Using IEF across multiple devices.

CEIC 2015 Student Session Series: Investigating a User’s Internet Activity across Computers, Smartphones and Tablets

CEIC 2015

Students from Champlain College and the Leahy Center for Digital Investigation (LCDI) attended multiple training sessions while at the Computer Enterprise Investigation Conference (CEIC) 2015. Student Mary Reilly  presents some highlights from the Investigating a User’s Internet Activity across Computers, Smartphones and Tablets session.

In practice, very few individuals will argue against the ease of use that makes Internet Evidence Finder so popular.  The software has evolved into a remarkably intuitive forensic suite which seeks to make otherwise arduous investigative tasks an easy, streamlined, and uncomplicated process. Rob Maddox and Jamie McQuaid, from Magnet Forensics, in their presentation titled “Investigating Internet Artifacts across Devices,” took time to further demonstrate the forensic capabilities of IEF (Internet Evidence Finder) with regards to tracking internet evidence not only on an individual machine, but across a multitude of devices belonging to a given user.

Using IEF and EnCase Together


Magnet Forensics’ Director of Global Training Rob Maddox was knowledgeable and entertaining in his presentation of the company’s tool, keeping his audience engaged as he demonstrated the level of integration that can occur between IEF and multiple devices.  To jump into some level of specificity, IEF ultimately makes the investigation of multiple devices as simple as selecting that device from a dropdown menu after adding it to a case.  An investigator may then choose to search a specific device, or all devices with his or her desired parameters or keywords.  Certainly, such a task is possible with other forensic suites like EnCase, FTK, or X-Ways; none of these tools, however, introduce such a high level of simplicity as IEF.

There’s often a fine line between presenting your tool and presenting a thinly-veiled sales pitch. Despite this, Maddox was quite genuine in his drive to educate users on his tool’s capabilities. For even those familiar with IEF, the presentation introduced new concepts on how to use the tool not only for exploration but for comparison, evaluation, and timelines. Coordinating different sources of evidence such as hard drives, tablets, and smartphones, into a single case in IEF allows for quick and intuitive browsing of larger sets of data cutting down on time spent trying to connect the dots. The activity and artifacts generated on each device are represented visually for quick comparison and can be kept separate or viewed as one continuous timeline for gaining a big-picture understanding of the overall scenario.

Overall, IEF is a unique and useful tool with no real equal for examining web artifacts across platforms and devices. Its ability to compile the evidence found from internet activity is unparalleled and creates the difference between long, laborious, tricky timelines and swift, organized data amalgamation. These are some of the highlights from the session, but Maddox and McQuaid went into great depth on internet activity, and we would highly recommend this Guidance Software session!

You can read more on the classes Champlain College students attended while at CEIC 2015 on the LCDI Blog Page.  To read about current LCDI information visit our website at

LCDI Facebook

 LCDI Twitter








More Research Projects
The Leahy Center Inventory Project
Social Media Footprint Awareness
My Experience on The VPN Comparison Team