Menu
Menu (tap to expand)
Menu
Once you are ready to download a Forensic Note or Forensic Notebook, refer to the Download FAQ section.
Information on how to validate your files is also discussed.
Menu
Menu (tap to expand)
Menu
Once you have decided what type of Notebook you want to create, you can create the type of notebook you need within the “All Notebooks” panel.
Changing Notebook Name:
In the video above, the user double-clicks on the notebook name to go into edit mode so that the Notebook name can be changed.
Edit Note Name
Double-clicking Notebook and Note name to go into edit mode works on both desktop and mobile devices.
The new Notebook will automatically show up within the “Selected Notebook” panel when it is created.
A new note within the Notebook can now be created by clicking the “New” button.
A new non-timestamped note will then be created.
Editor Overview
The advanced editor has many features including an auto-save feature to ensure you do not lose your notes.
Auto-Save Feature
Auto-Save – Date & Time Displayed
The editor will display the last time a note was saved in the lower right corner.
Additional Editor Features
The editor also has the following features:
- Spell correction
- Adding images into your notes
- Editing images
- Adding hand-written notes and diagrams
- And many more…
Editor Features – FAQ
For information on how to complete the above tasks and many more, refer to our Editor FAQ page.
Timestamping A Note
When you are ready to Timestamp your note, click the “Timestamp” button below the editor.
This will:
- Generate a PDF of your note
- Digitally sign your PDF with an electronic signature and add a timestamp from an independent timestamping authority. (This process generates a Forensic Note)
- A second timestamp is then obtained for the Forensic Note (PDF)
Generating a Forensic Note is like carving your note in solid granite.
Once you generate a Forensic Note, you will not be able to change that note.
Editable copies of your Forensic Note can be created but the original Forensic Note will remain un-altered.
Timestamping – Further Information
If you are interested in the technical details of timestamping a note, please refer to our detailed article “Timestamping Authority (TSA)“.
Editing Notes
To edit a note, click the “Edit Note” button as shown below.
As shown in the above video, you do not have to re-timestamp the new note until you are ready.
Editing a Forensic Note – Actually You are Creating a Copy to Edit!
Each time you edit a timestamped note (Forensic Note), you create a copy of the original and edit the new copy.
The original Forensic Note (Timestamped Note) remains un-altered.
Although you can change the date and time of the note entry, this does not affect the actual timestamp which can be used to show when you saved the note.
As a result, editing Forensic Notes should only occur to correct minor mistakes such as spelling, grammar or to further clarify existing information.
Attempting to change a notes original meaning or removing information you no longer want disclosed can be discovered by the opposing party.
This is because the original note will be part of the Forensic Notebook you download for legal disclosure.
Instead of removing information, you should instead Redact the information as you normally would.
Forensic Notes increases your credibility because you can prove that you are providing all information you have related to an incident.
As discussed within the “Types of Notebooks” section, only the following notebooks allow editing of Forensic Notes:
- General Notebooks
- Forensic Notebooks (w/ edits)
As shown in the image above, you can view All Timestamped Notes (Forensic Notes) by clicking on the icon indicated which will result in the following view.
As you can see above, the original Timestamped note (Forensic Note) is still visible and available for download.
All versions of a Forensic Note will be displayed in this view with each version clearly identified.
Full Disclosure – Editing Notes
When you download a Forensic Notebook, it will include all previous versions of Forensic Notes to provide full disclosure.
Menu
Menu (tap to expand)
Menu
Which Notebook is Right for You?
Forensic Notes offers three (3) different types of Notebooks to meet your specific needs.
- Forensic Notebook *
- Forensic Notebook (w/ edits) *
- General Notebook
* Professional account required
Forensic Notebooks
Forensic Notebooks are the purest form of contemporaneous notes.
If full-disclosure is a legal requirement you need to abide by, then a Forensic Notebook is what you need.
Forensic Notebook
This is the closest replication of a bound paper notebook and pen in electronic form.
Like pen and paper, once you write a note (and timestamp it), the note will remain as written.
No edits or modifications allowed.
Any notes that are marked as ‘deleted’ will be crossed out.
Date & Time associated with an individual note is obtained from the timestamp certificate issued upon completion of a note.
Main Advantage:
- Full-Disclosure
- Each note is Digitally Signed, Timestamped and saved as a Forensic Note
Write-Once, Read-Many (WORM)
Forensic Notebooks that don’t allow edits are also referred to as a WORM Notebook (Write-Once, Read-Many).
Forensic Notebook (w/ edits)
This is for those that need a Forensic Notebook for documenting actions, but still want the ability to edit notes afterwards.
This notebook is ideal for making the following types of ‘tidying up’ corrections:
- Spelling
- Grammatical
- Date & Time*
- Clarifying information
Editing of notes is not intended to:
- Remove notes you no longer want to disclose
- Change a theory or step previously taken
This is because the above changes would be disclosed within the downloaded Forensic Notebook PDF.
Every previous version of a note, generated when a new version is timestamped, is included at the back of the downloaded PDF.
Create a professional version of your notes while still adhering to full-disclosure rules.
Main Advantage:
- Full-Disclosure
- Each note is Digitally Signed, Timestamped and saved as a Forensic Note
- Ability to ‘tidy up’ notes
Full-Disclosure Note:
The note will display the timestamped Date & Time of every previous note. Previous versions of the note with the original timestamp can be used to confirm when you made your original note and if its ‘true meaning’ has changed since that time.
General Notebook
This is for general note-taking, offering all the same features as a Forensic Notebook without full-disclosure.
Not For Legal Purposes
This notebook is not meant for legal purposes. But, individual notes can be timestamped creating a Forensic Note.
Forensic Notes can be used in legal situations.
General Notebooks do not limit your ability to edit or delete existing notes. You are in full control.
Main Advantage:
- Downloaded PDF Notebook only includes the notes you want to disclose (deleted notes are not included).
Menu
Menu (tap to expand)
Menu
Within the “Selected Notebook” panel, you have several options as shown in the image below.
Create New Note
This option will allow you to either create a new note or folder.
Folders are solely for helping to organize your notes within the Forensic Notes application.
Folders do not affect the final Notebook when it is generated as a PDF.
Download
This option will allow you to download either a single Timestamped Note (Forensic Note) or a Notebook depending on if you have the root node (Notebook) or an individual Forensic Note selected.
Delete Note
This option will allow you to delete a non-Timestamped Forensic Notes.
See below for information on “Mark Forensic Notes as Deleted” option.
Deleting Forensic Notes – “Mark Forensic Note as Deleted”
Forensic Notes cannot be deleted once they are timestamped.
Similar to the idea that you cannot permanently remove or cover up a note written in pen in a paper notebook, you can’t permanently delete a timestamped note in your electronic notebook.
Instead, we allow you mark the note as deleted which still allows the note to be readable, but crossed out to indicate that a mistake was made.
You are also able to provide a reason for the deletion which will be included in your Forensic Notebook PDFs.
For further information on how to Mark Forensic Notes as Deleted, refer to the
“FAQ – How Do I?” section.
Audit Logs
Audit Logs within this section only show actions taken against the currently selected Forensic Notebook.
Audit Logs are only generated for actions involving Forensic Notebooks and Forensic Notes. Actions against Non-Timestamped Notes and General Notebooks are not captured.
Audit Logs – Admins Only!
This option is only available to Administrators of your account.
Regular users will not be able to see the audit logs.
For more information on managing Team Members, click here.
View All Timestamped Notes (Forensic Notes)
This option is only available for:
- General Notebooks
- Forensic Notebooks (w/ edits)
This option allows you to view all timestamped notes associated with your Forensic Notebook including older versions.
Both General and Forensic Notebooks (w/ edits) allow you to edit existing notes and re-timestamp as required.
When you choose to edit a timestamped note, the system will make a copy of your original timestamped note to edit. The original timestamped note (Forensic Note) will remain un-altered and available if required.
To switch back to viewing “Active Documents”, click the Notebook icon as shown in the image below.
Editor Overview
Editor Features
The Note Editor contains many features, for further details refer to our “FAQs – Editor Features” section.
Menu
Menu (tap to expand)
Menu
Within the “All Notebooks” panel, you have several options as shown in the image below.
We will now break down each option in more detail.
Create New Notebook
Forensic Notes Professional accounts offer three (3) different types of notebooks:
- General Notebook
- Forensic Notebook
- Forensic Notebook (w/ edits)
Starter Accounts
Starter accounts are limited to “General Notebooks” only.
To determine which notebook you should use, refer to “Types of Notebooks” section.
As you can see in the image, you can also create Folders so that you can organize your Notebooks to suit you or your organization’s needs.
Arranging Notebooks & Folders
Only Administrators will be able to re-arrange notes and create folders within the “All Notebooks” section.
By default, the user who created the account will be set as an Administrator.
For more information on managing users within Team accounts, click here.
Team Accounts:
By default, all Starter and Professional accounts are setup to invite other Team Members.
Delete Notebook
This option will allow you to delete the currently selected notebook if no Forensic Notes exist within that notebook.
Audit Logs
Audit Logs in this section show a history of activities that have occurred in your account including, but not limited to:
- Creating Forensic Notebooks
- Creating Forensic Notes
- Viewing Forensic Notes
- Downloading a Forensic Notebook
- Downloading a Forensic Note
Audit Logs are only generated for actions involving Forensic Notebooks and Forensic Notes.
Actions involving Non-Timestamped Notes and General Notebooks are not captured.
Audit Logs – Admins Only!
This option is only available to Administrators of your account.
Team Members will not be able to see the audit logs.
For more information on managing Team Members, click here.
Menu
Menu (tap to expand)
Menu
Watch: Introduction to Using Forensic Notes
Play Video
Overview of Forensic Notes (Advanced Mode)
As you can see in the above overview of the application, a selection in the “All Notebooks” panel changes the view in the “Selected Notebook” panel.
A selection in the “Selected Notebook” panel then changes the current note being viewed.
Now let us look at each panel section in more detail.
Menu
Menu (tap to expand)
Menu
After you create your account, you will be logged into the Forensic Notes application.
Terms & Conditions
The applications Terms and Conditions will be presented to you upon login.
Please check (and read) each term and then click the “I Accept” button.
Select Time Zone
Selecting the appropriate Time Zone will allow all date/times to be displayed in your local time in the application and any PDF reports.
Time Zone
All times are stored in UTC within the system which will allow you to change the time zone later if required.
Document Workplace Bullying Harassment & Discrimination for Free
Court-Ready Documentation!
Designed for:
- Workplace Harassment
- Workplace Discrimination
- Workplace Bullying
- Hostile Work Environments
Documenting your experiences is one of the most powerful actions you can take against bullying.
Privacy is Protected – Security is Forensic Notes’ #1 Priority
Forensic Notes are securely stored and encrypted so only you can access and read your notes until you decide to provide them to others.
All private data is encrypted at rest and in transit.
Easily Defend Against Attacks Surrounding the Credibility of Your Dates
The ability to prove when you wrote a note or saved a document is essential in both civil and criminal court.
However, the reality is that it is very easy to change the date of most computer files such as MS Word documents.
Forensic Notes protects your credibility when questioned!
Easily PROVE the Authenticity of Your Notes & Documents
Every Forensic Note PDF is Timestamped by an independent Timestamping Authority (TSA) and then Digitally Signed. A second Timestamp is then obtained before all the information is entered into our proprietary Validation Tool.
Validating a Forensic Note is fast and easy. Simply Drag & Drop!
No Obligation – No Payment Information Required
Let Us Help You Through This Tough Time!
– Customized Interface & Features –
Workplace harassment is an all-too-common phenomenon in today’s workplaces which can lead to physical and mental health issues such as anxiety, depression and panic attacks among those who are victims of it. While it isfrequently of a sexual nature, workplace harassment also takes other forms andmay involve violence, bullying or other abusive, threatening or demeaning behavior…With adequate evidence, such as those which Forensic Notes empowers victims to assemble, a victim of workplace harassment can confidently fight against harassment and potentially receive compensation that could be in the hundreds of thousands of dollars…
Why Use Forensic Notes to Document Workplace Harassment?
Stop Sexual Harassment in the Workplace
- Prove* when you were harassed
- Prove* who witnessed the workplace harassment
- Prove* how you felt on any given day as a result of your workplace harassment
- Paper notebooks and electronic files can be easily altered resulting in your credibility being questioned within the courts — Go to court with confidence…Go to court with Forensic Notes which are Digitally Signed and Timestamped by an independent third party proving you made the note on the date stated in your document
With Forensic Notes, you will be able to state in detail all occurrences of workplace harassment, who witnessed the harassment and how you felt as a result of the harassment years after the incident. Would your credibility be questioned in court if you can state in detail what happened two years prior not only for one incident, but numerous incidents and also prove that you had made those notes two years prior?
Disclaimer: * “Prove” does NOT indicate that Forensic Notes provides 100% undeniable proof that something occurred, rather Forensic Notes helps you as the author prove your information taking into account your evidence, background and articulation of the events. With Forensic Notes, you can help prove that you entered the note on a given date and time.
Supported Browser Versions
Forensic Notes supports the current and prior major release of Chrome and Internet Explorer web browsers. Forensic Notes is committed to providing the best user experience to it users through new technology which is offered by the latest browsers. New browsers also provide additional security and protection of your sensitive information which is Forensic Notes #1 priority.
Forensic Notes supports the following browsers:
Future Browser Support
We are currently working to support Firefox, Internet Explorer & Edge browsers. If you would like to be notified when Forensic Notes can be accessed with these browsers, please enter your email below.
Cookies and JavaScript
Cookies and JavaScript must be enabled to properly use the Forensic Notes application.
What is an Electronic Sigature (eSignature)?
Electronic signatures (eSignatures) are the equivalent of a handwritten signature in the paper world. In simple terms, an electronic signature is simply a digital image of a signature displayed within an electronic document.
What is a Digital Signature?
Digital signatures strengthen electronic signatures by encrypting the contents of a document which allows applications to detect if the document was tampered with or altered.
Although digital signatures appear to be complicated, the knowledge required to use and validate digitally signed documents associated with Forensic Notes is minimal.
For most people using Forensic Notes, the above information is all that is needed to understand the Digital Signing process.
Forensic Notes Proprietary Validation Tool will complete the complex validation and simply display the validity of the document as either being Valid (Green) or Invalid (Red).
Technical Information – Digital Signature
The digital signature relies on a digital fingerprint which is a SHA-512 Hash value. The Hash value is calculated using a one-way encryption algorithm which generates the unique value for the document.
The only way to generate a duplicate SHA-512 Hash value is if an exact duplicate file is analyzed.
The digital fingerprint is then encrypted with a Private Key through a process involving Public Key Infrastructure (PKI).
As part of the Digital Signing process utilized by Forensic Notes, an independent digital timestamp is obtained from DigiStamp, our Timstamping Authority (TSA).
DigiStamp is trusted by large banks, government agencies and global organizations.
The digital timestamp is embedded within the Digital Signature at the time of signing. This allows the person viewing the document to know the exact data and time the document was digitally signed.
The result is an electronic document that is designed to detect tampering and modifications. If any modification or tampering of the document occurs, the signature becomes invalid and will fail to validate using Forensic Notes Proprietary Validation Tool.
In addition, the digital signature can be checked and validated within Adobe Reader or Adobe Acrobat.
Digital Signature – What does it mean for you?
From a legal perspective, this allows the creator of the Forensic Note to prove that a note or attached document existed at the date and time specified.
Not only can the owner prove that the note or attachment existed, but also that it has not been modified or altered since the signature was applied.
This is vital for admitting documents into a court room – as there may be challenges about the reliability of your documents and the time they were actually written.
Can you PROVE when you created a note or document?
Many people are not aware that a document can be easily manipulated to appear as if it was created days, months or even years in the past. The process can be easily accomplished by:
- Setting back the computers clock
- Creating a document
- Saving the document
- Resetting the computer clock
The result will be a document that appears to have been created in the past. Although it may be possible for an experienced digital forensic examiner to determine the original date, the process to do so is both difficult and time consuming.
Digital Signatures and Forensic Notes Proprietary Validation Tool solves the problem of being unable to prove when a document was saved. This ensures that the author of each Forensic Note can easily PROVE when a note or document was created.
As a result, you will be able to present your notes and documents and face any scrutiny with credibility and integrity.
Forensic Notes allows you to validate the authenticity of notes and attachments by physical file or by providing a SHA-512 Hash. To determine the SHA-512 Hash of your physical file, we suggest you download the following tool. Although it looks a bit ‘dated’, it is one of the easier to use applications for this purpose.
HashMyFiles by NirSoft
http://www.nirsoft.net/utils/hash_my_files.html
Download links can be found near the bottom of the page.
Every Forensic Note and Forensic Notebook is Digitally Signed by a Digital Signing Certificate issued by Comodo, a Certificate Authority (CA). By default, Adobe Reader / Acrobat do not have knowledge of the certificate which results in the warning “At least one signature has problems” (as shown below).
To properly validate your Forensic Notes and Forensic Notebooks, follow the steps outlined below which will add the Digital Signing Certificate to your list of Truststed Certificates. The following steps only need to be completed once on each computer viewing Forensic Notes and Notebooks.
NOTE: The following instructions are for Adobe Acrobat Reader CS. Other versions of Adobe Acrobat will have similar features and options.
Step #1 – Signature Panel
1. Click on “Signature Panel”
2. Click the dropdown menu next to “Validate All”
3. Click on “Validate Signature”
4. Click the “Signature Properties…” button
Step #2 – Signature Properties
The following menu shows the properties of the Digital Signature. As shown, the Forensic Note has not been modified since it was Digitally Signed.
1. Click the “Show Signer’s Certificate…” button
Step #3 – Certificate Viewer – Summary
The following menu shows further information related to the Digital Certificate.
1. Click the “Trust” tab
Step #4 – Certificate Viewer – Trust
The following menu shows that the associated Digital Certificate is not trusted.
1. Click the “Add to Trusted Certificates…” button
Step #5 – Add Trust Settings
This following menu allows you to set the Trust level for the Digital Certificate associated with Forensic Notes and Notebooks. To properly validate Forensic Notes and Notebooks, you only need to ensure that the following two (2) options are selected:
1. Use this certificate as a trusted root
2. Certified documents
3. Click “Ok” to save changes
Dynamic Content, Embedded high privilege JavaScript and Privileged system operation options do NOT need to be selected. These can cause potential security concerns in some environments and are not required for validating Forensic Notes.
Step #6 – Validate Signature
Now that the Digital Certificate is trusted within Adobe Reader/Acrobat, the Forensic Note or Notebook must be re-validated as it will continue to show errors until completed.
1. Click on menu icon next to “Validate All”
2. Click on “Validate Signature”
The Digital Signature will be re-validated now that the Digital Certificate is trusted.
Step #7 – Valid Signature
The Signature Panel should now show the following message:
“Signed and all signatures are valid”
View List of Trusted Certificates – Adobe Reader
To view the list of Trusted Certificates within Adobe Reader, following these steps:
1. Click “Preferences…” within “Edit” menu
2. Click “Signatures”
3. Click “More…” button within “Identities & Trusted Certificates”
4. View list of Trusted Certificates
Forensic Notes are timestamped by DigiStamp, an independent & trusted Timestamping Authority (TSA). DigiStamps’ Timestamp Certificate (.p7s extension file) is used to verify the date and time of your Forensic Note if the validity of the Forensic Note is ever questioned.
Timestamp Validation NOT Always Required!
The instructions within this article are provided to validate a Forensic Note with the generated Timestamp Certificate. However, validation via timestamp should only occur if the validity of the Forensic Note is questioned as the steps below are more complex than using the Forensic Notes Proprietary Validation Tool.
Steps:
1. Open the Forensic Note ZIP Archive (.zip) that you downloaded from your account
2. Locate the Forensic Note and Timestamp Certificate
3. Extract files from ZIP Archive into a regular folder
4. Go to: DigiStamp Timestamp Verification Tool
5. Drag & Drop the files into the DigiStamp Timestamp Verification application or press the “Choose Files” button to select your files from within File Explorer.
NOTE: Your personal information is not uploaded to the DigiStamp server.
~ Screen capture from DigiStamp site shown above (“Click to show instruction” clicked)
Verified Valid Timestamp
The following display confirms that the timestamp matches the Forensic Note. The date & time saved within the Timestamp Certificate is displayed within the DigiStamp confirmation application.
Good to Know – Filename Changes
Changing the filename of the Forensic Note or Timestamp Certificate has no effect on the validation process.
Changing a filename does not change the contents of the file or its’ HASH value. The HASH (SHA-512) value is used to validate a file with an associated timestamp.
Good to Know – UTC or GMT?
All dates & times stored or displayed are in UTC (Universal Time Coordinated).
UTC = GMT (Greenwich Mean Time
Technically, UTC is a time standard whereas GMT is time zone. Both are often used interchangeably and represent the same time offset.
Invalid Timestamp
Timestamp Certificate does not match the Forensic Note
The following shows that the Timestamp Certificate does not match the Forensic Note provided. If the filenames match but the following information is displayed, then this could be an indication that the Forensic Note has been altered in some way.
Each Forensic Note PDF has been Digitally Signed by [email protected]. As a result, any attempts to change the Forensic Notes PDF will result in a warning to the user when the Forensic Note is viewed within Adobe Reader / Acrobat as shown below.
Invalid Forensic Note – Document was changed
The above warnings indicate that the Forensic Note was modified in some way since it was originally saved and signed within the Forensic Notes application.
Valid Forensic Note
Digital Signature Not Trusted (Expected on 1st time viewing)
The certificate associated with the Digital Signature has not been trusted on the computer viewing the Forensic Note. This is expected when first viewing a Forensic Note on a computer for the first time. For steps on how to trust the Digital Certificate associated with the Digital Signature, go to How to Trust Digital Signing Certificate.
Valid Forensic Note
Adobe Reader / Acrobat Validation NOT Always Required!
The instructions within this article are provided to validate a Forensic Note via Adobe Reader or Adobe Acrobat. However, validation via the Forensic Notes Proprietary Validation Tool is recommended due to its ease of use and validation capabilities.
1. Open a Forensic Note / Notebook within Adobe Reader or Acrobat and ensure that the “Valid Forensic Note” signature panel is displayed (see below). If Digital Certificate has not been trusted, go to Trust Digital Signing Certificate and follow the instructions before proceeding.
2. Confirm that the PDF has been Digitally Signed by [email protected]
3. Confirm that the document has not been modified since the signature was applied.
4. Confirm that the signing time of the document approximately matches the time you have recorded within the Forensic Note or Forensic Notebook. To view the signing time of the Forensic Note, you must “Show Signature Properties…”.
Dates & Times – Why Approximately?
While validating a Forensic Note or a Forensic Notebook, up to three (3) different dates & times may be found which will all be valid if they fall within a couple minutes of each other due to how Forensic Notes are processed. Forensic Notes are processed in three (3) distinctive steps:
Step #1 – Database Save
Forensic Note information in saved read-only into the database. The date and time associated with saving the data into the Forensic Notes application is recorded and printed within the generated PDF.
Step #2 – Digital Signature Applied
A Forensic Notes PDF is generated which includes the printed date and time from Step #1. The Forensic Note PDF is then Digitally Signed with a Digital Signing Certificate. The date and time associated with the Digital Signature is recorded within the Digital Signature. This Digital Signature’s signing date can then be displayed within the PDF as the Signing Date & Time. (see Validate via Adobe Reader / Acrobat – Step #4)
Step #3 – Timestamp Generated
A one-way HASH of the Forensic Note PDF is sent to our independent and trusted third-party Timestamping Authority (TSA) which provides a timestamp of the Forensic Note or Forensic Notebook. The date and time associated with the timestamping is recorded within the Digital Timestamp Certificate and returned to the Forensic Notes application. (see Validate via Timestamp Certificate)
These three (3) steps are normally processed quickly resulting in minimal differences in times associated with all three steps. However, larger documents or heavy network utilization may result in longer delays between steps causing more significant time differences. As a result, times should approximately match within a couple minutes’ difference.
Fake a Date – File Metadata | ForensicNoteshttps://forensicnotes.wistia.com/medias/yco44b3enj
Change File Dates | Forensic Noteshttps://forensicnotes.wistia.com/medias/kq058tduv5
EEOC – What is the EEOC? | Forensic Noteshttps://forensicnotes.wistia.com/medias/3zmgro9ige
Workplace Harassment, Bullying & Discrimination | Forensic Noteshttps://forensicnotes.wistia.com/medias/zg6dqhow7q
Validate Forensic Notebooks, Notes and Attachments – How To | Forensic Noteshttps://forensicnotes.wistia.com/medias/93n0zsywsf
© TwiceSafe Software Solutions Inc. | All Rights Reserved
TwiceSafe Software Solutions Inc. DOES NOT provide any legal advice and users of this web site should consult with a lawyer to determine if the information provided on this site is valid for their given circumstances. Use of this web site is governed by our Terms & Conditions; refer to this document for more information.
Menu
Menu (tap to expand)
Menu
Multi-Factor Authentication (MFA) further secures your account from un-authorized access should someone obtain your username and password.
We highly recommend that you use your cellphone number and ensure you always have access to this device when logging into the application.
With MFA, you have two (2) options:
- Send Code (via text message)
- Call Me
Send Code (via text message)
MFA via Text Message is the most common way that users authenticate, but this does require you to manually enter the code provided within the login form after viewing it on your cellphone.
Call Me
We recommend that you use the “Call Me” feature as it is often the faster method.
Call Me
MFA via “Call Me” simply requires that you acknowledge the login by pressing the “#” (pound key) upon answering a call from Microsoft Azure on your authentication device (cellphone).
Upon granting access, the application will log into Forensic Notes.
Forensic Notes is employing all best practices in securing their application and the data that exists within it.
Mike Parsons
Security Evangelist & Mentor
Here are the 16 questions we get asked the most.
And our answers…
Q.1 Is Forensic Notes employing best practices in securing their application and the data that exists within it?
We understand this concern! In fact, there is a so much misinformation about the ‘cloud’ in the media, and TV and movies – we don’t blame you for being uncertain.
The reality is, however, that modern cloud storage solutions are often more secure and more reliable than what can be provided by your in-house IT department.
Let us convince you!
First, let us look at some facts:
- The ‘cloud’ is not some mysterious place where your information is stored in some unknown location in the world. When you use a proven cloud solution, your data is stored in highly secured datacenters on the most advanced servers in the world at known physical locations.
- Forensic Notes uses Microsoft Azure, a world leader in cloud solutions.
- Microsoft is investing a billion ($1,000,000,000) dollars each year to safeguard its Azure infrastructure by continuing to invest in cyber security research and development.
- Microsoft physically secures each datacenter to the highest standards (see video)
- Highly paid experts manage Microsoft Azure while having direct communication with the engineers and architects who developed the software running your critical applications.
- Microsoft Azure has obtained the most comprehensive compliance coverage of any cloud provider. Certifications include ISO, FedRAMP, HIPPA, etc. (see all certifications)
Can your IT department:
- Employ the top experts in the field, including experts in cyber security?
- Constantly upgrade and enhance the physical hardware of your network?
- Have direct communication with Microsoft to troubleshoot and quickly respond to potential security issues?
- Invest heavily in cyber security research and development?
- Use state of the art intrusion detection systems?
- Work with other Fortune 500 and Government agencies around the world?
- Listen to your needs as an end-user?
Chances are, your IT department just can’t do all of the above. Forensic Notes hosted on Microsoft Azure is your answer!
Q.2 Why did Forensic Notes choose Microsoft Azure as their cloud solution?
We worked hard to find the best solution for a secure cloud solution, and BizTech Magazine appears to agree with our choice! Read their article Why Enterprises That Value Security Trust Microsoft Azure
As a client of Forensic Notes, your organization can benefit from Azures world-class cyber security expertise and leverage the benefits of Microsoft’s annual Billion-dollar investment in technology and cyber security.
With this kind of support and proactive cyber security protection from Microsoft, you can have peace of mind that you are using the highest industry standards for cyber security.
Q.3 My organization requires that all data is stored in the United Kingdom (Canada / United States), what options do you have?
Forensic Notes currently hosts data in Azure datacenters located in the USA, but Professional clients who upgrade to Professional+ can choose to host within the United States of America, Canada or the United Kingdom.
You’ll have complete control over where your data resides, and we can work with your IT department or Chief Security Officer (CSO) to determine the best solution for your organization’s security needs.
For more information, see the Professional+ section.
Q.4 I think Forensic Notes would be more secure if it is hosted internally (in-house / on-site) within our network. Do you offer a Self-Hosted or Enterprise option for your application?
In some circumstances, organizations will choose this route depending on their needs and existing investment in their own security solution.
We can offer a variety of Enterprise options to meet your needs. Click here to view Enterprise solutions available. Please contact us if you have any questions.
Q.5 I need more detail about what makes the ‘cloud’ a more secure option than in-house?
Once again, this does depend on your organizations setup and current investment in security hardware and knowledge.
Forensic Notes utilizes several key Microsoft Azure Services that offer additional security not found in most IT environments, including:
- Azure Key Vault
Hardware Security Module (HSM) which protects the private keys used to decrypt your sensitive data. - Multi-Factor Authentication (MFA)
All logins MUST utilize MFA to ensure compromised passwords do not result in compromised data. - Data Encryption in transit and at rest
Data is encrypted using a unique encryption key for each note which can only be decrypted by utilizing the Azure Key Vault which logs every decryption. All data stored within SQL Server is also encrypted at rest using Transparent Data Encryption (TDE).
Click here to view detailed information on our security features.
Q.6 I do not trust the application if anyone can access the login page. What other options exist?
Professional clients can choose to upgrade to Professional+ which restricts access by IP address and allows you to choose the location of the server. For more information, see the Professional+ section.
Tell me more about Professional+
Professional+ is an upgrade offered to Professional clients (10+ users) that require enhanced security features, ability to select the data storage location and desire premium support.
Professional+ offers:
- Only Professional+ clients are hosted on the server
- Application access restricted by IP address
- Ability to choose the location of your server and stored data (Canada, United States, United Kingdom)
- Each Account is setup with a unique Encryption Key (Key Encryption Key – KEK) stored within Azure Key Vault. This allows you full access to all logs generated.
- Premium Support (24/7/365)
- Unique login page with non-descriptive URL and login page details
Special Note:
Professional+ is designed for Law Enforcement, Government Agencies and Professional Digital Forensic Labs that require enhanced security. As a result, application access is granted to authorized IP’s only. This means that you will not be able to access the application from public internet connections unless you are going through an internal network via VPN.
Upgrade Note
By default, all accounts are setup within the United States. If you would like to upgrade to Professional+, please be aware that we will not be able to transfer your already existing account to a different region. A new account will need to be setup.
If you are unsure if Forensic Notes is right for your organization, please use the regular signup process and test with non-production data. Once you are confident that Forensic Notes is right for you, we will setup your account in the country of your choice once payment has been received.
For Professional+ pricing, please refer to our Pricing page.
Q.7 I’m worried that my login credentials will be compromised. What are you doing to secure my password?
You are not alone with this concern. Sites have been compromised in the past which has resulted in billions of passwords being stolen.
This is why Forensic Notes does NOT store any passwords.
All account creation, logins and Multi-Factor Authentication is handled by Azure Active Directory B2C service which can handle billions of authentications daily. As a result, we are only able to initiate a password reset and have no ability to view or retrieve your password.
Azure B2C is trusted by organizations and government agencies around the globe, including the State of Indiana which utilizes Azure and B2C to manage numerous applications for its 6 million citizens.
IMPORTANT NOTE:
As a result of using Azure B2C, you will notice that upon signup or login, your browser address bar will redirect to
https://login.microsoftonline.com/forensicnotes.onmicrosoft.com/….
This is normal and upon successful login, you will be redirected to the Forensic Notes application.
Q.8 I work for a government agency so “the cloud” is not an option. What options do I have?
One of the main reasons Forensic Notes was created was to provide a solution to Law Enforcement agencies to move away from paper notebooks towards electronic documentation.
The State of Indiana is now utilizing Azure to host multiple applications to service approximately 6 million citizens within the state.
The State of Indiana is not alone in trusting Azure. Other governments, healthcare, insurance and technology agencies like Somerset County Council (UK), Medisys (Canada), Geico (USA) and Citrix (Worldwide) also trust Azure with their sensitive data.
View 880+ case studies detailing how organizations in Banking, Education, Government and Healthcare are using Microsoft Azure.
The reality is that government agencies are trusting Azure Cloud solutions to host some of their most sensitive information as Azure now offers a Government only cloud hosting which is currently available in both the United States and Canada.
In fact, Azure Government is Level 5 DoD approved.
If you are a Government agency and require an Enterprise solution that uses Azure Government, contact us to find out what options exist.
Q.9 I see that you allow Social Logins, doesn’t that make your application less secure?
As a user, access to your application may be considered less secure if you decide to use Social Login. But the reason why is not so obvious.
Multi-Factor Authentication (MFA) greatly enhances the security of any account but like anything security related, you must take the proper precautions to secure not only your credentials, but more importantly your MFA device.
Many people will leave their Gmail, Facebook or LinkedIn accounts logged in on their computer or phone. If a person obtains your cellphone, then they will also have access to your Multi-Factor Authentication (MFA) device. This would allow them to click on the login, select your appropriate social account and then utilize your phone to provide access via MFA.
Therefore, the security of your account is dependent on proper security of your MFA device (usually your cellphone).
Why do you allow Social Logins?
Many users want the convenience that Social Logins provide. By using a Social Login, you do not need to re-enter a password each time you login. This is why many organization offer Single Sign-On (SSO) services.
Some experts believe that SSO can enhance account security because when users are forced to provide a unique password for every account they manage, human nature says the result will be less-than satisfactory.
A Social Login does not inherently make your account less secure as the main security issue is the potential loss of an un-secured cellphone that is utilized as your MFA device.
If you are concerned about the use of social login, you can create a local account.
In addition, we provided a list below on how the security of ANY account can be further secured if you adhere and follow all of the following recommendations:
- Create a unique email address that will be used to create your account. Ensure that the password is unique and complex.
- Do Not write down your password except within a secured password manager application.
- Do Not use this email or password for any other services.
- Do Not auto-save the login credentials for this account on any devices including your cellphone.
- Do Not access your sensitive accounts from public or unknown Wifi access points.
- Encrypt your MFA device (cellphone) and use a strong password to lock your phone at all times when not in use.
- Ensure your MFA device is set to NOT allow answering of calls or viewing of text messages without being unlocked.
- Do Not use Social Login. Social Logins bypass the need to enter a password each time on trusted devices.
Q.10 What happens if Forensic Notes is taken offline due to a programming bug, DDoS or local internet blackout?
This is the reality of any application, be it online or offline. From a network perspective, Microsoft Azure protects client websites with a “distributed denial-of-service (DDoS) defense system that is part of the Azure continuous monitoring and penetration-testing process. The Azure DDoS defense system is designed not only to withstand attacks from the outside, but also from other Azure tenants”.
To handles application specific attacks, Forensics Notes utilizes various programming detection techniques and dynamic IP blocking.
Professional+ and Enterprise clients are further protected by using unique non-descriptive URLs and IP blocking of any unknown IP addresses.
If you ever encounter a problem when using Forensic Notes, please contact [email protected]
Q.11 What happens if a ‘hacker’ logs into the database and accesses all the information?
As discussed within the Security & Encryption page, every individual note and associated attachment is encrypted using a unique 256-bit symmetric key (Content Encryption Key – CEK).
This CEK is then encrypted using the public key of a 2048-bit asymmetric encryption key (Key Encryption Key – KEK).
The Private key (KEK) used to decrypt all data is stored and only accessible within the HSM Azure Key Vault.
As a result, even if a ‘hacker’ gained access to an individual service, they would not be able to decrypt the information as the system works in tandem to create the overall security of the application.
Each service is locked down to only operate with other specified services.
Q.12 What about if the ‘hacker’ is able to download the database and brute-forces each individual record?
According to Wikipedia…
“breaking a symmetric 256-bit key by brute force requires 2128 times more computational power than a 128-bit key. Fifty supercomputers that could check a billion (1018) AES keys per second (if such a device could ever be made) would, in theory, require about 3×1051 years to exhaust the 256-bit key space.”
Each note you create and store is individually secured with unique 256-bit key!
Moving from questions about technology to business practices…
Q.13 What happens if my accountant/accounting department, etc. forgets to pay the monthly (or yearly) subscription?
We are committed to maintaining and securing your important data. We send out reminders about payment for overdue accounts.
For significantly overdue accounts we may disable your ability to add new notes, but we would never hold notes or files hostage for payment nor delete your data without providing you with a reasonable opportunity to bring your account up-to-date.
Q. 14 What happens if your company folds and shuts down the service?
Any company could theoretically go out of business. We are committed to our customers and would never leave our valued clients without options or without providing significant notice of a pending shutdown.
We would do everything in our power to keep the site accessible to download existing files and records.
For Enterprise and Professional+ accounts, we would provide all source-code and instructions for properly deploying the application within your own Azure hosting environment.
For those organizations that require legal agreements, we would be happy to setup a software escrow for an additional fee.
Click here to find out more about Software Escrows.
Q.15 Is there 24/7/365 Support available?
Yes, we recognize that Forensic Notes will be a critical software solution within your organization. As a result, Premium Support is standard when you upgrade to Professional+.
All Professional and Enterprise accounts have standard Priority Email Support during the hours of 8am to 6pm PST.
Q.16 Who runs Forensic Notes?
Forensic Notes was founded by a group of guys living in Canada.
And who doesn’t trust Canadians?
These guys have a lot of experience involving technology and legal matters, both criminal and civil.
And no, it’s not because they’ve been arrested or sued a lot.
If you want to know more, please check out our Bio’s.
Back to Pricing Page
What Type of Notebook is Right for You?
Forensic Notes offers three (3) different types of Notebooks to meet your specific needs.
- Forensic Notebook *
- Forensic Notebook (w/ edits) *
- General Notebook
* Professional account is required for Forensic Notebooks. [more info]
Back to Pricing Page