by admin-jon | Sep 16, 2008 | Blog, Computer Investigations, Metadata
One of the common requests we receive is to help a client determine when a document was created, or if it existed at a specific date and time, and when it was last modified. For example, an employment dispute may involve one of the following circumstances: A memo was...
by admin-jon | Sep 12, 2008 | Blog, Collection, Electronic Discovery, ESI Collection, Preservation
Changes are underway in how electronically stored information (ESI) is processed and reviewed. These changes are due to the huge size of repositories – hundreds of gigabytes or multiple terabyte sizes – identified for collection and processing....
by admin-jon | Aug 28, 2008 | Blog, Tips & Tricks
The CCE (Certified Computer Examiner) is a certification obtained through ‘The International Society of Forensic Computer Examiners’ (ISFCE). I’ve noticed that many CCE training facilities are geared towards criminal investigations so they don’t necessarily address...
by admin-jon | Aug 27, 2008 | Blog, Computer Investigations
In my previous post, I identified several primary differences between computer forensic investigations and electronic discovery processing. Next, I’d like to identify some general case categories and tasks that involve a computer forensic investigator. Case...
by admin-jon | Aug 26, 2008 | Blog, Computer Investigations, Electronic Discovery
Electronic discovery and computer forensic investigations often go hand in hand. The challenge for many in the legal community is how to identify what ESI (Electronically Stored Information) requires more than typical electronic discovery processing. First, computer...
by admin-jon | Aug 25, 2008 | Blog, Data Recovery
There are three common scenarios in which you may want to recover deleted images: Images accessed from web sites Images downloaded by a user or obtained through file sharing applications Photos stored on a computer hard drive, camera or memory card During a computer...
by admin-jon | Aug 21, 2008 | Blog, Collection, Tips & Tricks
You have requested a hard drive clone or image and discover that the contents cannot be culled or reviewed. One reason may be hard drive encryption. Encryption involves ”scrambling” the contents of a file or hard drive so that they cannot be viewed without the...
by admin-jon | Aug 20, 2008 | Blog, Data Recovery, File Header, Software
Carving files, which can be performed manually or through an automated process, permits the recovery of a portion of a corrupted or deleted file. During a computer investigation, examiners may encounter deleted files that cannot be fully recovered. However, enough of...
by admin-jon | Aug 19, 2008 | Blog, Collection, ESI Collection, Software, Tips & Tricks
If you or a partnering service bureau need to be able to process or review your client’s files from an imaged hard drive, you may be in for a surprise. The results of an imaged hard drive are often stored in a forensic image format or what is referred to as an...
by admin-jon | Aug 13, 2008 | Blog, Metadata, Preservation, Tips & Tricks
The terms, ‘file timestamps’ and ‘file metadata’ are often used interchangeably, however, they can have two completely different meanings. I trust the following will help clarify the differences. 1) There are two separate ‘timestamps’ for office documents and several...
