Harry Onderwater

A few days ago the Dutch forensics community - indeed, the wider forensics community - lost one of its founding fathers, Harry Onderwater.

Having worked for many years for the Dutch police in Amsterdam, Harry then moved to the Centrale Recherche Informatie Dienst (National Criminal Intelligence Service) where he became one of the first investigators in the newly emerging field of computer crime, building a reputation for excellence not just in the Netherlands but also further afield throughout Europe and the USA. Later in his career he became Corporate Security Manager at KPMG in the Netherlands where he also played a leading role in digital forensics.


It is difficult to describe Harry without resorting to cliché, but he truly was a larger than life character. Behind his imposing physical presence - which must surely have worked to his advantage in his many years on the force - lay a consummate professional and gentleman. Kind hearted, generous and possessing a wonderful sense of humour, Harry was always a joy to deal with. To the vast majority of those who met Harry through work, there is little doubt he will be remembered first and foremost as a friend rather than a colleague.


On a personal note, I would like to offer my sincere condolences to Harry's family and close friends. He has left us all too soon and will be deeply missed.


Bedankt, Harry, voor alles.


Jamie

Forensic Toolkit v3 Tips and Tricks ― Not on a Budget

by Sean L. Harrington

"A couple of weeks ago, Brian Glass posted a very helpful comment, Forensic Toolkit v3 Tips and Tricks — on a Budget. His comment focused on how to “get close to SSD performance on the cheap” and he discussed the practice of partitioning a large hard drive, but using only the outer sectors of the platter, and frequent defragmentation. In my comment, today, I want to encourage readers to adopt Glass’ advice, and, if you have the budget, to consider a few other enhancements to improve performance..."

Read more

Is your client an attorney? Be aware of possible constraints (Part 2)

by Sean L. Harrington

"In my first post several weeks ago, I discussed some of the special obligations that digital forensics investigators may have while in the employ of a lawyer. I elaborated briefly on the duty to zealously guard the attorney-client privilege, to correctly apply the work product doctrine, and to conduct investigations in a way that does not compromise the integrity of the case or the rights, privileges, or immunities of the retaining party. In this second part of the series, I will explore another important factor for consideration by examiners: the legality of investigative techniques..."

Read more

iPhone Tracking – from a forensic point of view

Posted by 4rensiker

"iPhoneTracking is sexy! Every mobile forensic suite, at least the ones dealing with iPhones, are providing it proudly. iPhoneTracking also has been a hot topic in the media all around the globe. People stated that there is a way to display every step of an iPhone user ever since the device got bought. Hmm...sounds great for all kind of investigations! Let’s see..."

Read more

Android Forensics Study of Password and Pattern Lock Protection

Posted by Oxygen Software

"Let’s see what Pattern Lock is, how to access, determine or even get rid of it? We’ll also speak about Password Lock Protection and find out what it has in common with Pattern Lock. And finally we’ll try to understand how these locks are related to forensic investigation process. Generally pattern lock is a set of gestures that phone user performs to unlock his smartphone when he needs to use it. It seems to be complicated, but actually it is not..."

Read more

Skype in eDiscovery

by Stuart Clarke, 7Safe

"The EDRM (Electronic Discovery Reference Model) is a widely accepted workflow, which guides those involved in eDiscovery. Typically, the identification and collection phases see email and common office documents harvested, but as technology moves forward is this enough? Many of us are experiencing a rise in audio discovery projects using solutions including phonetics and speech to text. In time this is likely to move onto rich media, in particular video. As a forensic analyst, I know only too well the variety of different data sources which are overlooked in electronic disclosure exercises, yet I appreciate the strong argument of proportionality. Nevertheless, it is relatively straightforward to circumvent some proportionality claims with the appropriate skill sets and techniques. Throughout this article I will discuss proof of concept solutions dealing with Skype in eDiscovery..."

Read more