Computer Forensics & Data Recovery

Earlier this week my X-Ways Forensics dongle arrived. (For anyone who is not familiar with that, it is basically a small USB key that is your license for the software.) I spent most of the rest of the week working on a criminal case that will probably go Federal. I mostly used X-Ways as my forensic tool.

The tool has performed as promised so far. All the features have either been intuitive to use or concisely explained in the manual. Some computer software manuals make you feel like the author tried to figure out how to make it as difficult to follow as possible. For instance, I have never found the Encase manual to be an easy read.

With X-ways, I had found files and evidence, within an hour, that I had failed to locate with Encase. I am not claiming that Encase is incapable of finding the same files…. I was just know that I didn’t find them with Encase. I have not attended the Encase training due to their high cost. A trained user may know some way to get the software to find the same evidence. Under X-Ways though, with only a few hours under my belt with the software I was able to find the files.

Speed is one thing that just kept amazing me with the software. This investigation was very image intensive. I was able to just fly through sorting, filtering, marking for report inclusion, viewing, and commenting on files. Even though I was intentionally trying to push the software, I never got a single crash. It was always very quick moving from Hex View, Calender View, Preview…whatever I needed to do. The skin color percentage sort feature for images in AWESOME!

I spent the last few hours of today starting work with the report module. The report module was performing well. I just say well, because I was having to include a lot of images and movies that had been encrypted by the file system of the suspect machine. This required me to recover the files outside of X-Ways then import them into the “case.” The good news is that this is possible and reasonably quick with X-Ways. To start setting up the whole report package for export to external devices was taking some tweaking of the report HTML code. Nothing major, just changing file source addresses. This was because the files were being referenced to their absolute location on the drive and not relative to the report. (In X-Ways defense though, I have to say this was my first time using their report module and I was in a hurry at the end of the day. So, it is possible there is a way to do it that would have saved the HTML coding issue.)

Another important point, I had a question about the software the other day. I sent a support email. I got a response within about 10 minutes from the lead software designer himself. That was impressive service. Can’t say I have ever gotten that good of service on any other software.

I still hope to get back with an even more detailed review when I have more experience under my belt. I wanted to let everyone know how it was going though.

I frequently get approached with the following scenario in Gainesville. I lost some files on my computer, but can’t afford to have professional data recovery done. What can I do?

Well, there are two quick free things that you can do.

1. There is a free piece of software called Recuva by Piriform. They are the same folks that provide ccleaner for free. They of course ask for donations to support them if the software works for you. I have used the software, testing it, with success. It is not by any means a top of the line piece of forensic software, but, for a free easy to use product, it seems to be pretty nice.

2. Many times the problem with recovering files lies with your Windows installation more than with the file. Files can often be viewed and recovered in Linux when they are unreachable under Windows. There are many distributions of Linux that run on a bootable CD-ROM. They are mostly free. I really like Puppy and DSL Linux myself. There are many others though. The Linux approach will involve a learning curve if you don’t know Linux. But, it is free!

Well I will tell you, I am more than a little frustrated with the rising crime rates. In the Alachua County/ Gainesville area the statistics the public sees does not even BEGIN to tell the story of the number of criminals that walk simply do to lack of prosecution. It is not unusual here for criminals to have a criminal history of felony arrests longer than your arm before they first go to prison.

Is this all the fault of the state attorneys office or law enforcement. Yes and no. One limiting factor that everyone involved in arresting and prosecuting criminals is funding.

It is common for me to talk to crime victims now days who are frustrated at the slow response time, slow investigation, lack of investigation, or slow/ no prosecution of their case. Honestly, I have kinda quit being totally dishonest about the total situation when people talk to me about it, especially off-duty. When the citizens/ county government are unwilling to fund more law enforcement officers or prosecutors dis spite growing population and crime…..What are we in criminal justice to do?

For example, I suspect there are now hundreds of burglaries per year for everyone Detective alloted to investigate them. So, I don’t find it a big surprise that our local clearance rate for burglaries is horrid compared to some other jurisdictions.

Every year it becomes easier for criminals to victimize people to start with because our number of law enforcement officers on the road patrolling is not growing with the population. There is simply to much area for officers to effectively cover and suppress crime.

There is also a side… that the law enforcement environment, state wide mostly, has not encouraged officers to perform aggressive pro-active law enforcement. Alot of that can be thanked to 20 years of having far more lawyers than society needs. I can’t tell you how sick street level officers get of hearing about potential “liability” being a reason for not doing our job. There are supervisors now that will gladly walk away and leave a bad guy on the street than risk any small chance of “liability.” Unfortunately, some supervisors and street cops get so beat down by liablity arguements….they eventually decide the only way to avoid liability…is to do nothing unless called somewhere or it jumps right up in their face.

Of course hand in hand with this, is the non stop progression in the law enforcement community to investigate each and every citizen complaint no matter what or when.

It is now common place for cops to even get in trouble at work for incidents away from the job that have NOTHING to do with work. State wide there are many examples of this happening. Just a for instance.. a cop goes to his local hardware store where they sold him a broken drill. He is off duty, not in uniform, never mentions where he works or that he is a cop. He gets into an argument with the manager because he will not take the return. This kind of things happens to citizens all the time right?? Well, lets say this manager has seen the cop in uniform before and knows he is a cop and where he works. Now agencies are actually taking complaints about incidents like this and investigating their officers. They even will hand out extreme discipline actions…just like this happened on duty, in uniform.

I would ask regular citizens out there… How would you feel about getting days off without pay from your job because you got into an argument at the hardware store? Well that is the state of things now…. it is sad.

A frequent question I get is, “How do I clean up/clean out/ hide my internet history?” There was a time years ago where I might have told a person they better learn A LOT about Windows and computers. Well now there is a lot of software out there that will take care of this for you, mostly.

The one I personally use to clean up the clutter that surfing produces is ccleaner. One of the best things is that this software is completely free!

Running this with default settings will go a long way towards cleaning up your computer. It does a good job of deleting your internet temporary cache files, cookies, URL history, index.dat files, and typed URLs. I have found that it will actually eliminate some problems that are being missed by popular spyware utilities.

If you want a little deeper privacy, the software even has advanced settings that allow for a secure wipe of files that show your browsing history. If you goal is to keep your spouse from discovering what you ordered them for Christmas/ Birthday etc this should be the perfect tool for you.

If you next question in your mind is…does it clean up things well enough that even a computer examiner can’t figure out what I have been doing?? I would suggest that your probably need to just quit visiting the sites that you are.

Well, for people who know me personally or watch our business; you know my family has been working on getting our engineering continuing education site up. 

 Well, we have been approved by the Florida Board of engineering to provide professional development hours (PDH) to engineers.  Our approval also includes Florida Laws and Rules course.  (For anyone not familar this is all continuing education engineers have to take to keep their license.)

We have entered the market at 99 dollars for unlimited PDH.  For anyone not familar…that is revolutionary for engineering pdh.  They are commonly priced far higher.  We really hope to bring a good value to engineer’s in state all over the country.

Our promotional website in engineeringceus.com for anyone who is interested.