In Digital Forensics there are two types of data that reside on devices: content and artifact. Content is what most people traditionally think of when they consider data. Content is the user data – things like documents, text files, spreadsheets, databases, emails, text messages and any other kind of data created by an end user. Artifacts, on the other hand, are data that is not directly created by an end user. Artifacts are the digital trails that get left behind when users perform action, when the system performs action or when software (including the operating system) performs some action.
Artifacts share two important aspects that make them extremely reliable. Firstly, very few individuals are aware of these artifacts. Secondly, these artifacts are not generated by the end-users of the system. As such, artifacts are less likely to be altered, modified or subject to manipulation for the benefit of the end user. The correct interpretation of artifacts can reveal the truth about activity that has occurred on the system. In the hands of Vestige’s Experts, the analysis of such artifacts can provide the evidence that can make your case. Vestige’s Experts are often called upon to provide our Expert Opinion (Federal Rules of Evidence (FRE) 702) testimony as to these findings.
If content tells the “what” part of the story, artifacts tell the “how”. Analysis of artifacts can provide insight into many things, including:
Learn how forensic analysis of digital artifacts can make your case. Contact Vestige today.
Ctrl-Alt-Del: IT Reboot & Recovery
Data Breach | Incident Response
Device Usage Reconstruction
Document & E-mail Authentication
External Device Usage Analysis
Forensic Artifact Analysis
Internet History Analysis
Malware Analysis & Reverse Engineering
Mobile Device Analysis
Opposing Expert Critique
Root Cause Analysis