Episode 8: I Beg to DFIR – Working an Investigation: Making Sense of the Data
Cellebrite Physical Analyzer is an effective tool for digital forensics, but it is not the examiner. It will not get on the stand to testify on your behalf, write your findings report, or submit it to your client. What it will do is decode and present the data to you in a format that you will be able to make sense of. However, it’s up to you as the examiner to parse the data correctly, use it intelligently, and validate the data you’re investigating.
In this episode, we will begin by establishing the starting point of the digital investigation.
Where To Start?
Typically, there is a date of occurrence as to when a specific crime occurred and we know what our search parameters are. Those in law enforcement will have a specific set of data that you’re allowed to look at within the scope of the search warrant, so it’s important to be aware of that so that you stay within those parameters.
You may have an idea of what you are looking for already. Locations are many times a logical place for investigators to start as you may be trying to place a person at a certain location at a given time. Perhaps you think you may find a chat message to identify if someone was talking about something relevant to the case.
Even though those initial searches may return relevant results, there are many other places within Cellebrite Physical Analyzer where you can find digital evidence—even in unorthodox places.
Listen to the video to find out what you should be looking for beyond your usual checklist.
Register for the next iBeg to DFIR episode here.