Digital Forensics Exams Aren't Linear

Current Situation.



I'm just sitting here taking notes about my case notes from a recent iPhone exam. It's not uncommon for me to do this, especially when the case is huge and I've had to dig through lots of different artifacts. 


Now, you're wondering why my case notes are so disorganized. They're not. I was following the evidence. They're organized in that fashion. The problem is that looking for and finding the answer to one question can often leads to more questions - probably 3 to 5 more questions. I keep going down the rabbit hole looking for answers to the question. Sometimes I have to jump back up to the top once I've either found the answer or realize it was just a shiny object and should have never been followed. Knowing what doesn't relate to the case can be just as important as the things that do.


Why do I do this? Why am I taking notes about my notes? I'm backing farther out and looking at the case from the 10,000 foot view. This helps me take all the individual puzzle pieces and put the actual puzzle together. Sometimes, I find that I'm missing a piece, and then I dive back into the case looking for the missing piece.


Digital Forensic Exams aren't linear. You may jump all over the place, and you'll probably do it several different times. It's not bad. It's not wrong. It just demonstrates how important your case notes are.
Location: Lincoln, NE, USA

Comments

Post a Comment

Popular posts from this blog

The Rising Cost of Mobile Forensics

Image
The cost of mobile forensics is increasing, and it's not just the price of the software to blame. As mobile phones continue to become more complicated and capable of doing more super cool things, the ability to retrieve and analyze data takes longer because it's all become more complicated. Gone are the days of the quick, 16-hour examination of an iPhone. If your client only cares about the content of texts, emails, and pictures, then, sure, you could grab that for them in 16 hours. But if you need anything more in-depth (and you will), it will take a lot more analysis and time than that. Things change in every update, which means the examiner must spend more time analyzing, testing, and validating the data. Even IF something has NOT changed with an update, many mobile device exams require some testing and validating of the data. All of this increases the prices passed to the clients in three ways. First, the cost of the software is passed along. Second, the longer it takes t...
Read more

Time is the longest distance between 2 points

Image
 "Time is the longest distance between two points."   These words by Tennessee Williams resonate deeply, considering the fragility of our memories and the challenges they pose in crucial moments. Imagine finding yourself on the witness stand, desperately grasping for recollections from the distant past. In this crucial moment, the true weight of time becomes evident.   The importance of detailed case notes cannot be overstated in legal proceedings. They are a vital link that connects our present selves with our past actions. Without them, our memories may falter, we have nothing to refresh our memory, and the quest for truth becomes an arduous struggle.   Case notes are the guardians of our actions, meticulously capturing what we did, discovered, what we found, and even what we didn't. They are the tangible records that safeguard the integrity of our recollections, preventing them from slipping away into the abyss of time.   Picture yourself in ...
Read more

How AI & Deepfakes lead to Sextortion

Image
Buckle up, and prepare yourself for the dark side of technological progress because AI is no exception to the rule. Imagine a world where scammers wield the power of AI to create mind-boggling deepfakes, exposing you in compromising situations. These sextortion scams have reached a whole new level of maliciousness. Let me shed some light on two prevalent ways these scams are executed: Picture this: someone close to you possesses naked pictures of you and shamelessly uses them to manipulate you into doing something you'd rather avoid. It's a terrifying thought, especially considering the perpetrator's familiarity with you. OR Picture receiving a random email that boldly claims to have a treasure trove of your intimate photos. Your disbelief drives you to click the link, only to realize you've fallen into a trap. As a result, your online accounts and even your beloved devices become vulnerable to compromise. I worked several sextortion cases in the FBI; some were your ave...
Read more