SQLite forensics is an important part of many digital forensic investigations. Most smartphones and computer operating systems use SQLite, with each device often including hundreds of databases. Despite this extreme proliferation, SQLite forensics is often overlooked in conversations about current trends in digital forensics. Paul Sanderson’s book attempts to redress the balance and bring attention to the importance of SQLite forensics. Continue reading “SQLite Forensics by Paul Sanderson”
The latest instalment in a series in which I answer the ongoing question “How do you fit it all in?”, which people ask me when I tell them what I do. Continue reading “How Do You Fit It All In? #6”
Mobile forensics is a growing subsection of digital forensic investigation. With the proliferation of devices, applications and operating systems available nowadays, it’s increasingly becoming a vital and complex field. The skillset needed to accurately acquire evidence from mobile devices may seem dauntingly wide-ranging, especially when so many of us are dealing with backlogs in the first place. How are we supposed to keep up to date with this ever-evolving challenge?
Luckily we have books like this to help us out. Continue reading “Mobile Forensics – Advanced Investigative Strategies by Oleg Afonin & Vladimir Katalov”
Today I came to a realisation that can be summed up in a sentence that sounds fairly simple, but has taken me an embarrassingly long time to grasp:
Just because you’re good at something, that doesn’t mean you have to do it.
Flashpoint, a business intelligence agency specialising in the deep and dark web, recently published a report on the economy of criminal networks online. The report looks not only at where criminals go to communicate on the internet, but also how their communications are structured, and the ways in which online communication has changed the criminal landscape.
Far from the kind of jack-of-all-trades portrayed in TV dramas, today’s cybercriminals structure their operations much like a business, each person having their own specialisms and reporting to the people above them. This helps to ensure that every member of the network takes on tasks that don’t overwhelm them, and often also ensures that the level of communication is kept to a minimum. Each party is only in contact with the level directly above, thus decreasing the likelihood of breaking up the entire network if a single individual’s identity is uncovered by law enforcement.
From the 6th-8th of December 2016, AccessData ran a Windows course in a training centre overlooking Trafalgar Square in London, UK. The aim of the course was to familiarise forensic investigators with the Windows operating system and give an in-depth understanding of its potential for analysis in digital forensic investigations.
The other day I interviewed John Patzakis, Executive Chairman at X1 Discovery, about an article he’s written about a new amendment to Federal Rule of Evidence 902.
Subsection (14) will come into play this December, and will mean that all electronic data will be required to be “self-authenticating”.