Windows 8 retained many of the key artifacts that were present in earlier versions, however, its immersive experience also leans itself to artifacts nonexistent in previous releases.

Full Story

This brief (approx. 9min.) introduction into the world of digital video evidence is intended to provide law enforcement professionals with a better understanding of the basic concepts and related issues.  It was geared towards first responders, who in many cases are the ones initially seizing video evidence.

Dept: 2233F

Position:Advanced Specialist 1 – Forensics (FOR) (TS6NP)

Title: Audio-Video Examiner

Specific Responsibilities:

Candidate will work within a fast-paced dynamic audio-video exploitation laboratory environment serving customers in the military, law enforcement, and intelligence community.

The position will be responsible for the forensic examination of audio and video, including the exploitation and enhancement of audio, video, and still images. The position will be responsible for providing results in finished products or detailed analytical reports. The position will require attendance at meetings and collaboration with internal and external resources to remain knowledgeable on rapidly evolving digital media technology.  The position will collaborate with software engineers to research, evaluate, test, and validate new audio and video forensic products.

Brett Shavers, author and one of the main developers of the WinFE forensic boot environment, has released a free online training course on WinFE.

Online training is a great way to supplement classroom training, providing it's from a well organized and reputable source. It's great to see more options for online and flipped classroom training related to digital forensics, and I can assure you you'll be seeing even more soon! ;)

"Who, me?" Yes, especially you.

As USB thumb drives and memory cards get larger and cheaper, it's getting easier to trust much more of your data to them. It's also much easier to mistakenly erase data or have them hiccup on you. And if you're in the habit of holding on to that data for too long -- for example, not transferring photos from your camera's memory card -- disaster is almost guaranteed to strike at some point. What happens then?

Full Story

EXT4 is a next generation file system replacement for the EXT2/EXT3 family of Linux file systems. It was accepted as "stable" in the Linux 2.6.28 kernel in October 2008[1]. As of this writing, it's starting to appear as the default file system in newer versions of several Linux distros. While the developers did try to maintain some degree of backwards compatibility with EXT2/EXT3, there is quite a bit that's new and different with EXT4. Popular forensic tools like the Sleuthkit are not fully compatible with these changes in EXT4, although some of their functionality does still work.

Full Story

The Scientific Working Group on Digital Evidence (SWGDE) is pleased to announce posting of the following fourteen new draft documents for public review and comment at https://www.swgde.org/documents/draft-released-for-comment

• SWGDE Best Practices for Acquiring Online Content (21-F-001-1.1)
• SWGDE Best Practices for Apple MacOS Forensic Acquisition (23-F-005-1.0)
• SWGDE Best Practices for Digital Forensic Video Analysis (18-V-001-1.1)
• SWGDE Best Practices for Drone Forensics (21-F-002-1.1)

A technology built into many new solid-state drives (SSDs) to improve their storage efficiency could inadvertently be making forensic analysis at a later date by police forces and intelligence agencies almost impossible to carry out to legally safe standards, researchers have discovered.

The detailed findings contained in Solid State Drives: The Beginning of the End for Current Practice in Digital Forensic Discovery? by Graeme B. Bell and Richard Boddington of Murdoch University in Perth, Australia, will make unsettling reading for professionals in the digital forensics field and beyond.

Full Story

Peer networking and participation in professional associations are both integral components of keeping abreast of your field. The key word in that sentence is participation. Simply joining a group brings little value; volunteering and being actively engaged as time permits increases value exponentially.

The Technical Support Working Group (TSWG) recently made their flip-book "Best Practices for the Retrieval of Video Evidence from DCCTV Systems" available electronically as a PDF file.  Visit the URL below to access the PDF and other TSWG resources:

http://www.tswg.gov/subgroups/isf/electronic-evidence/products.html