LITIGATION SUPPORT TIP OF THE NIGHT

The NIST Guidelines for Media Sanitization, NIST Special Publication 800-88, discussed in the Tip of the Night for August 9, 2020, includes a Certificate of Sanitization that you can use to verify that data has been completely removed from a storage device.

This is a good official record that can be retained after a device is processed, that will note how data was purged, and whether or not the device was re-used.

Forensic tools exist which can analyze email headers to find the IP address of the computer a message was sent from, and also the geographic location it was sent from. eMailTrackerPro is an example of a tool which performs this task. eMailTrackerPro will help you track the origin of all emails in a particular account.

If you want to check the header of an individual email without software, you can use Google Toolbox's Messageheader, available here: https://toolbox.googleapps.com/apps/messageheader/

Input the header of the email into the toolbox, and click the option to analyze it.

You'll be able to lookup the location of the IP address and the associated ISP provider with online tools such as: https://www.iplocation.net/ip-lookup

The Tip of the Night for June 19, 2019, noted that Windows 10 stores the history of text and photos copied to the clipboard. Don't miss how easy it is to access this clipboard. If you simply prese the Windows key + v, the clipboard will appear at the lower right.

Attorneys will love being able to easily access the multiple quotes they have copied and pasted into a brief from caselaw on Lexis or Westlaw.

It's also a good as a simple forensic tool to check on a user's past activities. The clipboard history tool needs to be activated. Windows 10 apparently does not have it turned on by default.