Know what to pull from electronic devices during a cyber investigation
Computers, smartphones, cameras and other devices provide evidence that can be used in the process; to learn techniques to conduct investigations while respecting the privacy of the investigated
During a cyber investigation, different information can be extracted from electronic devices, depending on the purpose of the investigation and the type of device involved. Some of the information that may be obtained includes:
- Logging of system activities, including event logs, browsing history, download history, search history and login information;
- File system data, including deleted files, metadata data, file change history, and information about when files were created, modified, or accessed;
- Application information, including configuration files, authentication information, memory data, and configuration information;
- Network data, including IP address information, network connection history, and network configuration information.
Smartphones and tablets:
- Browsing history, including websites visited, search information and cookie data;
- Text messages, email and other communications, including call logs and contacts;
- Application data, including login information, chat messages, location data, and configuration information;
- System data, including device identification information, privacy settings, and network information.
Flash drives or external storage devices (such as USB drives):
- Saved file data, including deleted files and metadata information;
- Information about when files were created, modified or accessed;
- Information about the external storage device itself, such as manufacturing information and unique identification information.
Surveillance cameras and security systems:
- Video recordings of monitored areas;
- Recording of date and time information;
- System configuration information such as passwords and authorized users.
Internet of Things (IoT) devices:
- Sensor data, such as temperature, humidity and light information;
- Device configuration information such as passwords and network information.
- Device usage data, including time of use and frequency of use information, sensors, smart thermostats, health monitoring devices, etc., may collect a variety of data, such as location information, health data and other personal information. This information can be important in cyber investigations.
- On-board computer data: record information such as speed, RPM, engine temperature, tire pressure, fuel level, among other relevant information;
- Events recorded by the sensors: information such as sudden braking, sudden acceleration, sharp turns, among others;
- GPS information: vehicle location, including latitude and longitude data, time, speed and other relevant information;
- Call and text logs: Car infotainment systems can store information from phone calls and text messages sent and received via Bluetooth devices connected to the car;
- Car radio data: The car stereo system can store information about radio stations tuned in and songs played;
- Security camera footage: Many cars have security cameras installed, which can be used to record events around the vehicle;
- Media information: Many modern cars have entertainment systems that can store information about the music and media consumed by the car’s occupants.
These are just some of the pieces of information that can be extracted from electronic devices during a cyber investigation. The full list will depend on the scope of the investigation and the type of equipment involved. Cyber investigations must be conducted with the objective of gathering evidence in a legal and ethical manner, while respecting the privacy rights of those being investigated. The collection of information during an investigation must be carried out in accordance with applicable laws and regulations such as the General Data Protection Law (LGPD), or the Cyber Crimes Act, in addition to following best practices in cyber investigation such as sh. as ABNT NBR ISO/IEC 27037:2013, which aims to standardize the handling of digital evidence and thereby guarantee the integrity of the evidence collected. It is worth noting that, in order to protect the privacy of the person being investigated, some common practices can be used during the development of the process. Watch the video on my Instagram, where I teach “10 cyber investigation techniques without violating the privacy of the person being investigated”. Do you want to go deeper into this topic, have any questions, comments or want to share your experience on this topic? Write me on Instagram: @davisalvesphd.
*This text does not necessarily reflect the opinion of Jovem Pan.