forensic world, including best exploring the many aspects
TRANSCRIPT
An Overview of Digital Forensics
Defining Digital Forensics and exploring the many aspects of the Forensic world, including best practices and methodologies.
eDiscovery Webinar Series
About Our Webinars
An Overview of Digital Forensics eDiscovery Webinar Series
● Webinars take place monthly and cover a variety of relevant eDiscovery topics
● If you have technical issues or questions, please email [email protected]
● Lexbe webinars are available for viewing (streaming video), and downloadable as a PDF Presentation or an MP3 podcast.
● This Webinar and a complete listing of other onDemand webinars is part of the: Lexbe eDiscovery Webinar Series
● For notices of future live and on-Demand webinars as part of this series please email us at [email protected] or: Follow us on LinkedIN
About Lexbe
An Overview of Digital Forensics eDiscovery Webinar Series
◼ Serving boutique law firms for more than 15 years
◼ Based in Austin TX
◼ Developed a Native End-to-End eDiscovery Application Hosted at Amazon Web Services
◼ Lightning Fast, Feature Rich & Highly Affordable
◼ Purpose-Built for DIY eDiscovery for Boutique Law Firms
“Cost-effective eDiscovery” “Secure, easy-to-use and a great review tool for
consideration”
“A powerful litigation document management service”
G2 Crowd finds that Lexbe “delivers best ROI in the industry and leads in 6 key metrics.”
Speaker
An Overview of Digital Forensics eDiscovery Webinar Series
● Nick Marrero -Lead Digital Forensics Examiner with Lexbe
● Digital Forensics Expert and Consultant
● 10+ years Experience in Digital Forensics
● Bachelor of Science - Computer Forensics○ Bloomsburg University of Pennsylvania
● Certified Cellebrite Operator | Certified Cellebrite Physical Analyst
● Forensic Experience within the Oil & Gas, Retail, and Healthcare Industries
Nick MarreroDigital Forensics [email protected]
eDiscovery Webinar SeriesLexbe Confidential
MOBILE DEVICE GROWTH & EVOLUTION
Mobile Application Downloads
Cisco Annual Internet Report (2018–2023) White Paper
eDiscovery Webinar SeriesLexbe Confidential
COLLABORATION APPS ON THE RISE THANKS TO COVID
eDiscovery Webinar SeriesLexbe Confidential
MOBILE DEVICE GROWTH & EVOLUTIONForensic & Discovery Considerations
● Corporate owned / Personally owned / Bring Your Own Device (BYOD)
● Wireless carrier services and data
● Shadow IT
● Data portability
● Location-based data
● Encryption
● Social media apps
● Ephemeral messaging apps
eDiscovery Webinar SeriesLexbe Confidential
MOBILE DEVICE GROWTH & EVOLUTIONEphemeral Messaging
● Messages that exist for a limited period of time and then
self destruct
● Waymo LLC v. Uber Technologies
eDiscovery Webinar SeriesLexbe Confidential
Common Texting & Messaging Services
Apple iChat
Android Message
GROWTH IN NON-EMAIL ESI EVIDENCE
eDiscovery Webinar SeriesLexbe Confidential
BREAKDOWN BY APPLICATION
eDiscovery Webinar SeriesLexbe Confidential
VARIOUS APPLICATIONS EQUALS VARIOUS FILE TYPES
Agenda
● What is Digital Forensics● Digital Forensic Best Practices● Planning and Executing Collection● Types of Digital Media● Computers and Hard Drives ● Mobile Devices● Cloud and Webmail● Hash Values● Deleted Data● eDiscovery Integration
An Overview of Digital Forensics eDiscovery Webinar Series
What is Digital Forensics
An Overview of Digital Forensics eDiscovery Webinar Series
● The identification, preservation, recovery, and analysis of digital media.
● Protection of Data Integrity
● What data and information can uncovered?
● What data can be changed or altered?
● Why need a Digital Forensics Examiner?
Digital Forensic Best Practices
An Overview of Digital Forensics eDiscovery Webinar Series
● Documentation - Chain of Custody, Photographs, Condition of the Device
● Proper Evidence Handling
● Write Blockers - Prevents the evidence from being modified during preservation.
● Coordination and strategy agreed upon between the requestor and examiner.
● Examinations should not be performed on the original media but rather on the forensic image.
● Reporting - provide all relevant and pertinent information in a clear and concise manner
● Return of Devices
Digital Forensic Best Practices- Proper Evidence Handling
An Overview of Digital Forensics eDiscovery Webinar Series
● Coordination between sender and receiver should be discussed prior to exchange ● Standard shipping practices are insufficient
○ Ensure that a signature by the named receiver is requested● Tracking numbers should be logged and communicated● All handling of material should be properly logged, including on the chain of custody ● Devices should be securely stored
Digital Forensic Best Practices- Write Blocker
An Overview of Digital Forensics eDiscovery Webinar Series
● Absolutely critical to ensure that data is not altered● Creates a read-only version, preventing anything from being “written” to the original ● 2 types, physical device or software
○ Physical device connects to device being examined and the forensic examiner’s workstation for review■ Tableau■ CRU Wiebe Tech■ Cool Gear
○ Software installed on forensic workstation allows them to review the connected hardware without disturbing the data■ Safeblock■ USB Write Blocker■ SoftBlock (specifically for Mac’s)
Digital Forensic Best Practices- Coordination & Strategy
An Overview of Digital Forensics eDiscovery Webinar Series
● Scope should be agreed upon between the requestor and examiner, including timelines● Passwords and Pins should be requested and shared● Agree upon what can and can’t be performed ● The delivery of devices as well as the return should be discussed and coordinated before exchange. ● Clear line of communication with point person on both sides
Digital Forensic Best Practices- Forensic Imaging
An Overview of Digital Forensics eDiscovery Webinar Series
● Forensic tools make a bit for bit copy of the original data● The forensic image is an exact copy for the examiner to review● Source device should always be imaged if possible
Formats include:.RAW (DD).EO1 .LO1 .AD1 .SMART
Digital Forensic Best Practices- Reporting
An Overview of Digital Forensics eDiscovery Webinar Series
● May or may not be necessary depending on circumstances
● Crucial when an actual analysis or investigation is occuring
● Criteria for a report include:○ All aspects of the case○ Every part of the documentation○ All evidence and findings uncovered in analysis○ Err on the side of being overly inclusive
Digital Forensic Best Practices- Return of devices
An Overview of Digital Forensics eDiscovery Webinar Series
● Should be done as soon as possible● Ensure the device goes back to correct party● Closes chain of custody
Planning and Executing Collection
An Overview of Digital Forensics eDiscovery Webinar Series
● What needs to be acquired?
● Physical Collection vs Remote Collection.
● Coordination with the client and the custodian.
● The right tools for the job.
● Chain of Custody.
● Best Practices.
● Return of Devices.
Chain of Custody
An Overview of Digital Forensics eDiscovery Webinar Series
● All device details○ Device Type○ Device Manufacturer, Make, and Model○ Serial Number○ Device Description and any other identifying features.
● Signatures○ Printed and Signed names of the received by and
received from parties.
● Dates and Times○ When was the device collected?○ When was the device transferred to another party?○ When was the device returned or stored?
● Case Information
○ The case or company the device is tied to.
Types of Digital Media
An Overview of Digital Forensics eDiscovery Webinar Series
● Computers and Hard Drives○ Desktops○ Laptops○ External Hard Drives○ USB Thumb Drives○ Gaming Systems
● Mobile Devices○ Smart Phones○ Cell Phones○ Tablets○ GPS
● Cloud○ Google○ Apple○ Microsoft
● Webmail○ Gmail○ Yahoo○ Office 365
Computers and Hard Drives
An Overview of Digital Forensics eDiscovery Webinar Series
● Computer Operating Systems○ Windows○ Mac○ Linux
● Remote PC and Mac Collections
● Portable Devices○ USB Thumb Drives○ External Hard Drives○ CDs, DVDs, Blu-Ray
● File Systems○ NTFS○ FAT (FAT12, FAT16, FAT32)○ exFAT○ APFS
● Gaming Systems
● Forensic Imaging and Analysis Tools○ Magnet Axiom○ EnCase○ FTK○ X-Ways○ Sleuth Kit (+Autopsy)
Mobile Devices
An Overview of Digital Forensics eDiscovery Webinar Series
● Mobile Device Operating Systems○ iOS○ Android○ Windows○ RIM (Blackberry)
● Forensic Tools○ Magnet Axiom○ Cellebrite○ EnCase○ Oxygen
● Data Acquisition Types○ Physical○ Logical○ FileSystem○ Manual
● Data Extractions○ Chats/Messages○ Photos/Videos○ Call Logs○ Locations○ Email○ Contacts○ Calendar○ Notes○ Web Browsing
Cloud and Webmail
An Overview of Digital Forensics eDiscovery Webinar Series
● Cloud○ Apple iCloud○ Google Cloud ○ Microsoft OneDrive○ Dropbox○ Box.com
● WebMail○ Gmail○ Hotmail○ Yahoo○ Office 365
● Social Media○ Facebook○ Twitter○ Instagram○ Uber○ Lyft
● Business
○ Slack○ Teams
● Cloud Collection Tools○ Magnet Axiom○ Cellebrite
Hash Values
An Overview of Digital Forensics eDiscovery Webinar Series
● A hash value is a numeric value of a fixed length that uniquely identifies data.
● Hash Types○ MD5○ SHA-1○ SHA-256
● Hash values are used to verify the integrity of data
● Hash values of source data can be compared to the copied or transferred version of that data to determine whether or not that data has been altered.
Metadata
An Overview of Digital Forensics eDiscovery Webinar Series
● Data about Data.
● Every single file on any digital device has some amount of metadata associated with it. The type and amount of metadata related to a file can vary.
● Metadata can provide specific information to further understand a timeline of events regarding a file..
● Information found in the Metadata:○ Creation Date/Time○ Last Modified Date/Time○ Author○ File Name
Deleted Data
An Overview of Digital Forensics eDiscovery Webinar Series
● Oftentimes, files deleted by the user can still be found and recovered from the device.
● Data needs to be overwritten for it to be lost.
● Partial recovery of data is possible if only part of the deleted files’ original location is overwritten.
● Files that have been recovered from a drive’s free space may not include the metadata required to prove ownership of the file, timestamps, or original storage location
● Deleted files from mobile devices can be more difficult to recover due to their free space being unavailable to access.
● Solid State Drives can automatically overwrite deleted file storage locations with zeros.
eDiscovery Integration
An Overview of Digital Forensics eDiscovery Webinar Series
● Data collected using forensic tools can be ingested into eDiscovery Review Platforms.
● Data forensically acquired directly from the source.
● Data can be uploaded in different formats○ Raw Data○ PDFs○ Spreadsheets
● Can be available for immediate client
review after forensic collection.
Key Takeaways
An Overview of Digital Forensics eDiscovery Webinar Series
● Digital Forensic acquisitions can provide data from a range of digital devices.
● Always follow best practices.
● Types of forensic images.○ Physical○ Logical○ Targeted
● Forensic Analysis and the information that
can be found.
● Hash values - The “fingerprint” of a file.
● Metadata - Data about Data.
● Deleted files - they may still be uncovered.
● Forensics and eDiscovery
eDiscovery Webinar Series
END TO END E-DISCOVERY IN THE CLOUD
Lexbe Confidential
◼ Full-Featured◼ DIY◼ Infinitely Scalable◼ Accessible with a Browser
eDiscovery Webinar Series
THE LEXBE UBER INDEXNative Characters
Translated Characters
All Characters From Native Files are Extracted and Included in the Uber Index.
All OCR Characters are Extracted and Included in the Uber Index.
All Images are OCR’d, Characters Extracted and Included in the Uber Index.
Lexbe’s Translation Engine Feeds the Uber Index All Translated Characters
OCR Characters
Image OCR Characters
◼ Multi-source concatenated singular index
◼ Lightning fast
◼ Seamlessly add documents without re-indexing
Lexbe Confidential
eDiscovery Webinar Series
Audio Files Transcribed in the Lexbe eDiscovery Platform
Lexbe Confidential
Review transcription files and quickly identify and tag where on the audio track the evidence resides.
Lexbe’s AI Powered Transcription automatically identifies and designates each speaker.
eDiscovery Webinar Series
ADVANCED APPLICATIONS OF AI
Lexbe Confidential
Audio & Video File Transcription
LanguageTranslation
ImageRecognition
SentimentAnalysis
◼ Utilizing Neural Networks for advance machine learning and high-quality results
eDiscovery Webinar Series
INDUSTRY LEADING PRICING
Lexbe Confidential
Service Relativity LexbeProcessing $125 per GB $0
User Fees $95 per User $0
Technology Assisted Review $30 per GB* $0
Near Duplication * Included with Relativity Analytics
$0
Email Threading * Included with Relativity Analytics
$0
Hosting $8 per GB per Mo. $5 per GB per Mo.
AI Insights N/A $0
Learn More About Lexbe
An Overview of Digital Forensics eDiscovery Webinar Series
● The Lexbe eDiscovery Platform, is our cloud-based processing, review and production tool. Designed for Attorneys/legal staff to be DIY and easy to use, with no users fees or case fees. Free standard loading with annual plans.
● Learn about our high-speed/high-capacity eDiscovery services, and expert professional services.
Request a personalized demo and expert consultation today!
1-800-401-780 x22 | [email protected]
‘Cost-effective eDiscovery’
“A powerful litigation document management service”
“Because of the Lexbe software, the entire playing field has been leveled for my firm.”
‘Lexbe cost advantages, SaaS convenience and search capabilities appeal to many small firms
“Lexbe is the easiest eDiscovery software I have ever used’
‘Secure, easy-to-use and a great review tool for consideration’