Tag Archive for Computer forensics

HBGary SRA International “Memory Grabber” Forensics Tool White Paper

The purpose of this paper is to describe the SRA Memory Grabber system, which provides memory access to a running and password protected laptop through the use of a small PC Card inserted into the PCMCIA slot of the laptop. The Memory Grabber device shown in the figure below is operating system agnostic; working on Microsoft Windows, Linux, and MacOS and is available today as a production unit for use with Express Card and Card Bus laptop systems.

Apple iPhone Password Work-Around

If you encounter an Apple iPhone where the phone is locked with a Passcode, keep in mind the hand set only allows 5 Passcode attempts before locking out phone. This work-around is limited to iPhones with firmware versions 1.1.2 and earlier. The workaround was disabled on version 1.1.3 in February 2008. Data can be retrieved from the SIM card as well as from the phone handset. To remove the SIM card, place a paperclip in the hole at the top of the phone. Force must be applied to get the SIM holder to pop-up. The SIM card will be inside a plastic tray and can be easily removed. Process the SIM card as normal.

Rapid Enforcement Allied Computer Team (REACT) Task Force

The Silicon Valley High Technology Task Force, also known as the Rapid Enforcement Allied Computer Team (REACT), is a partnership of 17 local, state, and federal agencies, with the Santa Clara County District Attorney’s Office designated as the lead agency. The REACT Task Force is one of five in the State of California and authorized under California Penal Code 13848. All Agents of the React Task Force are either California Peace Officers and/or U.S. Federal Agents.

U.S. DOJ Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations

According to the Supreme Court, a “‘seizure’ of property occurs when there is some meaningful interference with an individual’s possessory interests in that property,” United States v. Jacobsen, 466 U.S. 109, 113 (1984), and the Court has also characterized the interception of intangible communications as a seizure. See Berger v. New York, 388 U.S. 41, 59-60 (1967). Furthermore, the Court has held that a “‘search’ occurs when an expectation of privacy that society is prepared to consider reasonable is infringed.”

Electronic Evidence Compliance: A Guide for Internet Service Providers

This Guide provides general guidelines for Internet service provider compliance with law enforcement and national security evidence gathering authorities. It is not intended to constitute or be a substitute for legal advice provided to individual clients on the basis of particular facts. In light of the law’s complexity, Internet service providers should consult counsel regarding questions about the law.