Mac OS X Spotlight

Posted by Larry Britton | e-forensics Inc.

Digital Forensics, Computer Forensics, Windows Forensics, Miami, Fort Lauderdale, e-Forensics

Spotlight is Apple’s Mac OS X+ content indexing and search feature. Like any other desktop search technology, it is aimed at helping the user find files and folders on the computer. Mac Spotlight indexes all the files/folders on a volume, storing indexed metadata about filesystem objects to deliver rapid and widespread searching capabilities across the volume. The stored file or folder information includes standard filesystem metadata, MAC times (Modified, Access, Created) as well as at least part of file-internal metadata, which varies according with the type of file, for example, EXIF info for photos or word specific metadata for MS word files. These databases are created by OS X and above on each volume the machine can access, including flash drives. Most recent versions of Spotlight also store information at the user level.

Apple Unified Log (AUL)

Posted by Jesus Pena | e-forensics Inc.

Digital Forensics, Computer Forensics, Windows Forensics, Miami, Fort Lauderdale, e-Forensics

Apple Unified Logs was first implemented with Mac OS Sierra (10.12), launched on September 2016, Apple implemented a log system that is present not only in its laptops/desktops, but also on iOS devices (iPhone, iPad, iPod), Apple watches and Apple TV. The purpose was to unify and standardize the OS system logs.

Apple Unified Logs contain information useful for all sorts of forensics analysis, like user logins, use of terminal, processes that were running in the context of certain events of interest, register of time machine backups including start and end time, network usage, external media used (mount and unmount events), connections of printers or iPhones, e-mail accounts sync, and in general, data for most user interaction with the system.

Android Forensics - What Lawyers Should Know

Posted by Larry Britton | e-forensics Inc.

Digital Forensics, Computer Forensics, Windows Forensics, Miami, Fort Lauderdale, e-Forensics

As opposed to iPhone devices, Android phones are produced by a plethora of makers, brands and models, from very simple to high end devices, they share similar protection security measures when we are dealing with new devices or new Android OS versions. In fact, like iPhones, Android device content is encrypted and protected from being access using other mechanisms different from the ones officially stated by Google (Android) or by the corresponding phone maker. Thus, even if the physical memory was extracted, the decryption key would be required.

Windows Shellbags

Posted by Larry Britton | e-forensics Inc.

Digital Forensics, Computer Forensics, Windows Forensics, Miami, Fort Lauderdale, e-Forensics

When a user changes the view mode or position of folders in the Windows graphic interface, the new view remains available because Windows remembers that information in the Windows Registry keys known as “Shellbags”. Perhaps more important, Shellbags store timestamps for some of the changes, making possible to determine access chronology. Like other Windows’ artifacts, Shellbags are not intended to register user activity per se, it is only a Windows feature designed to streamline the user interface.
Shellbags are one of the most useful artifacts in identifying user activity related to IP theft, spoliation and violation of corporate polices related to access of information assets

iPhone Forensics - What Lawyers Should Know

Posted by Jesus Pena | e-forensics Inc.

Digital Forensics, Computer Forensics, Mobile Phone Forensics, Miami, Fort Lauderdale, e-Forensics

While the common procedure to forensically process a laptop or desktop involves an image of its data repositories (meaning the disk or disks where the information being handled by the device, including it OS, is stored), this is not the case when the device is a smartphone. Although in this post we address only iPhones, this limitation is common with Android smartphones devices, which will be discussed in a future post

Suspect Intellectual Property Theft?

Posted by Lautaro Barrera | e-forensics Inc.

Digital Forensics, Computer Forensics, Mobile Phone Forensics, Miami, Fort Lauderdale, e-Forensics

Intellectual property pertains to the absconding of inventions, or creative processes, methods or expressions which include proprietary products/services and trade secrets.

Normally, intellectual property (IP) theft using electronic means is achieved by transferring or copying the IP to portable devices or cloud repositories. For example, the thief may use his personal e-mail account, or a personal cloud storage account.

Windows Jump Lists

Posted by Jesus Peña | e-forensics Inc.

Digital Forensics, Computer Forensics, Mobile Phone Forensics, Miami, Fort Lauderdale, e-Forensics

The Windows Operating System and some software applications offer functionality designed to optimize user experience and improve performance. One such feature is known as Jump Lists.

Digital Forensics in the COVID-19 Era

Posted · by Jesus Peña | e-forensics Inc.

Digital Forensics, Computer Forensics, Mobile Phone Forensics, Miami, Fort Lauderdale, e-Forensics

As a result of the pandemic, the past year has been presented unique challenges across most industries worldwide. With directives to quickly -- and in many cases permanently -- relocate the on-premises laptop workstations, or remotely access desktop workstations from employees’ homes, IT security personnel have found themselves having to safeguard these systems across different networks.

Together HR and IT can strengthen the most important wall: The HUMAN FIREWALL

Posted · by Jesus Peña | e-forensics Inc.

Digital Forensics, Computer Forensics, Mobile Phone Forensics, Miami, Fort Lauderdale, e-Forensics

With all the talk about walls, we forget the most important one for every business: The Human Firewall. What is this Human Firewall? It’s comprised of each and every employee or contractor who works within your network and who is being targeted by dedicated nefarious hackers to get access to your bank account or intellectual property.

Essential Artifacts Source: USB Devices

Posted · by Jesus Peña | e-forensics Inc.

Digital Forensics, Computer Forensics, Mobile Phone Forensics, Miami, Fort Lauderdale, e-Forensics

One of the key elements in the forensics analysis triage is dealing with USB inserted devices. The importance of uncovering artifacts associated with inserted USB devices is simple: it’s one of the most common, quickest and easiest means of stealing company intellectual property.

Handling A Former Employee's Computer

Posted · by Jesus Peña | e-forensics Inc.

Digital Forensics, Computer Forensics, Mobile Phone Forensics, Miami, Fort Lauderdale, e-Forensics

Theft of IP matters against former employees, and wrongful termination lawsuits have something in common: the former employee's computer will likely have valuable evidence. Unfortunately most of the time the computers will be re-imaged (software reloaded) and put back into production for the new hire.

Cyber Security Partnerships

Posted · by Jesus Peña | e-forensics Inc.

Digital Forensics, Computer Forensics, Mobile Phone Forensics, Miami, Fort Lauderdale, e-Forensics

Companies are increasingly budgeting for employee cyber security training and awareness with an emphasis on detecting and responding to social engineering and spear phishing attacks. As businesses mitigate against new threats, there is always the question of whether or not their trading partners are adequately protected.

Solid-State Drives = Reduced Forensics Costs

Posted · by Jesus Peña | e-forensics Inc.

Digital Forensics, Computer Forensics, Mobile Phone Forensics, Miami, Fort Lauderdale, e-Forensics

Newer desktops and laptops are coming standard with solid-state drives (SSD). Solid-state drives are computer storage devices that differ greatly from hard disk drives (HDD), which have moving mechanical parts. Solid-state drives contain integrated circuits, similar to the architecture of USB flash drives.

CONTACT

  •  305.667.4603
  •  305.667.4472
  •  info@e-forensicsinc.com
  • 2000 S. Dixie Highway, #206
  • Miami, Florida 33133
 

INQUIRY







    Need same day forensic imaging?