Difference between pages "Cell Phone Forensics" and "Microsoft Office"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Links)
 
(External Links)
 
Line 1: Line 1:
== Guidelines ==
+
{{expand}}
  
# If on, switch it off. If off, leave off. Note only under exceptional circumstances should the handset be left switched on and in any case every precaution to prevent the handset connecting with the Communication Service Provider should be made. Consider use of a Faraday Bay (Shielded Bag).
+
== EventLogs ==
# Collect and preserve other surrounding and related devices. Be especially careful to collect the power charger. The phone's battery will only last a certain amount of time. When it dies, much of the data on the device may go too!
+
As of Office 2010 related Office Alerts EventLog:
# Plug the phone in, preferably in the evidence room, as soon as possible.
+
<pre>
# Retain [[search warrant]] (if necessary - [[LE]]).
+
C:\Windows\System32\winevt\Logs\OAlerts.evtx
# Return device to forensic lab if able.
+
</pre>
# Use [[forensically sound]] tools for processing.
+
  
== Notes ==
+
== See Also ==
 +
* [[Microsoft Office File formats]]
  
Expand on 5 as to what to collect:
+
== External Links ==
 +
* [http://dfstream.blogspot.com/2014/01/ms-excel-2013-last-saved-location.html MS Excel 2013 Last Saved Location Metadata], Jason Hale, January 12, 2014
  
* [[ESN]],
+
[[Category:Analysis]]
* [[IMEI]],
+
* [[Carrier]],
+
* Model Number,
+
* Color, and
+
* Other information related to [[Cell Phone]] and [[SIM Card]].
+
 
+
Process:
+
 
+
# Research the [[Cell Phone]]. Visit PhoneScoop.com for more information
+
#
+
#
+
#
+
 
+
== Links ==
+
*[http://www.Phone-Forensics.com Phone-Forensics.com]
+
*[http://www.PhoneScoop.com PhoneScoop.com]
+
*[http://www.mobileforensics.com MobileForensics.com]
+
*[http://www.SmartPhoneForensics.com SmartPhoneForensics.com]
+

Revision as of 16:26, 13 January 2014

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

EventLogs

As of Office 2010 related Office Alerts EventLog:

C:\Windows\System32\winevt\Logs\OAlerts.evtx

See Also

External Links