Email & Social Networking Forensics

With GDF in the Equation, Email + Social Networking + Texting + Tweeting = Evidence!

When it comes to finding useful digital evidence in mountains of data, email still holds its place at the summit. It is more like an appendage than a tool for most of us, to the staggering tune of over 100 trillion emails sent a year, making it a crucial evidentiary component in nearly every case litigated today.

We use email more often than we talk on our telephones or put things to paper – combined!

But today, there are other forms of digital communication that also must be considered, like social networking, texting and tweeting, because every time we let our fingers do the talking, we leave digital traces behind, traces that GDF’s experts are masters of finding and following right to the evidence you seek.

ESI is Everywhere

Civil and criminal court proceedings are certainly not blind to the fact that in most cases today the truth has a digital signature. Expert forensic analysis of emails and other Electronically Stored Information (ESI) is paramount when evidence goes digital. If you are a business involved in litigation, or an attorney representing a client, you will benefit from our know-how and experience to handle the burden of email discovery and our forensically sound handling of virtually any other form of ESI. Don’t risk losing or tainting digital evidence and find yourself staring at a lost case, a conviction, a fine, imprisonment, or worse! Global Digital Forensics will assist you from the first sniff of trouble, all the way through resolution. If an incident occurs, or you are notified of litigation, time is of the essence. Every moment wasted is another moment potential corruption and spoliation of digital evidence can occur, and courts will not traditionally go easy on a litigant that can’t or won’t produce requested digital evidence. Even if a case that started by analyzing information on just one computer leads to the need for thousands of email clients and emails to be brought into the eDiscovery loop, we are up to the task to forensically identify, acquire, analyze, and produce the digital evidence you need. We have the flexibility, resources, skill-set and tools to do the job without missing a beat.

Identification & Extraction

Data VortexThe first step in an email examination is to identify the sources of email and how the email servers and clients are used in an organization. More than just a way of sending messages email clients and servers have expanded into full databases, document repositories, contact managers, time mangers, calendars and many other applications. For instance, we have seen Microsoft Exchange customized to be used as a complete Customer Relationship Manager (CRM) and it is certainly not uncommon for the powerful database features of Lotus Notes and Domino Server to be exploited far beyond an email system. Organizations use these powerful, database enabled email and messaging servers to manage cases, track clients and share data. A skilled Forensic Examiner must know how to identify how these powerful business tools are being used far beyond email.

Deleted Email, Calendar Entries, Tasks Etc.
Most users believe that once they click the delete button or empty their Deleted Items folder, that they completely delete email from their client and make that mail unrecoverable. But nothing could be farther from the truth. Many times emails can be forensically extracted even after deletion. It's common for organizations, such as banks or brokerage firms, to have retention policies in place or even email archiving for regulatory purposes, with users being totally unaware all their email is being stored for years in a searchable, retrievable format.  
At Global Digital Forensics, we specialize in finding those little known or unrealized sources of evidence. 
 
Most users also do not grasp the concept that email has a sender AND a recipient, or even multiple recipients. Emails may reside on servers unbeknown to the user, or on backup tapes that were created during the normal course of business. Of course they may also be extracted from the hard disk of the client or the server. GDF has a proven track record of using sound forensic techniques and unparalleled industry experience to recover deleted email, calendars, and more, from user's email clients and email servers.
GMail, Yahoo Mail and Hotmail
It is completely possible to forensically recover email that was created or received by web based email systems and from free web based email services such as Hotmail, Gmail (Google Mail) and Yahoo Mail. These types of mail systems use a browser to interface with the email server, which inherently caches information to the disk drive in the system used to retrieve or generate the email, thereby effectively saving a copy to the disk. A skilled forensic examiner can extract the HTML based email from the disk drive of the system used to create or retrieve the email messages.

Many organizations also have a web based system for users to retrieve their email while out if the office, for instance OWA, or Outlook Web Access, used with Microsoft Exchange Servers. These browser based web mail clients also cache messages to the disk.

Many web based or web mail services, including Yahoo and Hotmail, also have shared calendaring services, personal calendars and contact managers, as well as email. Anytime these services are accessed, they may be cached to the disk as well. GDF has had an many instances where important contact information, like email addresses, for additional subjects was found because of our careful analysis of all the web email and web based services. We leave no stone unturned, and neither should you.
Facebook, Twitter, MySpace. LinkedIn etc.
The world of social networking has been expanding exponentially for the last couple of years.  With social networks like Facebook facilitating users around the world to connect, play games and send messages, a sub-culture, or maybe a paradigm shift, in how we view privacy has emerged.  Facebook users commonly upload private pictures, post details of their daily lives and keep the world informed of their movements, thoughts, good deeds and indiscretions, all while building extremely detailed relationship maps.

It's more than just Facebook, LinkedIn maps relationships with professionals, with those relationships available to be viewed and dissected, as are Twitter "tweets" and a plethora of other open forums for discussion available today on the World Wide Web.

While this information is in abundance, it is also very fragile and can became tainted or lost with a single mouse click. Global Digital Forensics has the technology and background to extract, preserve and present this sometimes vital information, always using defensible and accepted tools and techniques. It is common sense that social networking has become an evidentiary component that is foolish to ignore. GDF can help you take full advantage of this sizable realm of potentially crucial evidence.
Google Docs, Office 360, Web Calendars and File sharing
Many users store their personal calendars, contacts and even synchronize their email clients with their Personal Digital Assistants (PDAs). Organizations use features like the Free/Busy Connector in MS Exchange to track availability of employees and utilize shared calendars to track appointments and meetings. Forensic analysis of the email server and the clients on user's systems often yields an amazing amount of information on both the user and the organization itself. GDF can assist in properly asking for, and analyzing, email and organizational tools in a forensically sound manner. Email forensics is more than looking at email messages.  To be truly effective, the examiner must be aware of the advanced features and forensic possibilities of each type of email system.

Many web based or web mail services, including Yahoo and Hotmail, have shared calendaring services, personal calendars and contact managers, as well as email. Anytime these services are accessed, they may be cached to the disk as well. GDF has had an many instances where important contact information, such as email addresses, for additional subjects was found because of our careful analysis of all the web email and web based services. With so much interconnectivity today's digital environments provide, GDF can help you connect all the dots to success.

Correlating Email Messages

If properly conducted and managed, the forensic analysis of email yields documents that can be easily correlated by date, subject, recipient or sender, and yield a highly understandable and easy to follow map of events and entities. Global Digital Forensics takes great pride in the ability to correlate large amounts of data into understandable and easy-to-follow presentations. While maintaining the highest standards of forensic soundness, GDF uses specialized tools to link entities, dates, times and events, ensuring that our clients and their clients achieve the highest level of efficiency and the highest quality work product when they choose GDF to conduct their email forensics or email discovery tasks.