Why Digital Forensics Matters to You

8814 Fargo Road, Suite 201

Richmond, Virginia

804.360.4490

www.seltekinc.com

Magnifying Glass searching code for online activity.

Articles of Interest

Avoid Mobile Ransomware

iOS 10 Features

Computer Crash Using Windows 10

by Liz Calder

IT Support Specialist

Many older computers have been upgraded from earlier operating systems to Windows 10. While they are likely working fine at the moment, it is a good idea to be prepared in case of future problems with Windows. Using a Windows 7 or 8 rescue disc will not give you the options you need to repair or restore your Windows 10 system.

Microsoft has provided several options to allow you to repair or reinstall your system however some of them only work if you have taken the time to create your recovery media before you have trouble. It is a good idea to think ahead and create rescue media you can use in case of a computer crash.

System Image Backup is a backup (snapshot) of your entire system at one point in time. It can be used to restore a system to that exact moment (of backup). However it cannot be used to restore individual files and ,if used, is likely to overwrite (destroy) any data not in the backup image.

System Recovery Drive (USB) can be used to restore Windows 10 to factory conditions. While it will help you reinstall Windows and likely the drivers you need for your computer to operate, it does not back up your data.

It is likely you downloaded Windows 10 and installed or upgraded directly from your computer so Microsoft gives you the option to download and create a Windows 10 disc using Windows Install Media. Download the tool then use the "Create Installation Media" option to create and install disc.

A System Repair Disc is neither a Windows Install Disc nor a backup disc. However it has tools that can be used to boot and repair Windows if you are having trouble with your computer.

Once you have chosen your recovery options, make sure you store them in a safe place so you can find them if you need them.

Note: The options addressed in this article are used to return your computer to a functional state. They do not address options for recovering data. It is always advisable to make periodic backups of your important data.

What's the Difference?

Augmented Reality vs. Virtual Reality

Augmented reality ("AR") uses the existing environment with overlays of information. The yellow 1st & Ten line one sees during a football game is an example of AR. Many times, AR uses the camera on a smart phone or tablet to create the visual experience. Pokemon Go, for example. Gaming is currently the most popular use for AR but the retail and real estate industries are seeing the advantages of its use.

Virtual reality ("VR") puts the user into the simulated environment and experience. VR is becoming widely used in professional training. Pilots, surgeons as well as military and law enforcement personnel are able to simulate real-life situations using VR. Virtual reality is also quickly gaining recognition for its use in treating post-traumatic stress disorder and phobias.

Meet the

Seltek Team

Stacy Gilman has been bookkeeping and office managing in various capacities for over 20 years . Working at Seltek for the last year and a half has been a fun and new learning experience for her. She claims to be somewhat technologically challenged and glad to have the Seltek team keep her on track and up to date.

When she's not in the office, Stacy enjoys spending time with her husband of twenty years and their teenagers who are 14 and 16. She also stays busy volunteering at her church, gardening, canning, hunting, hiking and experimenting with Paleo recipes. Fun fact: Last summer, she and her family traveled across the country 5600 miles in a pickup truck. They camped and explored and actually enjoyed it!

Seltek is proud to support Tech for Troops Project. T4TP provides free refurbished computers to Veterans and helps them learn new IT skills.

T4TP appreciates cash donations as well as used computers. Host a computer drive. Organize an event. Volunteer from home. Plan a community service day with T4TP.

The last three years by the numbers: 345 veterans helped; 5,487 computers saved from landfills; 61 tons of recycled material.

Want more information? Visit

techfortroopsproject.org

Stay Connected

Why Digital Forensics Matters to You

by Kara Mueller

Certified Computer Examiner & IT Support Specialist

What is Digital Forensics?

Digital Forensics can be defined as the investigation, recovery and analysis of data and evidence within digital devices (computers, smartphones, etc). Digital forensic investigations should only be performed by trained and certified examiners who can ensure that the recovery and analysis of any and all evidence is not altered and will hold up in court.

An example of a typical digital forensics investigation: A company suspects a former employee of stealing company data. A digital forensics investigator will be called in to inventory the computer, take photos, and preserve the computer's data. The investigator will make an exact duplicate copy of the computer's hard drive as it exists that day without altering it. Next, the investigator will use special tools to thoroughly investigate the duplicate copy for electronic evidence and create an unbiased report based on their findings. Throughout this process, the investigator will ensure proper chain of custody, a documentation process which shows where all pieces of evidence were at all times.

Why Does Digital Forensics

Matter to Me?

You might be surprised that just about anyone can benefit from digital forensics. Think about all of the digital devices you use on a daily basis - work computer, home computer, printers, servers, smartphones, tablets, even cloud services like Dropbox or iCloud. It might be a little unsettling to think that every piece of digital information on the many devices we use today could be used as digital evidence one day, even if we are not the ones accused of wrongdoing.

Types of cases involving digital forensics include:

- Government and large corporations: large cases involving hacking and terrorism.

- Businesses: employee issues, accident investigations, theft, fraud.

- Individual: domestic conflicts, divorces, harassment/bullying, data recovery, and even simply learning what data lies on your child's smartphone or PC.

What Kind of Digital Evidence

Might an Investigator Find?

Regular files: photos, Word documents, e-mails, videos, and even software can be considered digital evidence.

System and log files: operating systems and software programs generate log files of things that happen behind the scenes on your computer.

Metadata: every file on your computer has a set of metadata associated with it. Metadata can be described as "data about data." For example, you might have a Microsoft Word document saved on your computer. The metadata might tell us the name of the author of the document, the date and time it was created and modified, how many times it was printed, where on the drive it is located, and much more.

Website data: when you visit a website, your computer makes a record of the address and date and time visited, and also downloads images that are on the web page. This allows for faster viewing of that webpage the next time you visit it, but also means remnants of websites you visit are stored on your computer.

Deleted files: in Windows, when you delete a file, it is not really deleted. Instead, the file essentially becomes invisible to Windows, but it still resides on your hard disc until something else overwrites it. Digital forensic examiners can sometimes recover these files.

What Should I Do With

Possible Digital Evidence?

The most important thing to remember when faced with a device potentially containing digital evidence is to contact an attorney and/or a digital forensics expert.

- Electronic devices containing potential evidence should be secured and access limited.

- Do not power on or use the device (computer, smartphone, etc).

- If the device is already on, do not turn it off without consulting an expert first.

- An investigation should be done quickly and only by a trained, certified individual.

Important evidence is often modified, lost or destroyed when untrained individuals attempt an examination. By using a device containing evidence, metadata of files on the computer are altered by opening the file or copying it without special tools. Even booting up a computer or shutting it down alters the metadata of system files. Additionally, using the device can cause deleted files to be lost forever, whereas they may have been recoverable before.

If you have a suspect computer or other electronic device, treat it like a crime scene, and do not do anything without contacting your attorney or a trained digital forensics specialist.

E-Discovery and Digital Forensics WEBINAR

*Approved by Virginia State Bar for one MCLE credit hour

"E-Discovery and Digital Forensics Explained "

Wednesday, October 19, 2016

at 10:00 a.m.

Presented by Patrick Logan,CCE

Certified Computer Examiner

Patrick Logan, Certified Computer Examiner, will provide a live video presentation discussing Digital Forensics and E-Discovery. There will be a Q&A time when Mr. Logan will answer specific questions. One MCLE credit hour has been approved by the Virginia State Bar for the webinar.

Program Information :

Learn the differences between E-Discovery and Digital Forensics.
Understand the proper procedures for preserving and collecting electronic data.
Understand the types of data that can be collected.
Understand the places from which data can be retrieved, eg.,Smartphones, computers and many other IoT devices.
Understand the information retrieved from social media.
Understand the methods in which deleted data may be identified and collected.
Understand the ways E-Discovery and Digital Forensics can benefit legal proceedings.

How to Register:

Email [email protected] or call 804.360.4490 X20.
Provide your name, email address and firm name.
There is no cost for the CLE.

Seltek | 804-360-4490 x20 | [email protected] | http://www.seltekinc.com
8814 Fargo Road
Suite 201
Richmond, VA 23229