The time to involve Calvin Weeks and Associates, LLC is now! Law requires that actual and potential electronic evidence be properly preserved and protected in its original format from spoliation as soon as you become aware of any pending legal action.
Welcome
Welcome to our page. Permission to access this information is restricted to those people and entities who accept the Terms & Conditions for use of our Website. Entering or viewing our Website signals your acceptance to these Terms & Conditions.
Login Form
Who's Online
We have one guest and no members online
Search Criteria
- Details
- Hits: 105
Search Criteria
The following default search criteria was intended for use on Windows based computer systems. Use this information as a guide to assist you in building your own search criteria templates to be used in Triage Forensics, Selective Forensic Collection, and other services where searches can be utilized.
Keywords
Here you can add keyword groups to your selective search. You may select more than one keyword group. If a file has a keyword from any of the selected keyword groups it is considered a match for this criteria. Create a text file containing your newline separated keyword list.
Example:
- “contract” will match any document with “contract”
- “operating agreement” will match any document with “operating agreement”
Hash Library
Here you can add hash groups to your selective search. You may select more than one hash group. If a file matches the hash from any of the selected has groups it is considered a match for this criteria. Create a text file containing your MD5Deep (http://md5deep.sourceforge.net/) hash list.Example:If you want to locate exact matches of files that we have already positively identified by a hash value.
Regular Expressions
Here you can add regex groups to your selective search. You may select more than one regex group. If a file matches a regex from any of the selected regex groups it is considered a match for this criteria. Create a text file containing your regular expression list. (http://regexlib.com)File Size
Here you can add file size constraints to your selective search. You may select more than one file size constraint. If a file’s size is within any of the selected constraints, it is considered a match for this criteria.
Example:
- Files between the size of ## (Bytes/KB/MB/GB) and ## (Bytes/KB/MB/GB)
- Files greater than size of ## (Bytes/KB/MB/GB)
- Files less than size of ## (Bytes/KB/MB/GB)
File Date
Here you can add date constraints to your selective search. You may select more than one date constraint. If a file’s date is within any of the selected constraints, it is considered a match for this criteria. For example, if you want to target files that were created within 7 days of the current date as well as those modified between 1/5/2010 and 2/6/2010, any files matching either date constraint is considered a match. (Based on Windows operating system meta data information)
Example:
- Files with the (Modified/Created/Accessed) between (Date) and (Date)
- Files with the (Modified/Created/Accessed) date newer than ## Days
- Files with the (Modified/Created/Accessed) date older than ## Days
File Extension
Here you can add file extensions constraints to your selective search. You may select more than one extension constraint. If a file’s extension if within any of the selected constraints, it is considered a match for this criteria. (Based on Windows operating system meta data information) (http://filext.com/alphalist.php?extstart=%5EA)
Example:
- Custom extensions with no periods (“.”) separated by commas
- File is a picture (jpeg, jpg, bmp, png, tif, gif, pic, ico)
- File is an executable (dll,exe,sys)
- File is a video (mp4,mpg,mpeg,avi,wmv)
- Typical eDiscovery Collection (docx,doc,xlsx,xls,pptx,ppt,pst,nsf,wpd,rtf,csv,odt,ods,zip,rar,msg)
- Typical Documents
- Typical Presentations
- Typical Email
- Typical Multimedia
- Typical Graphics
- Typical Archives
- Apple Disk Image Files
- SQLite Database Files
File Path
Here you can add file path constraints to your selective search. You may select more than one path constraint. If a file resides within that path or its subdirectories, it is considered a match for this criteria. (Based on Windows operating system meta data information)
Default:All data on the hard drive will be search.
Two choices:
- File resides in users home directory - and / or -
- File reside in Program Files Directory
Illicit Image Search
Here you can add illicit image detection to your selective search. You may only select one detection type.
Choices:
- High Score with fast scan speed
- High score with medium scan speed
- Medium score with fast scan speed
- Medium score with medium scan speed
Optional .PST email selective search
When you choose this option then the same selective search criteria will be used to process and filter all .PST files found within the original target search device. The results will be kept and maintained in a “filtered” .PST file for each of the original .PST files searched. (If eight .PST files are searched then the results will be eight smaller “filtered” .PST files.)
Optional “Full Preservation”
Here you get a complete bit-for-bit forensics image of the hard drive.
Included Meta-Data with Report
The following information will be provided from the system during Triage Forensics or as an option for Selective Forensic Collection:- Browser:
- Chrome Browser History: Locate the history for all users of that browser
- Default Browsers: The default browser for web based content
- Firefox Browser History: Locate history for all users of the browser
- Internet Explorer: Locate history data, registry keys, and urls that were typed directly into the browser
- Files:
- Desktop Files: Files located on the desktop
- MS Office Recently Opened: Microsoft Office files that have most recently been opened
- Recent Files: Files that were recently opened
- Recently Accessed Media Player Files: Recently Accessed Media Player Files
- Temporary Executables: Temporary excecutables stored on the target system
- Software:
- Acrobat History: Adobe Acrobat history
- Application Usage History: Recently launched applications
- Installed Software: List of the software installed on the system
- Manually Launched Apps: Applications launched via the Windows Run feature
- Microsoft Management Console: MMC usage history
- Program Files Software: Software installed in the Program Files
- Startup Programs: Programs that run at startup
- Network:
- IP Addresses: IP Addresses associated with the target
- System:
- Acquire Registry: Acquire Windows registry files
- System Information: Misc. system information
- Typed Paths: Available paths that were typed into Windows Explorer
- USB Devices: Any USB drives that were introduced to the target system
- Users:
- Owner Information: Metadata about PC owner
- SAM User: User accounts on the system
