McCann E-Investigations Houston Computer Forensics Announces New Rates for Data Storage


Houston, TX (PRWEB) May 13, 2012

McCann E-Investigations (McCann EI), a Texas-based computer forensics firm announced that it will offer new storage rates for all data collected in computer forensics investigations. Many of McCann EIs clients have on-going cases which require storage of imaged data for future use. McCann will offer secure storage of client data at McCann EIs state-of-the-art computer forensics lab for as low as $ 0.75 per gigabyte per month.

Our technicians always work from copies made of the original data and the original drives are securely stored, said Dan Weiss, Partner and Licensed Private Investigator at McCann E-Investigations. Once the project is completed, we will now offer to store the copies of the data for future use, continued Weiss.

McCann EI will retain the data for forty five (45) days following the final report related to such data. After the 45 days, the client can agree to storage of all of the data at $ 0.75 per gigabyte per month. McCann EI will also provide secure destruction of all data related to the case upon the clients request. All hard drives will be permanently wiped and any case files will be securely disposed. It should be noted that the destruction of data and related case files is permanent, irreversible and irreparable. Should the case be re-opened, the data acquisition process would have to begin again at the normal rates.

After the 45 day retention period and absent other written agreement between McCann EI and the client, any data/equipment/media unclaimed or otherwise abandoned for a period in excess of thirty (30) days will be disposed of at McCann EIs discretion. McCann EI will not be responsible for data/equipment/media left in its possession beyond such thirty (30) day period.

About McCann EI:

http://www.einvestigations.com

Twitter: @McCannEI or https://twitter.com/#!/McCannEI

Facebook: https://www.facebook.com/pages/McCann-Investigations/203760582969139

Call us toll-free at 800-713-7670

McCann Investigators follow the trail and decipher the information regardless of whether the evidence is digital, such as electronically stored information found on computers, mobile phones or other devices or if the investigation requires traditional private investigative services. McCanns PI tools and techniques include surveillance, undercover work and detailed record searches. The final product helps our clients gain a deeper understanding of what has happened or what is occurring. The gained clarity and discovery of truth allows our clients to quickly respond and recover.

McCann EI is based out of our state-of-the-art forensic labs in Houston, which provide the latest in computer forensic and IT security technology. Our e-investigators combine digital skills with traditional private investigative techniques to provide you with an one-stop solution for your investigative needs. Our lab houses our computer forensics and electronic discovery service along with our databases, surveillance technology, and undercover investigators. Our investigators are experienced in providing expert witness testimony, including computer forensic testimony, in courts across Texas. Although we are headquartered in Houston, our investigators live in and work in cities all across Texas.

Call us toll-free at 800-713-7670 or speak to a local investigator:

Austin Computer Forensics: 512-377-6142

Houston Computer Forensics: 832-628-4904

Dallas Computer Forensics: 214-329-9059

Lubbock Computer Forensics: 806-589-0320

Lufkin Computer Forensics: 936-585-4070

Brownsville Computer Forensics: 956-465-0849







More Expert Witness Press Releases

Deposition Preparation Online with Deposition Testimony: 5 Simple Rules

depositiontestimony.com Deposition preparation online is here with Deposition Testimony: 5 Simple Rules. My name is Zach and I’m a lawyer just like you. Here’s a problem we’ve all experienced – you spend hours, days, sometimes even weeks preparing your client to testify in a deposition. You give all the sound advice – don’t volunteer, don’t speculate, limit your answers just to the questions asked. The client looks at you and says, “I got it, I’m ready.” Five minutes into the deposition your client is volunteering, speculating, and the deposition is beginning to go off the rails. This has happened to all of us and it’s not because we didn’t do a great job preparing our witnesses. The solution is here. Now I had never used a video before to help me prepare my witnesses to testify and frankly I would have been skeptical of any suggestion that I do so because I did a great job just like you do preparing witnesses. But at one point in my career we were actually required to use one and frankly I was amazed! The difference between a witness who had seen this video that showed a witness doing it wrong and getting in trouble, and then a witness doing it right, made all the difference in the world. Once the witness saw that, they got it. But there were a few problems with this old video – it was old and dated. I was almost embarrassed to show it to the client because of the content, but it was also available only on DVD. What we did is we created a system that solved all of these
Video Rating: 5 / 5

CPS aka Child Protective Services depends crucially upon the authority of expert witnesses when they take their cases to court, aiming to severe the sacred bonds between parents and children. These expert witnesses are held in high regard by both judges and juries, who are often mightily impressed by the mere presence of such experts. Yet (as books such as Whores of the Court show), these experts are often nothing more than corrupt, incompetent whores, willing to sell their souls for a bit of false grandeur and a quick buck. The crimes against humanity that are perhaps amongst the most heinous are those committed by experts who give false and / or misleading testimony in an effort to bolster the case of CPS aka Child Protective Services, who have proven – time and again – that they will do anything to rip babies and children from the arms of those who love them best. For more Information: THE CHARLES SMITH BLOG: smithforensic.blogspot.com Smith gave testimony in Ohio murder trial Disgraced pathologist had given evidence in case where jurors suggested death penalty February 09, 2008 Theresa Boyle and Isabel Teotonio, Staff Reporters truthinjustice.org Smith’s victim gets bail – WHAT TOOK SO LONG AND WHY ISN’T SMITH IN JAIL???!!!! www.cbc.ca www.goudgeinquiry.ca Dr. Charles Smith’s (as he was then known) Factum: www.attorneygeneral.jus.gov.on.ca www.cbc.ca whoresofthecourt.com (Free Download of Book Available) www.franklincase.org http www.connecticutdcfwatch.com http www
Video Rating: 4 / 5

Watch Dr. Lorandos as an Expert Witness on Suggestibility from NBC TV

Watch Dr. Lorandos as an Expert Witness on Suggestibility from NBC TV

www.falsely-accused.net Watch Dr. Lorandos as an Expert Witness on Suggestibility Defense Attorney Dr. Lorandos, I want to focus you on whether youve studied suggestibility. Lorandos: Well we had to. We were, when I say we I mean organized psychology, rather shocked at what occurred in some of the famous cases that weve all seen on television. Defense Attorney: Are you referring to McMartin? Lorandos: Well I wasnt going to name names. Defense Attorney: Did I ask you to get some footage from the original experimenters? Lorandos: Yes. This is a study called the mouse trap study and in this experiment they demonstrated that they could create the memory of events that never happened. What the examiners did was they went to a preschool and theyd play a little question game with them and the questions change from week to week, but theres one question that is the same every week for ten weeks. And so, this first little piece illustrates a little child being asked if you ever got your finger caught in a mouse trap. Video: Experimenter: This one says, Have you ever seen a baby alligator eating apples on an airplane? Preschooler: No Experimenter: No? Have you ever had your finger caught in a mouse trap and had to go to the hospital? Preschooler: No Experimenter: No? End Video Lorandos: Okay stop. You notice that if you just ask them, theyll tell you the truth. You dont have to pound away and say, Tell me more, tell me more, tell me more. Just ask them. But, what happens when theyre

Linguists are frequently asked to help the police and courts when there is a dispute over the authorship of a written text — suicide note, abusive or threatening letter, email or text message. In this excerpt from his inaugural lecture, Professor Coulthard explains the concepts he used to help identify the authorship of text messages in a recent murder trial. The full lecture is available online at: streaming.aston.ac.uk Aston University is home to the world’s first centre for forensic linguistics. Find out more at: www.aston.ac.uk/forensic-linguistics
Video Rating: 4 / 5

The YogaSoul Center Launches Pilates Specials to Jump Start New-Year Fitness Goals


Eagan, Minnesota (PRWEB) January 17, 2012

YogaSoul Center in Eagan is offering new Pilates specials to help people meet their fitness goals in the new year.

Through Jan. 31, two specials allow people to train twice per week for five weeks. A five-session package of weekly Pilates reformer sessions is available for $ 250 — a savings of $ 125. Valid with that purchase is a five-class pass for weekly Pilates mat classes; that package is $ 60, a savings of $ 15.

Pilates benefits are wide-ranging and life changing. It gives a full-body workout, stabilizes and strengthens core muscles, creates mind-body awareness, and evenly conditions the body. Its an exercise that can help people rehabilitate from injuries and accidents, and it can also help athletes to prevent injury.

Pilates at YogaSoul Center is a unique and fulfilling experience, said Denise Bunch, Pilates instructor, yoga teacher and energy healer. Our staff are highly trained and skilled to bring you the best possible experience to increase strength, as well as the opportunity to relieve stress and create more possibilities for yourself physically and mentally.

YogaSoul Center is a full-scale studio that offers a full range of Pilates mat classes, equipment and private sessions. Mat classes give an overall body workout and teach the fundamental floor exercises and principals of breathing, concentration and coordination. Reformer, Chair and Cadillac Pilates equipment were invented by Joseph Pilates to bring the mat principals to a whole new level. With the equipment, resistance is built into the exercises and utilizes hundreds of exercise variations. It can also be modified to suit the needs of any fitness level, as well as people rehabilitating from injury.

YogaSouls mission is to help clients win the battle against stress. It has an extensive class offering in several styles of yoga, including Kundalini, Hatha, Yin, and Vinyasa. It boasts a fully equipped Pilates studio and offers many kinds of classes, including Zumba, Tai Chi and belly dancing. Its full roster of teachers and healers provide clients with a variety of healing services, including intuitive readings, Reiki, Thai yoga bodywork, Ayurveda, energy work and several others. YogaSoul also hosts special workshops and Kundalini yoga teacher trainings.

To see a full schedule, make an appointment with a healer or sign up for a class, visit YogaSouls website, http://yogasoul-center.com/. New students get their first week of classes free.

###





Expert Witness Corner: Computer Counter-Forensics

Digital Evidence Triad:

The fragile nature of digital evidence, coupled with the complexity and skill required to conduct an assessment that will bear the scrutiny of a court of law, makes it important to independently validate and verify the findings of the forensic assessor.

Case preparations involving scientific evidence must consider three core areas in detail, exploring each facet of evidence to assess whether Best Practice and prevailing regulations have been adhered to. This also ensures a full appreciation of the available digital evidence, which can be placed into the context of the allegations and accompanying physical evidence. These three spheres are:

1: Search & Seizure: The means by which the target media (e.g. hard disks and CD’s found on the suspect or at a specific location) were acquired by law enforcement agents and their subsequent preservation through the ‘chain of custody’.

2: Preservation of Evidence Containment and protection of evidence exhibits so as to ensure fragile and volatile digital evidence is neither corrupted nor tainted.

3: Forensic Assessment & Analysis Evaluation of media and raw materials to furnish law enforcement agents with forensically sound evidence that can be presented in a court of law.

Efforts geared towards thwarting or impacting on the forensic computing process are levelled at one or more of these spheres.

Physical Safeguards:

In the context of countering digital forensic practices, physical security is based on the principle that if a computer system cannot be found, then it cannot be seized by the authorities for examination.

Locked cabinets and steel laptop cables will frustrate efforts to remove devices from the suspect’s premises; however, they will be defeated given adequate time and resources.

More advanced approaches towards protecting computing devices include concealing key computer drives or media under the floorboards, in the loft space or in out-house facilities such as a garage. This can afford a degree of security and ensure that devices remain hidden from investigators. Communication with the device can be achieved without telltale cabling, relying instead upon encrypted wireless signals.

Anti-tamper devices, such as specialist alarm units that reside within computer casing, can be used to upset and hinder the search and seizure process. More complex approaches towards asset protection can include integrated ‘anti-seizure’ devices that are attached to the computer drive. These are designed to corrupt the computer drive data should any attempt be made to remove the disk or access the system without the use of a special hardware token and password.

File & Application Security:

Investigators will naturally gravitate towards files and folders that appear to have titles of relevance to the case in hand. Perhaps the simplest approach to concealing files or folders is to rename them to something innocuous and unlikely to arouse suspicion.

A more considered approach to hiding information involves the moving of user data, such as textual reports or financial spreadsheets, into archives which normally contain only files required by the computer for operation (e.g. the system32 or config folders).

Both of these approaches help conceal information from the curious or casual browser, but the material will undoubtedly be uncovered during the course of a comprehensive forensic evaluation of the computer drive.

A different approach involves changing the way in which the computer operating system interprets files. Microsoft WindowsTM, the most prevalent desktop computing environment, identifies files and the program that should be used when they are being opened by the extension associated with the filename. Extensions take the form of a full stop and three letters appended to a filename – for instance the popular.doc extension that indicates a Microsoft WordTM document.

A somewhat crude but nonetheless effective approach to obscuring information is to change the associated file extensions. This could make a Word document (.doc extension) to appear as a bitmap graphic (.bmp extension). If a user attempts to open the file, the default program associated with the file-type, Microsoft PaintTM in this instance, will be invoked. Since the file data is actually in Microsoft Word format, Microsoft Paint will not be able to render the information and will return an error.

Such efforts are likely to help sensitive materials pass under the nose of casual observersand those intent on identifying files of a particular type, such as graphical images which feature the extensions including.bmp or.jpeg.

A more conventional approach towards protection of information is to employ passwords. Starting with Microsoft Office 95, it became possible to password protect office productivity files to prevent unauthorised access. Well equipped forensic laboratories have specialist equipment to allow dictionary and brute-force attacks (trying all possible character combinations) against password protected files and programs, so unless a particularly complex pass-phrase is used the security is likely to be broken fairly quickly.

Most users employ passwords based on words found in the English dictionary or words that have meaning to them, such as the name of their wife or pet. These passwords are not complex enough to thwart concerted efforts to break the security. Passwords based upon non-English words, greater than eight characters in length and using both numbers and non-alphanumeric characters (e.g. exclamation or punctuation marks) provide a level of complexity that is extremely difficult to break.

However, password protection can have serious shortcomings that can be exploited by forensic investigators. Protection of this type usually places a barrier up at the beginning of the file, which means if this safeguard can be by-passed, the actual data contained within can be extracted. A classic example is a forensic examiner using a plain text editor, such as Notepad, to open a password protected document. All controls, safeguards and features that may be in place through Microsoft Word are thus circumvented.

Taking file and application level protection to the next level is the practice of cryptography – the science of securing information through the use of reversible transformations. The word “cryptography” has its roots in the greek terms “cryptos”, meaning secret, and “graphy”, meaning writing. Simple ciphers, known as mono-alphabetic or Caesar systems, involve the substitution of letters. The development of digital computing revolutionized cryptography and made today’s highly complex and secure cryptographic systems possible.

With the introduction of Microsoft Windows XPTM an enhanced security feature known as Encrypting File System (EFS) has become readily available to desktop computer users. EFS is a cryptographic support system that enables files, folders and even sections of the hard disk file system to be encrypted using a variant of the Data Encryption Standard (DES) algorithm.

Attacking cryptographic materials is known as cryptanalysis and requires highly experienced consultants for any reasonable chance of success. Attacks can be levelled against the protocol (i.e. the mechanics of the encryption system employed), the protected file/data, or the interface and environment (i.e. the manner in which the user has interacted with the cryptosystem and/or computer system to create the secured material).

A more complex approach to concealing information involves placing it within or around another open and public source, a practice known as stegonography. Classic examples of stego’ include invisible inks or the use of grilles to cover a written message and reveal only selected words or phrases. In a digital context, stegonography involves embedding the code that constitutes one file, for instance a graphical image, into the code structure of a secondary file.

The use of stegonography can be difficult to detect even with the benefit of specialist forensic tools and when employed correctly can allow suspect material to evade even the most astute investigator. When combined with cryptography, stegonography can be an especially powerful means of safeguarding both the presence and content of information.

Another approach to concealing information is to embed data in special sections of the file system structure. Alternative Data Streams (ADS) was a design feature introduced into the Microsoft WindowsTM operating system with the NTFSTM file system as a means to provide compatibility with the Macintosh Hierarchical File SystemTM (HFS).

The way the Macintosh’s file system works is it uses both data and resource forks to store its contents. The data fork is for the contents of the document while the resource fork is to identify file type and other pertinent details. There has been a marked increase in the use of these streams by malicious hackers wanting to store their files once they have compromised a computer. Not only that, it has also been seen that viruses and other types of malware are being placed there as well. The crux of the matter is that these streams will not be revealed using normal viewing methods, whether via a command prompt or using the Windows Explorer.

Whilst data embedded within ADS will remain invisible during all normal operations, forensic examiners can identify such material using complex data analysis tools. When information is encrypted, embedded within other file code (stegonography), and finally hidden in an ADS, it is likely that the material will be safe from even the most astute investigators.

Internet Privacy:

The Internet is an essential tool for business and leisure but is also a compelling resource for those commissioning or researching criminal activities.

Reading email or browsing the World Wide Web (WWW) leaves traces on the host computer that can be recovered by forensic investigators to give an indication as to website visited, terms used on search engines and conversations held in online chat-rooms.

Whilst popular browser applications such as Internet Explorer and Mozilla feature routines to remove personally identifiable information, a more considered approach to eliminating any local traces of online activity would involve the use of a specialist application such as ‘Evidence Eliminator’.

To add a layer of security between the computer and Internet, and thus protect against any potential eavesdropping on the telephone/broadband network, an approach known as Onion Routing may be employed. Developed by American researchers Onion Routing employs a complex series of relays, routers and encryption protocols to ensure anonymity and confidentiality of traffic.

Whilst investigators without the capacity or capability to undertake complex cryptographic evaluations may be at a loss to identify the content of such protected internet content, it may be possible to glean useful information through the use of ‘traffic analysis’. Here the intention is to identify patterns and norms. For instance, it may not be possible to determine what website an individual is accessing, but through cataloguing the traffic it can be possible to say, with certainty, when a user was online. Should this be backed up with physical surveillance that can attest the individual was alone at the premises under observation at a particular point in time, then should further evidence come to light at a later point (perhaps as a result of performing a forensic analysis of the suspect’s computer, following a search/seizure order), it can neatly tie the suspect to the computer keyboard.

Exploiting Forensic Methodology:

Whilst the approaches previously discussed have focused on obscuring or concealing either the physical computer devices or the digital evidence contained therein, the following techniques are geared towards thwarting the forensic process of examination of digital media.

Operations upon files and folders are recorded in timestamps, which provide details as to when the file/folder was created, when it was last accessed, and when the file/folder was last modified. Timestamp data is recorded automatically by the operating system and provides crucial evidence as to actions and times/dates when they occurred. However, appreciating how valuable timestamp data can be to investigators, tools have been created by various Hacking groups to allow manual or automatic modification of timestamps. This technique is known as “fuzzing” and can make attribution of the file – or who was at the keyboard at a specific point in time – near impossible. Furthermore, fuzzing taints the evidence so that the integrity of the timestamps is damaged to a degree that would make them inadmissible in a court of law.

ACPO Guidelines for the seizure of computer devices, suggest immediate disconnection of the power unit, so as to preserve information on the system computer drive(s). This is regarded as Standard Operating Procedure (SOP) by investigators around the world, but it does have one very serious shortcoming. By disconnecting the power, any information stored within the volatile memory (e.g. RAM) will automatically be lost and cannot be retrieved. Hacking tools have evolved to take advantage of this investigative procedure; having scripts and applications that run exclusively in memory so that no traces will survive on the disk should the computer be seized by the authorities. It is considered to be only a matter of time before this counter- forensics technique becomes even more widely adopted by those intent on using computers for the commission or support of criminal enterprise.

Legal Context:

Whilst not a security technique or forensic safeguard, some criminals have shown remarkable forward planning as a precaution if they one day have to stand trial for an offence.

In legal circles there have been a number of high profile cases involving computer abuse/misuse, where the line of defence has been that the computing device had been under the control of an unknown third party. In many cases the assertion is the computer has been broken into by a Hacker, who used the device as a platform for perpetrating their crime. This has become known as the ‘Trojan defence’ and was applied successfully in the case of R v Aaron Caffrey, who was charged with breaking into computer systems owned by the American port authority in Houston.It has been known for criminals to purposefully infect their computers with viruses and malicious code, laying the foundations for just such a defence should the need ever arise.

The technical arguments as to whether computer code, which is what essentially all digital media is, can constitute obscene media have long been agreed in the rulings of R v Fellows and R v Arnold. In matters involving obscene images and media, the recent ruling in R v. Porterhas put flesh on the bones of the argument as to what constitutes ‘possession’ in a technical sense. In this case the presiding Judge gave directions as to whether the jury could consider that deleted images, recoverable only using advanced forensic means, could still be considered in the possession of the owner.

Recently the Home Office announced plans to begin enforcing provisions outlined in Part 3 of the Regulation of Investigatory Powers Act (RIPA). The wording of this act would make it an offence for an individual or entity to refuse or be unable to disclose passwords or encryption keys specifically requested by the authorities in relation to an investigation. One argument against these provisions is that it reverses the burden of proof and makes a party guilty of an offence should they be in a legitimate position to be unable to comply with a disclosure order.

One of the main criticisms of the act, however, is whether or not it will have the desired effect in enabling criminals abusing or leveraging technology to suitably punished. The oft-quoted example is that of an individual arrested on suspicion of possessing obscene images and media. Should the computer drive be strongly encrypted, the authorities may attempt to coerce the decryptions keys via RIPA. However, it would clearly not be in the individual’s best interests to comply, as this would reveal the extent of their cache and almost certainly result in a punishment that would far outweigh that which would be on the table as punishment for non-compliance with the RIPA provisions.

Security vs. Accessibility:

When considering security controls and countermeasures a careful balance must always be achieved, as to how to maintain reasonable accessibility to the data whilst ensuring confidentiality.

A collection of obscene images could, for instance, be grouped into one archive that is strongly encrypted and the resulting code embedded into the file structure of an innocuous file that is in turn buried deep within the computer’s file system. This computer drive may then be concealed within the loft crawl space and communications with the device achieved using encrypted wireless protocols. Clearly this would afford a good degree of secrecy to the material, but does make it increasingly difficult to access or retrieve for any practical purposes.

The accessibility angle is used to the advantage of investigators, who will routinely scan suspect premises for wireless communication signals or follow computer data or power cables to identify any hidden devices.

Summary:

Criminals and those engaging in offences involving the use or support of information technology continue to use various means to thwart the efforts of investigators to secure digital evidence. Whilst countermeasures range from the crude yet novel (e.g. burying devices under the floorboards) to the highly sophisticated (e.g. encrypting information and concealing the code within redundant areas of the computer file system) – it is clear that defensive practices of this nature are becoming increasingly prevalent. Equally, these efforts are becoming worryingly effective in hindering the efforts of law enforcement and have contributed significantly in the police either training their own specialist investigators or trying to find an expert witness with the requisite skills.

History has taught us that attacks against systems – whether physical or digital in nature – only increase in efficiency and effectiveness over time. It is therefore essential that lawyers involved in these type of cases find an expert witness with the requisite skill set that can deal with the complex technical issues that often arise.

This article is not a ‘how-to’ guide and certain details from both the defensive and offensive perspectives have been intentionally omitted. The techniques described in this article are documented in a variety of public resources and in many instances employed quite regularly by criminals abusing or misusing technology.

It is considered more harmful to the forensic industry to operate under a veil of security and operate with a false sense that the practices employed are above reproach.

It is hoped that by highlighted this disturbing trend some of the challenges and limitations of current forensic computing practice can be appreciated. Furthermore, this can stimulate informed discussions that will lay the foundations for research into fresh approaches for countering counter- forensic practices.

Ross Patel is a forensic computer consultant with Afentis Forensics. You can view the company profile and find an expert witness at X-Pro UK, the innovative expert witness directory.

expert witness accreditation

Related Expert Witness Articles

The Information Professional And Skip Trace Manual

The Information Professional And Skip Trace Manual
Do You Enjoy Searching For Information Online? Are You Good At It? Why Not Get Paid To Do It? Skip Tracing, Background Security Checks, Vacant Home Owner Location, Pre-employment Screening, Legal Case History And Outcome, Expert Witness Locator.
The Information Professional And Skip Trace Manual

Richardson Cancer Diet By Dr. Janet Hull
A Fun, Creative Ebook Of Jokes, Wit & Humorous Anecdotes. Just Released. Over 1000 Pages, Spiced With Great Color, Graphics, Sound And Music, Clip Art, Animation, And Fun! Great To Carry Around, And For Gift Season Giving. Free Mini Version Sample.
Richardson Cancer Diet By Dr. Janet Hull