±Partners and Sponsors
New Today: 3
New Yesterday: 4
±Follow Forensic Focus
· Webmail Forensics – Digging deeper into Browsers and Mobile Applications
· Operation Endeavour: The Tip of the Iceberg?
· Forensic analysis of the ESE database in Internet Explorer 10
· WhatsApp – discovering timestamps of deleted messages
· Man In The Middle Attack: Forensics
· Extracting Evidence from Destroyed Skype Logs and Cleared SQLite Databases
· Windows 8 File History Analysis
· Understanding Rootkits: Using Memory Dump Analysis for Rootkit Detection
· Bitcoin Forensics Part II: The Secret Web Strikes Back
2009Back to top Back to main Skip to menu
A photos-only application can be a very handy part of a digital forensic examiner's “toolkit.” Many cases revolve around recovered images, whether the matter is criminal, civil or domestic. Adroit Photo Forensics from Digital Assembly (Brooklyn, NY, USA) has been created as just such a tool. The current version, 1.003, of Adroit Photo Forensics was released commercially in September 2009. Full disclosure: I was one of the testers of the first few beta versions, but have no financial interest in the company or their products, other than receiving a copy for evaluation purposes. more ...
Advanced Live Forensics & RAM Analysis Training
Worcester University, UK, Oct 20th - 22nd 2009
Course run by Nick Furneaux, CSI Tech.
Perhaps the biggest changes and advances in computer forensics over the last few years have come from the collection and subsequent analysis of volatile data from running systems. Look back just 3 years ago or so and you’ll see a profession where the widely accepted view was that if you were to find your target computer on, you’d pull the power. The turnaround in approach is such that to take that approach now could even be considered negligent; for by pulling the power before you’ve collected the volatile data you’re quite likely to be destroying a whole mass of incredibly useful data. more ...
Helix 3 Enterprise (H3E) is e-fense’s flagship investigation suite pitched at a similar level as EnCase Enterprise or Access Data Enterprise. It’s aimed at organisations which need to be able to carry out incident response, forensics and e-discovery functions over networks. H3E facilitates centralised incident response, imaging of drives and volatile data and also enables scans and searches of a user’s internet history and documents on any computer which has had the H3E Agent pre-installed on it. The integrity of data in transit and within the H3E database is ensured through 256-bit AES encryption. more ...
Digital evidence needs to come from somewhere, right? It doesn’t appear, “forensically sound”, from out of the blue. And the phrase “forensically sound” is key – the evidence needs to be acquired in a manner that ensures that the process doesn’t modify the evidence in any manner. There are exceptions to this – cell phones and live acquisitions come to mind – but even then, the process should be minimally invasive.
The key to this acquisition process is the ubiquitous write blocker, probably the most important tool in any acquisition kit. A write blocker was my first forensics hardware purchase and I keep my collection of write blockers up to date religiously. more ...
Cyberstalking is the new urban terror – the message rang home loud and clear at the Digital Safety Conference in London last week (Friday).
For although, in Cyberspace, no-one hears you scream, increasing numbers of people are getting off on imagining it.
The evils of instant communication – texting, live chat, social networking – were laid out in lurid detail before delegates meeting in a brick-lined space known as The Brewery, near the city’s Barbican.
Tales of horror: physical threats and psychological manipulation, poured out. The family pursued relentlessly via emails, bulletin board postings and websites dedicated to damaging their names for more than five years. The teenager who suffered Post Traumatic Stress Syndrome following a campaign of anonymous texts. The Information Age exposed in all its gory. more ...