There are situations where it can be advantageous to keep your digital evidence, or hardware containing digital evidence instead of destroying it or relinquishing custody. For example- an iPhone 3Gs was turned over to McCann Investigations in a case in 2010. The iPhone was locked and encrypted with a passcode. At the time, the most up to date forensic software could forensically read an iPhone, but only if it was not encrypted or if the passcode was known. If the passcode was incorrectly entered 10 times, the phone would erase itself as a sort of self-destruction mode.
McCann Investigations worked with the iPhone's owner to guess what his ex-girlfriend may have set the passcode to just before giving the phone back to him. After the 8th wrong guess, I suggested we keep the iPhone in its current state. The technology may advance to a point where we can bypass or recover the passcode and gain access to the phone.
We spoke to several mobile phone forensic companies, but none had the technology to work around this issue. We were able to partner with one of the companies as a beta tester to work with developers to finally find a solution. A year later there was a solution developed to "brute force" the iPhone passcode and the phone was able to be unlocked and the data used as evidence. We were finally able to image the phone and get the client what he wanted. The client was very happy to finally know the truth.
Another example is password protected files. With certain types of password protection, it can take years or even decades to break a secure password. But with technology progressing at a rapid rate, sometimes there are new methods discovered to completely bypass what was once thought to be a secure password algorithm. For passwords that have to be recovered by trying one-at-a-time there are still advancements in processing power that can dramatically reduce the amount of time it takes to "crack" passwords. Also, technologies like rainbow tables that pre-compute password hashes and allow them to be very quickly compared to a stored password hash. Now many password recovery programs are able to leverage the powerful GPU chips in computer video cards.
There was recent case that McCann Investigations thought was a closed case. But the client called and said they wanted to use the data recovered from their smartphone for another hearing. After looking at the original report we researched updates for the client's smartphone and discovered that there was an update to the SMS parsing module for the phone. We re-ran our forensic software on the forensic image we still had for the phone and were able to provide the client several newly recovered SMS (text) messages that were not able to be un-deleted before the software update. These messages significantly strengthened our client's case.
Regardless of whether the device is a laptop, PC or Mac or iPhone there is always digital evidence to hide if you're having an affair. If you know what to look for, you can often find the evidence of an affair yourself. If you need to delve deeper to find the evidence such as recovering deleted texts or pictures or other data, then you will need a computer forensics expert.
McCann Investigations can help make a difficult situation manageable and get you quickly on the course of rebuilding and moving forward. Call us toll-free at 800-713-7670 or Visit us Here .
McCann Investigations is a full service private investigations firm encompassing computer forensics, digital debugging, network breaches as well as traditional private investigations. McCann Investigations Texas-based One Source, One Provider solution removes the need to hire multiple providers for your Electronically Stored Information (ESI) investigative needs. McCann Investigations' computer forensics, digital forensics, and electronic discovery services serve law firms, private industry, and government with the same dedication and expertise that has had clients turning to McCann for over 25 years.
Use and distribution of this article is subject to our Publisher Guidelineswhereby the original author's information and copyright must be included.
No comments:
Post a Comment