A
Access Certified Examiner (ACE)
25,
74Access Data Corporation
36–37Accounting systems and financial software
295batch files, as evidence
299business accounting software
296–297mid-level to enterprise
297evidence types from financial software
298–299personal money management software
296Adam Walsh Child Protection and Safety Act of 2006
107,
145–146,
167Advanced Research Projects Agency Network (ARPANET)
301American College of Forensic Examiners Institute
87American Society of Digital Forensics and E-Discovery
85–86ASR Data, Data Acquisition and Analysis, LLC
37Association of Chief Police Officers (ACPO)
85–86Audio evidence, discovery of
135common issues
135–137audio recording devices
136file formats and audio programs
137example discovery language for
137–138C
Call detail records (CDRs)
19,
163,
231–232cellular evidence, discovery issues in
163–164and cellular system evidence
225as evidence of cell phone location
232–234Case types
general time estimates for
73tCell phones
5–6, ,
109,
263in discovery motion specifics
109forensic acquisition methods for
265–268fragile nature of cellular evidence
264–265protecting cell phone evidence
265future of cell phone forensics
270–271Subscriber Identity Module (SIM) cards
268Cellular evidence, discovery issues in
163–164Cellular system evidence
225and call detail records
231–232as evidence of cell phone location
232–234Enhanced 911 wireless location services
234real-time cell phone tracking
237Certified Computer Examiner (CCE)
74,
91–92Certified Forensic Computer Examiner (CFCE)
74,
91–92Child pornography cases, discovery in
145access to forensic evidence
148Adam Walsh Child Protection and Safety Act of 2006
145–146Civil cases
95common challenges in
96–97digital evidence in
113electronic evidence, getting
118–120rules governing, civil discovery
114What, Who, How, Where, and Who approach
115–118example trial questions
43Civil order, for expedited discovery
119fClasses of forensic tool
36–38law enforcement only (LEO)
36Client-side timeline evidence
304–306Computer Analysis and Response Team (CART) program
14Computer Certified Examiner (CCE)
25Computer experts
59–61digital evidence, investigation of
64–66and digital forensic experts
legal expertise comparisons
64ttechnical expertise comparisons
63tComputer file system time stamps
208Computer forensics
,
14–15,
18–23digital audio forensics
22digital camera forensics
21digital video and photo forensics
21game console forensics
22–23multiplayer game forensics
22social media forensics
20–21Computer Forensics Certified Examiner (CFCE)
25Computer forensics examiner
15,
61Computer Forensics Tool Testing program (CFTT)
35Computer hardware maintenance
60Computers and storage media, discovery of
123,
242expedited discovery and temporary restraining order, example of
125–127expedited discovery simple order, example of
124–125search agreement simple consent, example of
123–124Computer support person
60–61Computer time artifacts (MAC Times)
207computer file system time stamps
208forensic analysis of timeline, fundamental issues in
208–209Contraband discovery, language regarding
146Coordinated Universal Time (UTC)
209,
310Court testimony without verification, dangers of
176D
Data analytics, of advanced cell phone
269–270Databases
287corrupted/damaged databases
292Data de-duplication, in e-discovery
176Data destruction, evidence of
204–205Defense items
108in discovery motion specifics
108Deleted data
195data destruction, evidence of
204–205Digital audio forensics
22Digital camera forensics
21Digital evidence
4–5consent order, language for
110Digital forensics
11–13computer forensics
18–23digital audio forensics
22digital camera forensics
21digital video and photo forensics
21game console forensics
22–23multiplayer game forensics
22social media forensics
20–21Digital Forensics Certification Board
85–86Digital Forensics Certified Practitioner (DFCP)
91–92Digital video and photo forensics
21Discovery motions
95–98specifics
108–111Discovery motions (Continued)computer and related items
109not forensically imaged
109requesting supplemental documents
109Discovery process, in child pornography cases
147–149Domain Name Server (DNS)
152Drive-duplication products
38E
E-discovery, for de-duplication
Electronic Communications Privacy Act (ECPA)
114Email Examiner and Network Email Examiner
37Employees, in GPS tracking
158EnCase Certified Examiner (EnCE)
25,
74Enhanced 911 (E911) wireless location services
234,
235–236Evidence
collection by third/opposing party
78–81recovery from cell phones
271Expectation from expert
77general expectations
77–78Expedited discovery
and temporary restraining order
125–127Expert
45,
55,
67–69,
95computer experts and digital forensic experts
59–61legal expertise comparisons
64ttechnical expertise comparisons
63texpectations from
77general expectations
77–78funding in indigent cases
167extraordinary expenses, justifying
167–169hiring, reasons for
41–42evidence, examination and interpretation of
42locating and selecting
69–73prequalification process
71–72selection criteria, establishing
70problematic
91verifiable experience and criminal records
91–92qualifying as
95Federal Rules of Evidence
96resume/curriculum vitae
96sample qualification questions
98training, education, and experience
74–75Expert witness testimony
68Extraordinary expenses, justifying
167–169F
FBI
14Computer Analysis and Response Team (CART) program
14Regional Computer Forensic Labs (RCFLs)
14Federal Rules of Civil Procedure (FRCP)
114Federal Rules of Evidence
96Rule 702 expert witnesses
68,
96File existence, determining
176File-sharing networks, investigating
258–261File-wiping software
61,
62Forensic acquisition methods for cell phones
265–268Forensically sound tool
34–35Forensic analysis of timeline, fundamental issues in
208–209Forensic copy format
108in discovery motion specifics
108Forensic evidence, access to
148Forensic software suites
36–37Forensic triage products
37FrostWire
210,
256,
257selecting multiple files for download in
257fG
Game console forensics
22–23Game subscriber information
307General location evidence
307GIAC Certified Forensic Analyst (GCFA)
25,
74GIAC Certified Forensic Examiner (GCFE)
74Global Positioning Systems (GPS)
109,
309discovery motion specifics
109evidence, discovery of
157evidence collection from
314–316challenges to data collection
315service-based data collection
315workflow
311–312geolocation information and navigation
311Guardian Digital Forensics
37Guidance Software Corporation
36–37H
Hardware for acquisitions
38Hash values
31,
32f,
45,
173in digital forensics
174–177court testimony without verification, dangers of
176e-discovery, data de-duplication in
176evidence verification, impotance of
177file existence, determining
176Hidden files finding, hash values in
175–176High-density 3.5-inch floppy disk
High-speed Internet connection
214High Technology Crime Investigators Association (HTCIA)
71,
85–86,
87Home Location Register (HLR)
228Hyper Text Markup Language (HTML)
214–215Hypertext Transfer Protocol (HTTP)
214I
IBM Personal Computer
13–14Intelligent Computer Solutions
38Internal Revenue Service Criminal Investigation Division (IRS-CI)
36International Associations of Criminal Investigative Specialists (IASCIS)
85–86Internet activity, examination of
65Internet cache clearance
218Internet Crimes Against Children (ICAC) task force
14–15,
145,
258Internet history
37cache clearance, by user
218Internet Relay Chat servers
Internet search engines
70Internet service provider (ISP) records, discovery of
151Internet service providers (ISPs)
241Inventory
discovery motion specifics
108M
(M) Prohibition on reproduction of child pornography
146MAC (modified, accessed, and created) times
207,
223Marital infidelity examination
69Massively Multiplayer Online Role Playing Games (MMORPGs)
22,
301–303data as evidence
304–307game subscriber information
307general location evidence
307getting server-side evidence
307Message Digest 5 (MD5) algorithm
31,
174,
174fMicro Channel Architecture (MCA)
14Microsoft Internet Explorer
213Microsoft Windows Disk Management application
196Microsoft Word document, metadata in
182fMicrosoft’s Windows Live Skydrive
Mobile device forensic tools
38Motorola Android cell phone, metadata in
185fMultiplayer game forensics
22Multiplex systems, video collection from
130,
131fMulti User Dungeons (MUDs)
301P
PDF document, metadata in
183fPeer-to-peer file sharing
,
253privacy and security issues with
257–258Personal money management software
295–296Persons under supervision, in GPS tracking
158Pets and livestock, in GPS tracking
158Phex peer-to-peer software
258–259after executing the Browse Host command
259fdownloading a file of interest from a single host
260fPhotoshop CS4 brush tools
274Plain Old Telephone System (POTS)
225Point-in-time” snapshot
177Position, Navigation, and Timing (PNT) services
310Power On Self-Test (POST)
29–30Prequalification process
71–72Presentation, of findings
13Problem expert, spotting
91beyond window dressings
91–93verifiable experience
91–92R
Real-time cell phone tracking
237Recording Industry Association of America (RIAA)
258Regional Computer Forensic Labs (RCFLs)
14Relational Database Management System (RDBMS)
289Resume/curriculum vitae
96Right forensic tools
75–76Rule 702 expert witnesses
96S
Search agreement, consent to
123–124Secure Digital card (SD card)
268,
269fSecure Hash Algorithm (SHA)
31Server-side timeline evidence
306,
307Service-based GPS collection
315Sexual harassment case scenario
117–118Sharing
255peer-to-peer file sharing
253Shipments and packages, in GPS tracking
158Single-channel dial-up modem
214Single purpose forensic tools
37Social media
245convenience versus security
247discovery
139records contact information, finding custodian of
140getting information from online services
250Social media forensics
20–21Software for acquisitions
37–38Subdisciplines
17in computer forensics
18–23digital audio forensics
22digital camera forensics
21digital video and photo forensics
21game console forensics
22–23multiplayer game forensics
22social media forensics
20–21Subscriber Identity Module (SIM) cards
268,
269f