by Alain Filotto | Apr 11, 2024 | Forensics, General Topic
In today’s digital age, mobile devices have become an integral part of our lives, storing a treasure trove of information that can be crucial in legal proceedings. From text messages to emails, photos, and app data, mobile devices often hold the key to unravelling complex cases. As a digital forensics expert, I often find myself at the forefront of acquiring and analyzing this vital evidence. In this blog post, we’ll explore the three types of acquisitions—logical, file system, and physical—and delve into the intricacies of recovering deleted data from both Apple and Android devices.
Logical Acquisition
Logical acquisition involves extracting data that is accessible through the device’s operating system. This method is non-intrusive and typically yields a comprehensive snapshot of the device’s current state. Legal professionals often opt for logical acquisitions when seeking recent communications, call logs, and app data. However, it’s essential to note that logical acquisitions may not capture deleted or hidden data.
File System Acquisition
File system acquisition goes one step further by directly accessing the device’s file structure. This method provides a more comprehensive view of the device’s storage including metadata. File system acquisitions are particularly valuable in cases where more evidence is needed than a simple logical acquisition. For legal professionals, this means a deeper dive into messages, images, and documents that could make or break a case.
Physical Acquisition
Physical acquisition is the most comprehensive method, involving a bit-by-bit copy of the device’s storage. This approach captures every byte of data, including hidden and deleted files, making it the gold standard for mobile forensic examinations. While physical acquisitions provide unparalleled insight, they also require specialized tools and may be subject to legal constraints. Nevertheless, for legal professionals seeking irrefutable evidence, physical acquisitions offer a comprehensive solution. The good news is that we have access to VeraKey which allows us to obtain physical acquisitions for most mobile devices!
Recovering Deleted Data
Both Apple and Android devices pose unique challenges when it comes to recovering deleted data. Apple’s iOS employs stringent security measures, making it difficult to access deleted information without specialized tools and expertise. However, with the right techniques, forensic experts can often recover deleted messages, photos, and app data from iCloud backups or device backups stored on computers.
On the other hand, Android devices offer a more varied landscape, with a multitude of manufacturers and operating system versions. While some Android devices may offer easier access to deleted data, others may pose significant hurdles. Forensic experts leverage a combination of techniques, including manual analysis and specialized software, to recover deleted data from Android devices.
Conclusion
In the realm of digital forensics, the acquisition and analysis of mobile devices play a pivotal role in legal proceedings. By understanding the nuances of logical, file system, and physical acquisitions, legal professionals can better navigate the complexities of digital evidence. Furthermore, with the ability to recover deleted data from both Apple and Android devices, forensic experts provide a valuable resource in building robust cases.
In summary, whether it’s uncovering incriminating text messages or retrieving deleted photos, mobile forensic acquisitions offer a wealth of opportunities for legal professionals seeking to present compelling evidence in court. By partnering with experienced digital forensics experts, lawyers can ensure that no digital stone is left unturned in their pursuit of justice.
If you have any questions or want to book a free consultation, contact me on LinkedIn. It is the best place to reach me.
https://www.linkedin.com/in/alain-filotto
by Alain Filotto | Mar 21, 2024 | Uncategorized
I was going to write a blog about my new VeraKey. But Magnet Forensics has already done that so why not just link to it! I’ve been doing this for over 15 years and I don’t use the expression “game changer” lightly. But this is a game changer for me and for my clients!!! In simple terms, this tool allows the full file system of a mobile device to be acquired. That means DELETED DATA! You need deleted text messages? Deleted emails? Deleted pictures? Now it is possible! Below is from their website:
Consent-Based Access
The complexity and ever-growing diversity of mobile devices can present challenges for digital forensic investigators. We’re continually working to ensure VERAKEY is compatible with devices you may encounter during a consent-based investigation.
KEY TAKEAWAYS
- Most comprehensive iOS and modern Android device access support, with regular updates to the latest versions.
- Capture and record explicit employee consent, plus automatically notify the VERAKEY account administrator upon every extraction for additional oversight.
- Access credentials stores like Keychain and Keystore to decrypt content.
Easy to Use
VERAKEY’s simple plug-and-play design doesn’t require reskilling, eases adoption, and complements existing solutions.
KEY TAKEAWAYS
- User friendly web interface that requires no special training.
- Secure collected data in the lab and the cloud with automatic encryption and geofencing.
- Export the data to a wide variety of tools for analysis, such as Magnet AXIOM Cyber and other third-party tools.
Depth
Obtaining a more comprehensive and detailed data extraction gives you access to the critical evidence you need when performing internal investigations and supporting eDiscovery efforts. VERAKEY accesses more data, including deleted data, than any other mobile forensics tool to help you solve more cases.
KEY TAKEAWAYS
- Full file system extraction from iOS and modern Android devices.
- Uncover more pictures, videos, encrypted messaging and iOS chats, chat histories, location data, and Internet evidence.
Speed
Save time and kick-start your investigations faster by accessing mobile data quickly. VERAKEY can provide same-day mobile data access for both iOS and leading Android devices.
KEY TAKEAWAY
Get mobile devices back into the employee’s hands faster to reduce the impact on productivity.
If you have any questions or want to book a free consultation, contact me on LinkedIn. It is the best place to reach me.
https://www.linkedin.com/in/alain-filotto
by Alain Filotto | Feb 21, 2024 | Uncategorized
I’m going to start with the bad… Do you notice anything missing in the attached image? This is a screenshot of an actual case where the entire Desktop was deleted! It was a family-law case where one partner had passed away and it was suspected that the other partner had deleted a newer version of the deceased’s Will. There were hundreds of documents stored on the desktop. The fact that the entire Desktop folder was deleted was crucial to the case ( the Desktop is actually just a folder in a user’s profile). The Desktop folder is a system folder. If it is deleted Windows will just create a new one when the computer is rebooted. In this case the computer had not been rebooted and I was able to quickly see that the Desktop folder was missing. Therefore, the lesson here is to NOT power on a laptop or computer (or any electronic device) unless you are using the proper forensic tools. Unfortunately this happens often, and yes, even by experienced lawyers.
In today’s digital age, digital evidence has become a cornerstone in investigations across various fields, including law enforcement, cybersecurity, and corporate litigation. From criminal cases to civil disputes, digital evidence plays a pivotal role in uncovering the truth and presenting a compelling case. However, the fragility of digital data emphasizes the critical need for proper preservation, and entrusting this task to digital forensics experts is paramount.
Digital evidence encompasses a broad spectrum of information stored electronically, ranging from emails, documents, social media posts, to metadata embedded within files and communication logs. Its significance lies in its ability to provide crucial insights, establish timelines, and corroborate or refute claims. Whether it’s uncovering fraudulent activities, proving intellectual property theft, or assisting in criminal investigations, digital evidence can often be the linchpin that determines the outcome of a case.
Yet, the volatile nature of digital data poses significant challenges. Unlike physical evidence, digital evidence can be easily altered, deleted, or corrupted, sometimes without leaving a trace. Factors such as accidental deletion, malware attacks, or intentional tampering can jeopardize the integrity and admissibility of digital evidence in court. This underscores the importance of preserving digital data in a forensically sound manner to maintain its authenticity, reliability, and credibility.
Attempting DIY preservation efforts without the requisite expertise can inadvertently damage, or compromise the integrity of the evidence, and render it inadmissible in court.
This is where the expertise of digital forensics professionals becomes indispensable. Digital forensics experts possess specialized knowledge, tools, and methodologies to meticulously extract, preserve, and analyze digital evidence while adhering to legal standards and protocols. Their proficiency in data recovery, chain of custody management, and forensic analysis ensures that digital evidence remains unaltered and defensible, thereby strengthening its probative value in legal proceedings.
By entrusting the preservation of digital evidence to digital forensics experts, stakeholders can benefit in several ways:
1. Preservation of Integrity: Digital forensics experts employ stringent preservation techniques to maintain the integrity and authenticity of digital evidence, ensuring its admissibility in court.
2. Mitigation of Risks: Professional handling minimizes the risk of inadvertent data alteration or loss, safeguarding the evidentiary value of digital information.
3. Compliance with Legal Standards: Digital forensics professionals adhere to established legal standards and procedures, ensuring that the preservation process withstands judicial scrutiny.
4. Maximizing Analytical Insights: Expert analysis can unearth valuable insights from digital evidence, shedding light on pertinent details and facilitating a comprehensive understanding of the case.
5. Strengthening Legal Position: By presenting well-preserved and analyzed digital evidence, stakeholders can bolster their legal position and increase the likelihood of achieving favourable outcomes in litigation or investigations.
In conclusion, the preservation of digital evidence is crucial in today’s digital landscape, where information serves as a cornerstone of modern investigations and legal proceedings. Rather than relying on DIY methods, entrusting the task to digital forensics experts ensures the meticulous preservation and analysis of digital evidence. By doing so, stakeholders can uphold the integrity of their case, strengthen their legal position, and navigate the complexities of digital investigations with confidence.
If you have any questions or want to book a free consultation, contact me on LinkedIn. It is the best place to reach me.
https://www.linkedin.com/in/alain-filotto
by Alain Filotto | Feb 19, 2024 | Cybersecurity, General Topic
Auto theft is up 30-50% in 2023 depending on where you live. Why is this happening? This report features the legendary Samy Kamkar. He is one of the original “white hat” hackers. In his words, “all cars use the same wireless technology and are essentially computers on wheels”. Thieves have figures out how to “hack” these computers. Did you know you can put your car keys in an “RF Faraday bag” when you get home? I use these to transport mobile devices and secure them against outside interference. Check out these for sale on Amazon:
Article here: https://www.cbc.ca/news/business/marketplace-electronic-car-theft-1.3515106
Video here: https://www.youtube.com/watch?v=ARrlhlQiFzM&t=682s
Why do this? Thieves can use a “relay” close to your front door and unlock your car in the driveway using your key fob in your house!
If you have any questions or want to book a free consultation, contact me on LinkedIn. It is the best place to reach me.
https://www.linkedin.com/in/alain-filotto
by Alain Filotto | Feb 7, 2024 | Uncategorized
An arrest made in a #sextortion case? The suspect is in #nigeria ? WOW, just amazing news! Unfortunately charges on these cases happen very, very, rarely. I’m not sure how this will turn out in the end but let’s all be hopeful that authorities in other countries will cooperate with police in Canada and the rest of the world 🙏 This case ended with the #suicide of a 14 year old boy. That is so tragic.
Article here: https://www.cbc.ca/player/play/2306958915865
Video here: https://www.youtube.com/watch?v=Y6eBYQMT0Jg
If you have any questions or want to book a free consultation, contact me on LinkedIn. It is the best place to reach me.
https://www.linkedin.com/in/alain-filotto
