Welcome to the “Working with Digital Evidence” issue of eForensics Magazine. We hope you are all doing great.
In this issue we focus on digital evidence, and we look at it from several different angles. First, we check in with multimedia evidence, both video and audio. You’ll see a discussion on digital video chain of evidence from Mark Sugrue, and an iNPUT-ACE tool overview from Sami Mekki. We also look further into speaker identification – this time with practical guidelines. To top it off, together with Michele Bousquet we take a look at the world of forensic animation and its relationship to visual effects.
In the second section of the issue you will see articles on working with other types of evidence, and you will have a chance to learn both about tools and techniques. For the first time in the history of the magazine we have a chance to look at R and its uses in forensics, thanks to our long-time author Cordny Nederkoorn. Further, we have a comprehensive guide to the Sleuth Tool Kit Suite, a short journey through methodologies, a quick walkthrough using FTK, and a presentation about our author’s own tool, XALL.
As always, we are extremely grateful to our wonderful proofreaders and reviewers – without them our work at the editorial team would not be possible.
Please feel free to get in touch with us and let us know any comments or suggestions you have.
Enjoy your reading,
and the eForensics Magazine’s
Table of contents
The Big Misunderstanding
by Thomas M. Mitchell
There’s an anomaly going on in the technology sector of every company, every organization that has data which requires security. This statement is like saying, “Something big is going on with every person that needs blood flow and oxygen going to their brain and heart.” Data is essential in modern business, all business sectors. Without this basic understanding, massive breaches will continue to cost billions of dollars and worse, lost trust for the entities involved, stifling future business.
Digital Video Chain of Evidence in the 21st Century
by Mark Sugrue
Digital evidence is now a component in the majority of criminal investigations. Video evidence, whether from CCTV, covert surveillance cameras, mobile or body-worn cameras, is important in the majority of criminal investigations. Following correct procedures in the collection and processing of digital evidence is critical. Advancing technology is creating new challenges both in the volume of digital evidence and the difficulty in both reviewing it and disclosing it at trial. There are new technologies and solutions that can help the evidential process but there are also some that represent threats. This article will take a look at different technologies in the context of video investigations, past, present and future.
Forensic Video Analysis with INPUT-ACE
by Sami Mekki
Forensic video analysis is the scientific examination, comparison and/or evaluation of video in legal matters. Video evidence can be found at more locations and from more diverse sources than ever before. From convenience stores to fast food restaurants, malls to banks, traffic intersections to parks, CCTV systems are virtually everywhere. Nowadays, cell phone videos are very popular, especially during events and on the streets; basically, people are videotaping everything with their cellphones.
Comparison of Forensic Animation and Visual Effects
by Michele Bousquet
How does forensic animation differ from visual effects in movies and games? While early forensic and entertainment animations bore a strong resemblance to one another, the two fields have since evolved separately in a variety of ways.
To understand these differences, let’s first look at how forensic animation has evolved in comparison to entertainment graphics.
A Simplified Guide for Audio Analysis and Speaker Identification
by Don Caeiro
Every case has its own characteristic aspects that need to be looked at very intricately. Many times, audio examination is required to help bring out a finding in the case. Audio files are fragile in nature and need to be acquired in a proper manner in order for the evidence to be accepted in court. Though books and articles boast about the outcomes of audio analysis, the practical difficulty is only known by the expert. Digging deeper into the realm of the subject, there are certain constraints that lead to the failure of the analysis and further to the acquittal of the criminal.
The Sleuth Kit Tool Suite
by Divya Lakshmanan and Nagoor Meeran A. R
“Give me a lever ‘long enough’ and a place to stand and I will move the earth,” said Archimedes. So as a “Precise Forensic Tool” in the hands of a competent Forensic Investigator, he can crack any case using an impeccable forensic tool suite – the Sleuth Kit. This article shall not only get you introduced to the tool, but “ignite, burn and burst” your minds with the inner workings of the “The SLEUTH KIT – TSK”.
R for Apache Log forensics: how to extract data
by Cordny Nederkoorn
Sydney, Australia, present day
G’day (a fictional content marketing firm), released just before Christmas a new online content marketing platform named ‘Koala’.
Clients are very pleased and use ‘Koala’ a lot to upload content.
But then clients notice ‘Koala’ is down every hour for at least 5 minutes
What’s going on?
XALL: a simple bash script for extracting data
by Nanni Bassetti
During a forensic investigation, we need to extract a lot of information and files. It’s important to get a fast glance to the sets of files coming from allocated and unallocated space, then we can decide if we need to index them in a database or simply take a look.
Working with Digital Evidence using FTK Imager Tool by AccessData
by Kevin Vaccaro
FTK imager is a free tool provided by AccessData. It can create forensic images of various media and can capture items such as the Windows registry along with RAM memory. In addition, it is capable of mounting of forensic images for further analysis such as malware scanning. Let’s first look at the interface.
Evidence Extraction Using Methodologies, Tools & Techniques in Cyber Forensics
The climax of a cyber case is revealed on the authenticity and reliability, retest-ability of admissible evidence, and the reliability of tools, techniques & methodologies used. Deciding between the possible ways to extract electronic evidence is one of the hardest decisions taken during investigations.
It’s a globally common issue faced by handling teams in utterly confusing situations about the methodologies, tools, techniques to be utilized for the safe and tidy process of extracting the evidence.