The world of digital forensics is ever-changing as technologies evolve. As a result, our methods in the collection and analysis realm have evolved to match. When collecting data and conducting analysis, IST Management uses the best in digital forensic tools to swiftly capture data from various sources.
Data lives in an amazing amount of places these days. Not too long ago, the computer was the first and last stop in an investigation. Luckily, we have cloud and mobile data to supplement this. Data collection from these sources involve the use of Magnet Axiom and Cellebrite UFED. These two tools also aid IST in the preservation of social media content such as timelines, messages, comments and posts.
You might have heard about Cellebrite. When the need for mobile data collection arises, Cellebrite is the preferred tool by federal agencies, local law enforcement, and the private sector. Supporting tablets, mobile phones, and even drones, Cellebrite allows IST to quickly extract and report on mobile data. Cellebrite is an essential tool when dealing with Android, Apple, and even feature phones. Deleted content, GPS locations, calls, texts, and web history are just a small sampling of what Cellebrite allows IST to analyze.
The Cellebrite Reader report provides you with a dynamic and intuitive review environment containing customized data. This allows you to browse the contents of the entire mobile device – or – view a filtered subset of data from the device. After review, PDF, HTML, and subsequent Cellebrite Reader reports can be generated on the spot.
Remote collections provide you with a simple option to quickly collect data from across the country through the use of Tableau disk duplicators. These units are provided preconfigured to capture information from a computer, external drive, or USB device. Collecting data through the Tableau expedites the collection phase and encloses the data in protected containers ready for ingestion into Relativity. We also supplement our remote collections through the use of ADF Digital Evidence Investigator. Through ADF, we are able to program custom collection drives that seek out and preserve desired data once these are plugged into a computer.
When it comes to Mac devices such as MacBooks and iMacs, we implement BlackBag MacQuisition and BlackBag Blacklight to preserve and examine the data. These tackle the challenges of the new APFS Apple filesystem through cutting-edge collection routes.
Email is incredibly important in almost any investigation. We utilize Aid4Mail when tackling the collection of email from remote sources. Data is stored within a .pst container and takes place with minimal interruption to the custodian’s day to day email usage. Gmail, GoDaddy, Yahoo and more are quickly accessed once credentials are provided. Collected email is ready for Relativity ingestion. Thanks to the .pst format, the collected data is in a friendly format for a multitude of uses.
The discovery process can be challenging when confronted with a multitude of devices. Rest assured, IST is equipped to navigate through this with fantastic tools that make getting data from the custodian to review efficient and securely.