iPads, Tablets, eReaders and Other Mobile Devices
File storage and data communication is certainly not limited to desktop and laptop computers, or mobile phones. The ever increasing popularity of digital devices, like the iPad and other tablets, iPods, netbooks and countless other devices can be forensically analyzed, yielding plenty of potentially valuable digital evidence that may be able to be extracted.
A good example is Apple’s iPad, some models can store 64 Gigabytes of data and connect on the 3G network, so data can be transmitted without Wi-Fi, making detection much more difficult.
When deciding what devices require analysis remember to keep these devices in mind.
Vehicle Event Data Recorder and Navigation
Vehicle navigation systems store recent locations and even GPS fixes for later use as cached data. Often this data can be extracted from a vehicle’s navigation system and used to reconstruct where a vehical was at a given time. Valuable information for sure.
While most vehicles do have a true Event Data Recorder (EDR), all have Electronic Control Units (ECU) to monitor events such as airbag deployment, braking and differential slip, among other events. While this data is used by vehicles to monitor and control systems, the data it saves maybe used to reconstruct a vehicles operation at the time of a crash or pursuit.
Voicemail, Copiers, Printers and Faxes
Office systems, like copiers, printers and voicemail, can be a wealth of information. VoIP (Voice over Internet Protocol) and PBX use some form of storage for voicemail. Many systems leave messages undeleted when a user’s mailbox is disabled, or even deleted, and sometimes these deleted voicemail messages thought lost forever can be forensically retrieved from these systems by GDF’s digital device experts.
Copiers and copy/fax/scan systems, or all-in-one’s (AIOs) have disk drives that contain images of documents scanned and copied, sometimes for years. The digital evidence these systems hold may be valuable keys to a case, or even prove to be the elusive “smoking gun” wins the case.
Chip-Off Forensics, JTAG Access and Custom Boards
GDF has the experts and facilities to extract data directly from many types of memory chips using a process called Chip-off forensics. Our facility has X-Rays, de-balling equipment, development boards and more for the forensic analysis of chips from many types of devices. Chip-off Forensics involves the removal of storage chips from the board within devices and is used when access to storage cannot be accomplished through a connector, or if the device is too damaged to access through conventional means.
GDF technicians have successfully removed and analyzed chips from dozens of devices types when all else failed.
Other Sources of Potentially Critical Data
Mobile Devices such as mobile phones, iPads, Blackberrys and tablets can contain vast amounts of important data.
Webmail, social networking and file transfer sites, like Dropbox and YouSendIt, are often used to transport large amounts of data and can hold key evidence. With our “online” lives today, it can be a goldmine of evidence.
GPS Devices in automobiles, mobile phones and fleet management systems can hold clues to where a person or vehicle has been. So much for that alibi.
Cloud storage and cloud applications are also becoming increasingly popular, with services like SkyDrive and iCloud already allowing users to store gigabytes or even terabytes of data on the Internet for free. Corporations are also starting to follow the trend, using cloud based providers such as Amazon EC2, just one among a quickly growing list of providers, already maintaining petabytes of data “in the cloud”, which can also often be scattered across multiple continents. It can be like looking for a particular grain of sand in an international sandbox.
Office copiers may have hard disk drives as well, depending on make and model. GDF has been able to extract literally every document printed by a copier. Coupled with fax servers and print servers, it can be a real game-changer in those hard-copy circles.
Databases, whether small business accounting packages like QuickBooks, or massive Enterprise Resource Planning (ERP) applications like SAP or Oracle Financials, a tremendous wealth of information may be found. Not to mention other databases like financial trading packages, document and knowledge management systems, or even search engines, among many others, offering near limitless evidentiary possibilities.
Hosted Applications or SAS (Software as a Service) Applications come in a multitude of flavors, and with the massive bandwidth available nearly everywhere these days, systems like Salesforce.com, QuickBooks Online, Microsoft Office 360, Zoho, or Via can hold the needle in the haystack that makes your case.
Digital Voicemail can lead to some of the best kinds of evidence. Nothing hits harder than words right from the horses mouth.
Event Data Recorders (EDRs) being fed information from various Electronic Control Modules (ECMs) are common in many vehicles on the road today. Analysis of these devices can be a tremendous aid to crash forensics investigations to determine exactly what happened.
Network Attached Storage (NAS) devices have been increasing in popularity since 2010. Being that they are designed to simply be huge data repositories, it goes without saying that the haul could be tremendous from an evidentiary standpoint.
RFID, or Radio Frequency Identification chips and devices are popping up everywhere. These tiny devices are a way to track anything, people, assets, inventory and anything else you can imagine. They are even in all new American passports. And when it comes to evidence, for anything that can be electronically tracked, it is another potential source of valuable evidence for your case.
Offsite storage and backups often yield data that parties don’t even realize exists. For example, GDF was able to locate, process and extract data from tapes sent to offsite storage that was years old. GDF discovered the IT manager never sent a destruction request, so the storage company simply held the data. Additionally, online backup services like Carbonite have grown in popularity and can also bring loads of useful, relevant data into play to help your case.
And many more …