- Oxygen forensics vs cellebrite trial how to#
- Oxygen forensics vs cellebrite trial full#
- Oxygen forensics vs cellebrite trial trial#
Mark Pollitt (one of my early graduate school and career mentors) titled The key to forensic success: examination planning is a key determinant of efficient and effective digital forensics. A good read that approaches this process head-on is the article written by Dr.
Oxygen forensics vs cellebrite trial how to#
There are dozens of models that describe the digital forensic process and how to approach this planning. This better planning, in turn, led to better, more concise reports. At the end of this I was asking myself “What if better planning had been executed?” Later in my career I sought to answer these questions BEFORE I began the case rather than after. Everything else had been dropped early on.
Oxygen forensics vs cellebrite trial trial#
After the trial the prosecutor thanked me for the report and made the statement that he was only concerned about the gun keywords and nothing else (as the gun theft/crime was the only charge the suspect was facing). The suspect ended up taking a plea deal over a single Google search that I found on the laptop that matched the model of gun stolen. The report took forever to draft because of the complexity of the searches and steps performed. Even when drafting the report, the detective was STILL giving me keywords! A process that should have taken a few weeks weeks took months and hours of fruitless searches.
This process repeated itself it least 4-5 more times over the course of the next 3 months. Multiple times throughout the course of that case, the detective continued to drop by the lab to supply me with intelligence which was nothing more than additional keywords and suspect names to search for pertaining the case. The detective on the case brought me a phone, laptop, and thumb drive that they had seized as part of the case. “Failing to prepare is preparing to fail” -Coach John WoodenĪs a young examiner years ago I was working a case that involved a hodgepodge of stolen items: guns, money, and a dog (yes a dog). Without wasting any time let’s start with the question you should be starting with: “Where do I start?” For me a good report ALWAYS starts with two important phases: That all said, I’ll do my best to address these (and a host of other things) in this post.
These concerns bring about questions such as: What templates do I use? What headings do I include? How do I list figures? The list can go on and on and on. Are you prepared to explain your highly technical findings to a lay audience? Furthermore, does the report prepare YOU to explain your findings? When the case goes to trial and you are called upon to testify a year or more in the future will you be able to remember the case based simply from the details you included in your own digital forensic report? Better yet, will someone else be able to make sense of (or even validate) your findings if you’re not around to explain them? Newbie or seasoned examiner, it doesn’t matter. However, that grandmother may be a supervisor, client, attorney, or even a judge and/or jury who will ultimately read and interpret your report. I always tell students and colleagues that everything should distilled down to “make sense to “your 80 old grandmother.” I think most all of us can relate to that funny, yet so-true symbolism. As digital forensic examiners/analysts it’s a given that we must report and present our findings on a very technical process in a simplistic manner.
Hence, the motivation to put together a compendium of resources and “lessons learned” into a single living resource per-se.
Oxygen forensics vs cellebrite trial full#
Year after year I’ve given the same answer: a list full of outdated links and a verbal “laundry list” collection of tidbits and other documents I’ve collected and have seen work over my 15+ years of working in this field. You wouldn’t believe how many times that question gets asked out of me here at Marshall University (and sometimes in the DFIR community). “How do I write a good DFIR report?” -Literally Everyone at some point
0 kommentar(er)
