The words “Access Denied” over a digital composite of a data stream

Digital Forensics Problem-solving

In the world of digital forensics, often, the most challenging part of the process is getting to the data. You need to first acquire the data in order to analyze it completely and effectively. This is where problem-solving comes into play.

Problem-solving is an ever-evolving issue in the fields of computer forensics and mobile device forensics and will continue to be so as the industry progresses. The thing about problem-solving skills, though, is that they aren’t so much as taught as they are acquired over time with experience.

In this piece, we discuss what you need to know about problem-solving in computer and mobile device forensics. Let’s dive right into it.

Continue reading

A forensics expert in a lab examining a smartphone

Cellular Records Analysis: Going Beyond Location Data

When it comes to digital forensics, particularly mobile forensics, location data is typically what is sought after the most. This isn’t surprising considering the fact that it is the most pertinent with respect to a person’s whereabouts during an incident, as well as the timeframe for said incident. That said, there is definitely more to cellular records and its analysis than merely location data, or at least a lot more that’s ancillary to location data.

Going beyond location data provides a deeper level of analysis that can lend further validity to the records themselves, as well as any conclusions drawn from the analysis. Here’s a guide on the subject.

Continue reading

a cyber forensic expert

How is Digital Evidence Gathered?

In 2021, digital devices are quite common, with the most common ones being mobile phones, tablets, and computers. However, the emergence of IoT has made a plethora of electronic devices a source of digital evidence. For example, a digital camera can be used to view or store illegal images. The first responders in this case are digital forensic experts, who should identify and seize every electronic device to acquire evidence.

But how is this digital evidence gathered? Hear what our digital forensic engineer has to say!

Collection of digital evidence

Numerous sources can be used to collect digital evidence. Some of these sources are servers, cloud computers, USB memory sticks, CD-ROM, hard drives, digital cameras, mobile phones, computers, and the like. Some of the more non-obvious sources include web pages that should be preserved because they can change, as well as RFID tags. It’s important to ensure that extra care of data sources is taken so that nothing can modify or contaminate them as they’ll be used for digital forensic investigations.

Since the majority of digital information is volatile, it’s subject to change. Once it’s modified, identifying the changes or rolling back the data to its original state becomes a lot more difficult. Therefore, a cryptographic hash of digital evidence can be carried out and calculated. This hash must be recorded in a safe place to ensure there’s no contamination of digital evidence. This is crucial because it would allow computer forensic experts to establish whether someone fiddled with the original data evidence or not.

Imaging evidence within the electronic media

During the initial phases of the investigation, it’s a good practice to duplicate the original evidentiary media. Now, a combination of software imaging tools and standalone hard-drive duplicators can be used to fully close the entire hard drive. This can be done at the sector level, where a bit-stream copy of all parts of the hard drive’s user-accessible areas will be made. This means there won’t be any need to duplicate the file system. In order to prevent tampering, the original drive can be transferred to secure storage. While this imaging process is underway, a write-blocking or write-protection application or device can be used to make sure no information is made part of the evidentiary media during the computer forensic investigation.

a forensic computer analyst

Why preserving the sources of investigation is important?

It’s important to preserve the sources from which evidence is gathered so that the chain of custody remains intact. Otherwise, it won’t be possible to validate the results of the digital forensic investigation.

Turn to Eclipse Forensics – your certified digital forensic consultant

Since 2005, we’ve worked on hundreds of cases for a variety of individuals, private attorneys, and law enforcement jurisdictions. We’re ready and poised to help in the analysis and development of mobile device forensics, authenticate audio and video forensics, court-certified forensics in FL. Contact us now for more information!

couple calls a digital forensic engineer to help them with their divorce case

Computer Forensics Expert in a Divorce Case: What You Need to Know

The role of a computer forensics expert can be crucial in a divorce case. With an experienced forensics expert, you’ll be able to help an attorney concentrate on specific data that relates to a dispute while also conducting a comprehensive analysis of insights like activity logs and metadata. Here are some things you need to know about the role of a data forensic expert in a divorce case:

They ensure data is handled safely

Similar to any forensic collection, appropriate data sources must first be identified. In family law cases, common sources of digital evidence may comprise tablets, laptops, cellphones, and email accounts. By safekeeping the data and documenting the data collection procedure, a computer forensics expert will help you ensure every piece of evidence is handled the right way.

Helps corroborate evidence

By analyzing the data through digital forensics, a computer forensics expert can establish indisputable facts in a divorce case. For example, metadata tags (especially those associated with social media posts and images), a map application, or location data may be used to acquire information on whereabouts and travel.

This can be vital in cases there are limitations on parenting time, for instance, restrictions on taking a child from a particular geography. By using location data, email receipts, mobile payment, and eCommerce usage, and financial applications, a computer forensics expert can unveil spending habits and assets. This can be crucial for alimony, child support, as well as other financial calculations related to the case of your client.

In addition, personal data can be used to identify salacious factual scenarios regarding the divorce case. In certain matters, disputes in a family may turn on inappropriate parenting practices, addiction, and proof of infidelity.

Many digital artifacts can help predict this behavior; geolocation tags and GPS data can preserve whereabouts during parenting time,  mobile application use or internet history may preserve interests in a certain lifestyle or subject matter, and text message history may preserve individual conversations.

If a divorce case includes restraining orders or domestic abuse, a forensic investigation of a computer, tablet, or a cellphone can be useful for the preservation and presentation of evidence regarding media postings, messaging apps, harassing emails, text messages, telephone calls, along with other modes of inappropriate contact, as well as the associated data and time stamps.

During digital forensic analysis, technical clues are viewed within the digital environment – this is where electronically stored evidence is present. Here, a computer forensics expert examines past disk activity, artifacts of deleted files, databases preserving evidence of user activity, system logs, system caches consisting of ‘working copies’ of old files, metadata, etc.

digital forensic consultant meets with an attorney

The team at Eclipse Forensics can interpret evidence that can’t be seen on the active user files’ faces.

Advanced Digital Forensic Analysis:

In the realm of advanced digital forensic analysis, the digital environment serves as a rich repository of electronically stored evidence. A digital forensic expert adeptly navigates this intricate landscape with technical precision. Eclipse Forensics, boasting a team of certified data forensic and cyber forensic experts, stands out for its prowess in interpreting evidence that might not be immediately apparent in active user files.

Delving into the intricacies of past disk activity, artifacts of deleted files, databases housing evidence of user activity, system logs, and metadata, these experts leave no stone unturned in their quest for comprehensive insights. Eclipse Forensics’ specialized team excels in the nuanced art of handling data safely, ensuring a meticulous examination of every digital nook and cranny.

As we navigate the ever-evolving landscape of divorce proceedings, the role of a computer forensics expert proves indispensable. Their proficiency in digital forensic services allows them to navigate and corroborate evidence seamlessly, bringing to light crucial information pivotal in financial and personal scenarios. Eclipse Forensics, with its certified data forensic expert, stands as a beacon in providing court-certified forensics and expert witness testimony. This commitment upholds the integrity of the legal process, ensuring a fair and just resolution for all parties involved.

A woman using her phone

Eclipse Forensics’ uncovers and interprets electronic data for use in a court of law

Our team consists of data forensic experts and cyber forensic experts. We specialize in court-certified forensics and expert witness testimony in FL to uphold its integrity.

Reach out to us for more information!

Forensics expert looking for files on a computer.

Digital Forensics – A Guide

Ever wondered how a digital forensics team operates? How do the experts find those incriminating files or suspicious activity only using a person’s data? Here’s a breakdown of how the digital forensics process works, giving you an idea of how your own case could play out:

Continue reading

Forensics expert looking for files on a computer

3 Common Digital Forensic Myths

To many, digital forensics seems like magic as they are unable to understand how experts can pull vital data from devices like a rabbit out of a hat. With dramatized depictions of digital forensics, there have been various misconceptions regarding the industry. Several creative liberties are taken, which differ wildly from the reality of it all.

These are some of the most common myths related to digital forensics, which might be crucial to know about whether you’re considering a career in the field or want to hire digital forensic experts for your case:

Continue reading

The Lifecycle of Incident Forensics

Did anything highlight the need for companies to engage in crisis preparation as acutely as the ongoing coronavirus pandemic? We doubt. With many companies switching to a remote working model —something that’s here to stay– their incident forensics must be on point if they’re looking to adapt to this new normal. What does this mean? Addressing the new risks that come with it.

Your enterprise may truly be in crisis if it suffers from a major cybersecurity incident. Therefore, forward-thinking enterprises must be prepared in advance, and understanding the lifecycle of incident forensics is the best place to start.

1. Evidence of initial compromise

Maybe, an RDP brute force attacks a server, so you may explore the event logs to find some useful information, or the host may have been compromised during lateral movement using harvested credentials or PsExec. Maybe new APT crafts a spear-phishing email (perhaps, high-class) so you can browse recent documents that the users opened. Or maybe, it’s a drive-by download, which means the web-browsing activity of a user may offer you a fair bit of information.

2. Evidence of execution

Nowadays, it isn’t difficult to find one. For example, we have some new artifacts like Windows Timeline and BAM/DAM and some old ones like UserAssist and Prefetch files. Maybe, finding evidence of execution for malware isn’t the only thing you’re looking for—you want to get your hands on software that an adversary used, for instance, for data exfiltration, lateral movement, or reconnaissance.

3. Evidence of achieving persistence

Did you ever see MITRE Framework? If yes, you’ll know that there are innumerable persistence mechanisms that threat actors use. It may include anything from startup folders and run keys to WMI.

4. Evidence of lateral movement

In the majority of cases, adversaries complete the initial compromise and then move laterally through the network. Why? Because compromising the final target is almost impossible. For example, if a money-hungry APT wants to steal quite a few dollars from a bank, they’ll gain access to the computer of a regular user through spear-phishing, subsequently elevating privileges and laterally moving through the network to find the main target. If you want to look for evidence of WMI, PsExec, network shares, RDP, etc., go through the file system, registry, and event logs.

5. Evidence of actions on objectives

During this phase, you’ll come across a lot of stuff. For instance, 9 out of 10 times Cobalt Gang will create a Support452 account. So, you can undertake an analysis of NTUSER.DAT and find out that it was used for reconnaissance and lateral movement. Maybe, you’ll discover evidence of the execution of a network scanner on a host where it doesn’t usually execute. Or maybe, the whole case may begin from finding ZIP-archives with the contents of the My Documents folder in unfamiliar places.

Eclipse Forensics’ cyber forensic expert helps you neutralize threats with cutting-edge, intelligent solutions

Fast investigation and early detection are crucial when it comes to dealing with threats and keeping the attackers at bay. However, a lack of visibility, inadequate information, and an overwhelming number of alerts may limit you from achieving these tasks. This is where Eclipse Forensics’ digital forensic consultant can help!

Contact our digital forensic engineer now!