Wisconsin Certified Computer Forensic Examiner Recovers Hidden Data
The term “digital forensics” didn’t exist 20 years ago. Unlike traditional forensics, which has its roots in the late 19th Century, digital forensics is still a relatively young field, one that must be agile and able to change and adapt as quickly as the technology it is used to investigate.
Much like the phone in your pocket, what was cutting edge only a couple years ago is already many generations old.
First, let’s debunk what you might think of digital forensics analysis:
- It is not aviator sunglasses and black SUVs
- It’s not an instantaneous magic answer that pops up at exactly the right time--usually just before the killer finds his next victim, according to the TV shows
- It’s not big touchscreen monitors with fancy graphics and people saying “enhance” until the blurry image miraculously comes into focus
Digital forensics is the process of peeling back the layers of user interface of any digital device--from a simple USB thumbstick or CD/DVD to a mainframe computer--reading the 1s and 0s hidden where no one else can find them, and piecing them back together into a format anyone can understand.
If it sounds difficult and extremely technical, that’s because it is.
Like the prospector digging for oil where others have failed, it’s a lot of work, but when you find what you’re looking for, it is very, very rewarding.
What Can Digital Forensic Investigators Do?
Recover Deleted Files, E-Mails and Text Messages
Computers record data in two places: memory and storage. While they might sound similar, there is a very important distinction between them. Memory, like the RAM in your computer, is volatile. Programs on your computer use the RAM to access the files they need to operate correctly, overwriting any files which aren’t immediately needed.
When the computer’s power supply is cut off, everything stored on the RAM slowly disappears.
Storage, on the other hand, is involatile, or stable data. This would be like the hard drive on your computer, which uses a magnetic disk to store binary data, or flash memory like you find on a USB thumbstick or the growing number of solid state, or SSD, hard drives.
With the right tools and thorough technical training, digital forensic examiners can uncover data which is inaccessible by any other methods. This includes deleted files, pictures, documents and e-mails which were stored to the hard drive, as well as chat logs from Yahoo! or Windows Live messenger which are stored on the RAM.
SSD drives pose a particular challenge to digital forensic examiners and represent the kind of constant change which makes digital forensics an ever-evolving science and art form.
Track Cell Phones and Tablets
Mobile devices, such as iPhones, iPad and iPods, and Android or Windows smartphones and tablets are examined in much the same way as computer hard drives. With just a little time, all of the information on the device can be copied and ready to examine.
From this copy, or “image” of the device contents, we can uncover text messages, e-mails, internet and app use and download history; anything the device has been used to do, and where it was used to do it.
If you suspect your spouse or significant other of infidelity, this process can find apps like Tindr or OkCupid, even when they’re hidden by an app masking program. Even the time-limited pictures sent from Snapchat don’t really “disappear forever,” meaning you can find out if your teens have been exchanging inappropriate material.
Mobile devices, especially those containing GPS chips, not only record what and when information is downloaded or exchanged, they record where the device was at the time it happened. Even devices with GPS turned off can sometimes be tracked through their WiFi use.
The ability to track a cell phone and correlate location with the time messages were sent and received can be a very powerful tool in establishing or debunking an alibi.
Find Secret Accounts and Track Internet Use
Uncovering internet habits is often times the best way to find out if your spouse is cheating online, or is leading a secret life, hidden from their friends and family, or if an employee has been abusing company time and equipment.
A skilled digital forensic examiner can recover deleted internet histories, browser cookies, and downloaded photos, graphics and documents.
It is also possible to unlock secret accounts to social media platforms such as Facebook and Twitter, or adult dating sites like Ashley Madison and Tindr.
At Spindletop Investigations, it is our legal responsibility to refer any instances of suspected child pornography we might find to local authorities. For more information regarding this legal responsibility, please refer to our Confidentiality notice at the bottom of the page.
Milwaukee Private Investigator Digs up The Dirty Truth
Spindletop Investigations has the tools, training and accreditation to unearth the digital secrets people leave behind.
We work with families and individuals looking to uncover secret behavior of spouses or employers trying to discover fraud or inappropriate use of company equipment, and lawyers who use our specialized expertise to ensure they have all of the information they need at discovery.