Category Archives: Blog

couple calls a digital forensic engineer to help them with their divorce case

Computer Forensics Expert in a Divorce Case: What You Need to Know

Posted on by

The role of a computer forensics expert can be crucial in a divorce case. With an experienced forensics expert, you’ll be able to help an attorney concentrate on specific data that relates to a dispute while also conducting a comprehensive analysis of insights like activity logs and metadata. Here are some things you need to know about the role of a data forensic expert in a divorce case:

They ensure data is handled safely

Similar to any forensic collection, appropriate data sources must first be identified. In family law cases, common sources of digital evidence may comprise tablets, laptops, cellphones, and email accounts. By safekeeping the data and documenting the data collection procedure, a computer forensics expert will help you ensure every piece of evidence is handled the right way.

Helps corroborate evidence

By analyzing the data through digital forensics, a computer forensics expert can establish indisputable facts in a divorce case. For example, metadata tags (especially those associated with social media posts and images), a map application, or location data may be used to acquire information on whereabouts and travel.

This can be vital in cases there are limitations on parenting time, for instance, restrictions on taking a child from a particular geography. By using location data, email receipts, mobile payment, and eCommerce usage, and financial applications, a computer forensics expert can unveil spending habits and assets. This can be crucial for alimony, child support, as well as other financial calculations related to the case of your client.

In addition, personal data can be used to identify salacious factual scenarios regarding the divorce case. In certain matters, disputes in a family may turn on inappropriate parenting practices, addiction, and proof of infidelity.

Many digital artifacts can help predict this behavior; geolocation tags and GPS data can preserve whereabouts during parenting time,  mobile application use or internet history may preserve interests in a certain lifestyle or subject matter, and text message history may preserve individual conversations.

If a divorce case includes restraining orders or domestic abuse, a forensic investigation of a computer, tablet, or a cellphone can be useful for the preservation and presentation of evidence regarding media postings, messaging apps, harassing emails, text messages, telephone calls, along with other modes of inappropriate contact, as well as the associated data and time stamps.

During digital forensic analysis, technical clues are viewed within the digital environment – this is where electronically stored evidence is present. Here, a computer forensics expert examines past disk activity, artifacts of deleted files, databases preserving evidence of user activity, system logs, system caches consisting of ‘working copies’ of old files, metadata, etc.

digital forensic consultant meets with an attorney

The team at Eclipse Forensics can interpret evidence that can’t be seen on the active user files’ faces.

Advanced Digital Forensic Analysis:

In the realm of advanced digital forensic analysis, the digital environment serves as a rich repository of electronically stored evidence. A digital forensic expert adeptly navigates this intricate landscape with technical precision. Eclipse Forensics, boasting a team of certified data forensic and cyber forensic experts, stands out for its prowess in interpreting evidence that might not be immediately apparent in active user files.

Delving into the intricacies of past disk activity, artifacts of deleted files, databases housing evidence of user activity, system logs, and metadata, these experts leave no stone unturned in their quest for comprehensive insights. Eclipse Forensics’ specialized team excels in the nuanced art of handling data safely, ensuring a meticulous examination of every digital nook and cranny.

As we navigate the ever-evolving landscape of divorce proceedings, the role of a computer forensics expert proves indispensable. Their proficiency in digital forensic services allows them to navigate and corroborate evidence seamlessly, bringing to light crucial information pivotal in financial and personal scenarios. Eclipse Forensics, with its certified data forensic expert, stands as a beacon in providing court-certified forensics and expert witness testimony. This commitment upholds the integrity of the legal process, ensuring a fair and just resolution for all parties involved.

A woman using her phone

Eclipse Forensics’ uncovers and interprets electronic data for use in a court of law

Our team consists of data forensic experts and cyber forensic experts. We specialize in court-certified forensics and expert witness testimony in FL to uphold its integrity.

Reach out to us for more information!

Forensics expert looking for files on a computer.

Digital Forensics – A Guide

Posted on by

Ever wondered how a digital forensics team operates? How do the experts find those incriminating files or suspicious activity only using a person’s data? Here’s a breakdown of how the digital forensics process works, giving you an idea of how your own case could play out:

Continue reading

Forensics expert looking for files on a computer

3 Common Digital Forensic Myths

Posted on by

To many, digital forensics seems like magic as they are unable to understand how experts can pull vital data from devices like a rabbit out of a hat. With dramatized depictions of digital forensics, there have been various misconceptions regarding the industry. Several creative liberties are taken, which differ wildly from the reality of it all.

These are some of the most common myths related to digital forensics, which might be crucial to know about whether you’re considering a career in the field or want to hire digital forensic experts for your case:

Continue reading

The Lifecycle of Incident Forensics

Posted on by

Did anything highlight the need for companies to engage in crisis preparation as acutely as the ongoing coronavirus pandemic? We doubt. With many companies switching to a remote working model —something that’s here to stay– their incident forensics must be on point if they’re looking to adapt to this new normal. What does this mean? Addressing the new risks that come with it.

Your enterprise may truly be in crisis if it suffers from a major cybersecurity incident. Therefore, forward-thinking enterprises must be prepared in advance, and understanding the lifecycle of incident forensics is the best place to start.

1. Evidence of initial compromise

Maybe, an RDP brute force attacks a server, so you may explore the event logs to find some useful information, or the host may have been compromised during lateral movement using harvested credentials or PsExec. Maybe new APT crafts a spear-phishing email (perhaps, high-class) so you can browse recent documents that the users opened. Or maybe, it’s a drive-by download, which means the web-browsing activity of a user may offer you a fair bit of information.

2. Evidence of execution

Nowadays, it isn’t difficult to find one. For example, we have some new artifacts like Windows Timeline and BAM/DAM and some old ones like UserAssist and Prefetch files. Maybe, finding evidence of execution for malware isn’t the only thing you’re looking for—you want to get your hands on software that an adversary used, for instance, for data exfiltration, lateral movement, or reconnaissance.

3. Evidence of achieving persistence

Did you ever see MITRE Framework? If yes, you’ll know that there are innumerable persistence mechanisms that threat actors use. It may include anything from startup folders and run keys to WMI.

4. Evidence of lateral movement

In the majority of cases, adversaries complete the initial compromise and then move laterally through the network. Why? Because compromising the final target is almost impossible. For example, if a money-hungry APT wants to steal quite a few dollars from a bank, they’ll gain access to the computer of a regular user through spear-phishing, subsequently elevating privileges and laterally moving through the network to find the main target. If you want to look for evidence of WMI, PsExec, network shares, RDP, etc., go through the file system, registry, and event logs.

5. Evidence of actions on objectives

During this phase, you’ll come across a lot of stuff. For instance, 9 out of 10 times Cobalt Gang will create a Support452 account. So, you can undertake an analysis of NTUSER.DAT and find out that it was used for reconnaissance and lateral movement. Maybe, you’ll discover evidence of the execution of a network scanner on a host where it doesn’t usually execute. Or maybe, the whole case may begin from finding ZIP-archives with the contents of the My Documents folder in unfamiliar places.

Eclipse Forensics’ cyber forensic expert helps you neutralize threats with cutting-edge, intelligent solutions

Fast investigation and early detection are crucial when it comes to dealing with threats and keeping the attackers at bay. However, a lack of visibility, inadequate information, and an overwhelming number of alerts may limit you from achieving these tasks. This is where Eclipse Forensics’ digital forensic consultant can help!

Contact our digital forensic engineer now!