Case Study: AGF Recovers Forensic Evidence in X vs. Y Case
Overview:
Client X had reported a potential breach of their devices and encrypted password store (keychain) which they believed was being tampered with by a person named Y. AGF was retained to investigate and gather forensics evidence from a failing hard drive and 2 mobile devices in a forensically sound way that preserved evidence and chain of custody and to present the findings in court.
Challenges:
The AGF team faced several challenges in this case, including the recovery of data from a failing hard drive and investigating the provided devices in a forensically sound way. Additionally, they had to ensure that the evidence was preserved and chain of custody was maintained throughout the investigation.
Technical Specifications:
To recover the data from the failing hard drive and investigate the provided devices, AGF used PC3000 data recovery hardware and Autopsy forensics suite to carry out the investigative work. The team had to perform the investigation in a forensically sound way, which required them to carefully document their methods and ensure that the evidence was not compromised in any way.
Results:
After gathering potential evidence suggesting remote tampering with the mobile devices, it was understood that credentials could be accessed through a shared Apple account where the keychain was being backed up. Client X subpoenaed Apple to get connection records and AGF engineer participated in a trial as an expert witness to defend the findings. The AGF team was able to recover the necessary evidence to support the client’s claim and provide expert testimony in the trial.
Conclusion:
AGF’s engineers were able to successfully gather forensics evidence in the X vs. Y case, providing crucial support to the client’s claim of a potential breach. Through their use of advanced technologies and careful attention to forensic best practices, AGF was able to ensure the integrity of the evidence and help the client achieve a favorable outcome in the case.