Kelley to present a CLE webinar to Women in eDiscovery - Indianapolis Chapter on June 5 on the topic: Fabricating & Concealing Data on Smart Phones.

Forensic Artifact Analysis

Jump To

Forensic Artifact Analysis

In Digital Forensics there are two types of data that reside on devices: content and artifact.  Content is what most people traditionally think of when they consider data.  Content is the user data – things like documents, text files, spreadsheets, databases, emails, text messages and any other kind of data created by an end user.  Artifacts, on the other hand, are data that is not directly created by an end user.  Artifacts are the digital trails that get left behind when users perform action, when the system performs action or when software (including the operating system) performs some action.

The importance of artifacts

Artifacts share two important aspects that make them extremely reliable.  Firstly, very few individuals are aware of these artifacts.  Secondly, these artifacts are not generated by the end-users of the system.  As such, artifacts are less likely to be altered, modified or subject to manipulation for the benefit of the end user.  The correct interpretation of artifacts can reveal the truth about activity that has occurred on the system.  In the hands of Vestige’s Experts, the analysis of such artifacts can provide the evidence that can make your case.  Vestige’s Experts are often called upon to provide our Expert Opinion (Federal Rules of Evidence (FRE) 702) testimony as to these findings.

What can be learned from analyzing artifacts

If content tells the “what” part of the story, artifacts tell the “how”.  Analysis of artifacts can provide insight into many things, including:

  • Corroborate facts learned from the content
  • Deletion/wiping activity
  • Alteration and fabrication of evidence, including documents and correspondence
  • Transfer or exfiltration of data/files
  • Theft of data through transfer via cloud, email, FTP or any other form of electronic exchange
  • Remote access into a system
  • Analysis of malware to determine means of infiltration
  • Hardware attached to a system
  • Software that has been installed or removed
  • Existence of other systems connected (wired, wireless, Bluetooth, etc.)
  • Confirmation of device custodian

Learn how forensic analysis of digital artifacts can make your case.  Contact Vestige today.