportedly made by Murray.

Computer forensic examiners like McLaughlin, routinely use very sophisticated software tools, such as EnCase, on civil and criminal cases. They start by first making a copy of the iPhone’s entire memory – which includes active and deleted data. This exact copy doesn’t disturb the original data which makes the examination forensically sound and admissible in court. Then the copy can be searched either visually or by using keywords. The recovered data is ultimately put into known iPhone categories and displayed.

via Jackson Death Trial Showcases iPhone Forensic Capabilities – PR Newswire – sacbee.com.

Filed Under: Tech Bytes Tagged With: , , , , , , , , ,

Digital Forensics and the Law | DigitalForensics-Conference.org

August 16, 2011 By Leave a Comment

Download (PDF, 350.21KB)

DIGITAL CRIME TRENDS
• Identity theft
• Internet fraud
• Financial crime
• Money laundering, gambling
• Hacking, network intrusion
• Theft of intellectual property and piracy
• Robbery
• Child porn
• Homicide, harassment and stalking
• Terrorism

Digital Forensics – The New CSI
• “Just when a scientific principle or
discovery crosses the line between the
experimental and demonstrable stages
is difficult to define. Somewhere in this
twilight zone the evidential force of the
principle must be recognized, and while
courts will go a long way in admitting
expert testimony deduced from a wellrecognized
scientific principle or
discovery, the thing from which the
deduction is made must be sufficiently
established to have gained general
acceptance in the particular field in
which it belongs.” Frye v United States
293 F. 1013 (D.C. Cir. 1923)..

continued at http://www.digitalforensics-conference.org/adfsl2011-presentations/Digital%20Forensics%20and%20the%20Law.pdf

Filed Under: From The News Tagged With: , , , , , , , , ,

The Difference Between Computer Forensics and eDiscovery | ACFE Insights

August 2, 2011 By Leave a Comment

Computer users are familiar with the meaning of used and free space on a HDD. In Microsoft Windows, a drive’s properties are depicted on a pie chart that shows the total disk storage capacity, as well as the used and free space. (See figure.)

In technical lingo, the free space is referred to as “unallocated clusters” while the used space is referred to as “allocated clusters.” In computer file systems, a cluster or allocation unit is the unit of disk space allotted for files and directories.

A simple way to understand the difference between eDiscovery and computer forensics is to think of the HDD allocation model. EDiscovery focuses on data stored in allocated clusters, while computer forensics deals with both allocated and unallocated clusters (i.e., the entire physical drive).

EDiscovery filters out program, temporary and system files, and processes only active user accessible files. This usually involves Microsoft or other Office Suite files (e.g., documents, spreadsheets, presentations, databases, PDFs, etc.) and emails. These types of files are then processed in an eDiscovery engine, where they are indexed and catalogued, and then usually loaded into a Litigation Support Platform (software designed to aid law firms in the process of document reviews in litigations; for more information see the American Bar Association website).

On the other hand, computer forensics investigates everything, including deleted files or remnants from former files that have been partially overwritten. A forensic examiner must pay particular attention to certain operating system and log files, temporary files and the file remnants found in unallocated clusters.

via ACFE Insights – ACFE Insights – The Difference Between Computer Forensics and eDiscovery.

Filed Under: Tech Bytes Tagged With: , , , , , , , , ,

New Evidence Act paves way for electronic evidence in courts (Nigeria)

July 26, 2011 By Leave a Comment

Computer Forensics Institute, Nigeria (CFIN), the government-approved body for the training and certification of digital forensics experts in Nigeria, has commended President Goodluck Jonathan for the swift way his administration signed into law the new Evidence Act that has now paved the way for the admissibility of computer and electronic generated evidences in Nigerian courts.

Peter Olu Olayiwola, president/chairman of the body in a press statement, at the weekend, congratulated Nigerians on this noble feat achieved in the early stage of the President Goodluck Jonathan’s administration heaving a sigh of relief that at last digital and computer forensic evidence is now admissible in the courts of our land.

He said with this development there’s hope for this country even as he expressed the gratitude of CFIN to all those in the forefront of fighting for the realisation of the new Evidence Act. The body was exceptionally grateful to Senator Sola Akinyede and his committee and the National Assembly for working tirelessly to push through the amendment of the 68-year-old Act.

Olayiwola explained the role of CFIN to nation building and said his institute works in the area of national security by assisting the federal and states law enforcement agencies, and other agencies of government that have to do with security in the area of capacity building by developing the capabilities in the identified staff that man certain critical areas in their various organizations.

While introducing computer forensics as the science of detection and investigation of crime committed either using the computer or on the computer network, internet and other digital devices with the intent of giving digital evidence in litigation, Olayiwola said computer forensics can be used to detect and gather evidence that will lead to the prosecution of the culprit. According to him, over 75 percent of all criminal cases have one form of digital or electronic evidence or the other.

via New Evidence Act paves way for electronic evidence in courts.

Filed Under: Tech Bytes Tagged With: , , , , , , , , ,

Biometrics and Digital Forensics | Digital Forensics Magazine

July 25, 2011 By Leave a Comment

Just as fingerprints are used to confirm identities so to are biometrics signatures when used in access control and other applications. In Issue 8 we take an in-depth look at these implications and the practical areas for the digital investigator.

by Julian Ashbourn

Biometrics have proved useful in identity management across a variety of scenarios, from large scale border control and citizen identity applications to small scale corporate or specific sector applications where biometric identity verification can bring an additional dimension. However, there remain several factors, which are perhaps not as well or as widely understood as they might be in this context. Such factors include aspects of performance, such as equivalence of performance across nodes, security, such as the relative security of biometric templates and, especially, human factors, including behavioural factors that have an impact upon performance and the assumptions made about the results of a biometric matching transaction.

If the use of biometrics in everyday situations proliferates, can they perhaps be used in more innovative ways from a digital forensics perspective? We are all familiar with the traditional use of fingerprints and “mugshots” for purposes of law enforcement. It will be interesting to observe whether the use of biometrics within the broader IT landscape lead to assumptions with respect to forensics, or perhaps new approaches to forensic investigation.

Within our ever-changing technological world it is natural that, as interesting technologies come along, we consider how we might use them with respect to existing processes. From a specific digital forensics perspective, it is equally natural, if not essential, that any new Information Technology is incorporated into our broader understanding. However, in some cases, the methodology involved may not immediately be clear. Biometric identity verifi cation technology may be a case in point. We have an understanding that biometrics can provide a relatively robust first or second factor personal identity authentication mechanism, but how might this help us from a digital forensics perspective? In this paper we shall review the biometric situation and posit some ideas and suggestions accordingly.

via Biometrics and Digital Forensics.

Filed Under: Tech Bytes Tagged With: , , , , , , , , ,

Free Dropbox Forensics Tool | ReadWriteWeb

June 17, 2011 By Leave a Comment

Dropbox Reader is a set of Python scripts for forensic investigators. The scripts provide investigators with information about a particular Dropbox user’s account and activities, such as the registration e-mail, Dropbox identifier and most recently changed files.

Dropbox Reader was created by Cybermarshal, the computer forensics wing of ATC-NY.

Here’s a list and description of the tools from the product website:

read_config script outputs the contents of the Dropbox config.db file in human-readable form. This includes the user’s registered e-mail address and Dropbox identifier, software version information, and a list of the most-recently-changed files.

read_filecache_config script outputs configuration information from the Dropbox filecache.db file. This includes information about shared directories that are attached to the user’s Dropbox account.

read_filejournal script outputs information about Dropbox synchronized files stored in the filecache.db file. This includes local and server-side metadata and a list of block hashes for each Dropbox-synchronized file.

read_sigstore script outputs information from the Dropbox sigstore.db file, which is an additional source of block hashes.

hash_blocks script produces a block hash list for any file. This block hash list can be compared to the block hashes from read_filejournal or read_sigstore.

dropbox_contains_file script hashes one or more files (as per hash_blocks) and compares the resulting block hash list to the files listed in filecache.db (as per read_filejournal) and reports whether the files are partially or exactly the same as any Dropbox-synchronized files.

via Free Dropbox Forensics Tool.

Filed Under: Tech Bytes Tagged With: , , , , , , , , ,

Digital Forensics Go Mobile – SIGNAL Magazine

June 14, 2011 By Leave a Comment

Digital-data investigators have a new tool in their arsenals as they try to capture bad guys’ information before they can harm others. The device enables immediate, on-scene triage of devices, eliminating the need to send equipment back to a laboratory while saving precious time and resources.

Dell released its Mobile Digital Forensics solution to build upon its original Digital Forensics offering. As devices such as computers, smartphones and even gaming consoles with storage capabilities grow in popularity, they become increasingly critical sources of information. Joe Trickey, rugged and digital forensics brand manager at Dell, says the number and capacity of these platforms result in a digital tsunami. Investigators need methods to more quickly process the data they collect to counteract this overload. In some cases, faster evidence collection could enable catching criminals or stopping attacks.

Chris Townsend, rugged solutions manager at Dell, explains that the mobile solution was designed for the layperson, not forensics specialists, to use. It requires no specific skills to operate as it reviews content, finds fields and key words, and helps maintain security. The solution has applications in a range of areas including intelligence-community and defense operations. For example, a warfighter out on patrol could use the tool to collect information from a house and send the findings back to experts to identify actionable intelligence. The solution also can be configured to help private companies detect problems such as insider trading.

Law enforcement agencies also are major users of Digital Forensics and Mobile Digital Forensics. Trickey shares a story in which law enforcement officials were tracking a gang-related case and were able to collect information about a hit made in Las Vegas when the guilty party discussed the crime via a friend’s gaming station. One of the most common applications for the device is in cases of crimes against children such as kidnapping or exploitation.

via Digital Forensics Go Mobile – SIGNAL Magazine.

Filed Under: Tech Bytes Tagged With: , , , , , , , , ,

Understanding Network Forensics Makes Your Security Smarter

June 3, 2011 By Leave a Comment

When I tell people I work in forensics they always mention CSI: Geeks in white lab coats standing over test tubes of blood, or slides of hair, running computer programs with GUIs that look more like Avatar than Windows 7, Ubuntu, or Mac OS.

Then I explain that it’s digital forensics—that I collect information in computer chips instead of tissue samples—and they get that look like I just let them down. OK, hard drives aren’t as cool as hand gun ballistics, I get that, but the process of data collection and case-building is remarkably similar whether the subject matter is Western Digital or Smith and Wesson.

Recently I wrote an article for Forensic Focus, a leading network forensic website, on open source toolkits for analysts. These are computer programs that help me do my job. As I mention in the article, it’s important to plan for digital-evidence-gathering when building security systems. In hundreds of cases, network forensics has stood up to legal scrutiny as primary evidence and has put more than one black hat in jail.

Network forensics as a security layer is like adding a close-circuit camera system to your regular home security. Your IT department has probably already installed the alarm—enabled a firewall, set alerts on suspicious activity—but a forensic appliance can record all data traffic, essentially saving a mirror image of who did what and where. The benefits of this data in the event of breach should be obvious.

via Understanding Network Forensics Makes Your Security Smarter.

Filed Under: Tech Bytes Tagged With: , , , , , , , , ,

Digital Forensics and Osama Bin Laden | PRI’s The World: Science

May 10, 2011 By Leave a Comment

Last week’s Navy Seal raid on Osama Bin Laden’s hide-out in Pakistan resulted in more than just the death of the most wanted terrorist in the world. The Seal team also collected computer hard drives, disks and other digital material that contain, according to one Obama administration official, “a motherlode of intelligence.” That got us here at WTP wondering, though, about how digital forensics experts go about getting information off of hard drives, especially if that material has been deleted, or is encrypted. Luckily, the BBC’s Chris Vallance was wondering the same thing, and so he went along to get some answers from a British company called disklabs.

We’ve got a number of other interesting items on the Osama Bin Laden raid in this episode as well. We’ll tell you about the Pakistani IT professional who, unknowingly, live-tweeted the night-time assault on the bin Laden compound in Abbottabad. Also, we’ll talk with Scientific American editor Christine Gorman about the DNA testing and facial recognition methods that were probably used to positively identify Bin Laden after the raid. And finally, you’ll hear from Thomas Gillespie, a UCLA geographer who for the past few years has been trying to apply his methods for tracking fauna. Two years ago, Gillespie and his class on remote sensing predicted the kind of place Bin Laden was likely hiding. They didn’t pinpoint Abbottabad, but they came pretty close. Gillespie, by the way, is answering your questions right now over in our World Science Forum, so stop by and join the conversation.

Also in this episode, we’ll hear about the kinds of technologies that might replace black box cockpit voice and flight data recorders. And we’ll take a step back in time, about 70 years, and revisit the moment when the Royal Navy boarded U-Boat 110 and discovered the Enigma Machine. Come crack some code with us as we take you on a tour of a new exhibit at Britain’s former code-cracking headquarters, Bletchley Park.

via Digital Forensics and Osama Bin Laden | PRI’s The World: Science.

Filed Under: Tech Bytes Tagged With: , , , , , , , , ,
« Older Posts