This week you read about the various tools that are on the market place that can image and analyze computer evidence. Different examiners and different organizations use different tools based what type of investigations they do, personal preference, and, often, financial considerations (these tools are expensive!) One industry best practice in cases, particularly criminal cases, is the practice of dual tool verification. This means that the examiner conducts the same search on data images, to verify the information and to make sure there is nothing missed on either tool. For example, I may have used Forensic Tool Kit (FTK) to examine a hard drive in a contraband image case, but I would also examine the disk image in EnCase, to a) cover my bases, investigation wise, b) to cover my butt, legally, and c) FTK is considered slightly better or easier to use for graphics cases but EnCase is considered better for file evidence recovery. It serves me, as the investigator well, to use two tools to verify my work, verify the evidence, and verify I didn’t miss anything.
In this week’s conference, we are going to take a look at the Casey Anthony case, how the use of digital forensic tools played a role in the case, and come up with some information we can take away from the case. Take a look at the following links, review the material, and write up some “lessons learned” and observations from how the digital forensic portion of this case was handled, particularly focusing on the use of the digital tools.
1. News clip regarding missed evidence: http://www.youtube.com/watch?v=p3IeFjpw7iM
2. Article posted on the website of NetAnalysis, one of the digital tools used by the examiners in the Anthony trial: http://blog.digital-detective.co.uk/2011/07/digital-evidence-discrepancies-casey.html
3. The digital forensic report filed by the Orange County Sheriff’s Department (attached)
4. A Comparison of the browser forensics from all of the forensic tools used (attached)
/content/enforced/54682-027246-01-2152-OL3-7380/Anthony.Browser Forensics Tools Comparison.pdf