±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36303
New Yesterday: 1 Visitors: 207

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

future challenges and trends

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2, 3, 4  Next 
  

neddy
Senior Member
 

Re: future challenges and trends

Post Posted: Mar 31, 06 14:43

- ifindstuffucantfind


"many registry keys contain evidence that can tell you who was sitting at that machine when the illegal act happened, which is what everyone wants to know."



Im not sure that is the case. It is not possible to prove someone was sitting at a computer logged into a specific user account at a specific point in time. It is however quite reasonable to state somebody was logged in to at a specific user account at a specific point in time. That somebody could be the suspects Grandmother but you cant prove it by registry keys alone.

A white paper on distributed computing another development to be considered with regard to the future of digital forensics.

www.dfrws.org/2004/bio...omance.pdf
_________________
Neddy
Forensic Computer Analyst (LE)
BSc (Hons)
!(-.-)!~~ 
 
  

keen
Newbie
 

Re: future challenges and trends

Post Posted: Apr 03, 06 18:50

Hey Neddy,

thanks for the link to the Digital Forensics site. looks like lots of information there. Is "digital forensics" a new or separate field from straight up computer forensics? is it wireless forensics?  
 
  

neddy
Senior Member
 

Re: future challenges and trends

Post Posted: Apr 03, 06 20:57

Im not sure keen, I have noticed a trend as of late to refer to computer forensics as digital forensics, I guess this new term covers all digital forensic devices from pda's to mobiles to pc's. You say tomatoe I say tomatoe etc. I dont believe the term 'digital forensics' is restriced to wireless applications.
_________________
Neddy
Forensic Computer Analyst (LE)
BSc (Hons)
!(-.-)!~~ 


Last edited by neddy on Apr 04, 06 13:16; edited 1 time in total
 
  

OldDawg
Senior Member
 

Re: future challenges and trends

Post Posted: Apr 04, 06 02:53

Up until two weeks ago I was reading a book called, "Real Digital Forensics" (until I lost it or somebody stole it). It was computer forensics and not some specialized part of CF.  
 
  

AwesomeMachine
Newbie
 

Re: future challenges and trends

Post Posted: Apr 06, 06 12:05

Putting a certain person at the keyboard, at a certain time, after the fact will be the biggest challenge. Second to that is going to be criminals developing skills to use someone elses computer to do their dirty work, store contraband, store records, create mayhem. Every Windows computer can be uniquely identified by the MD5 hash sums of the photos in "My Photos", the serial numbers of the chassis components, the file hal.dll, and a host of other criteria. I'm very surprised no one has written a program to easily hijack a computer on a residential internet connection.

WinHex has a facility to coherently read NTUSER.DAT, which, in reality, is part of the MS Windows registry. Regedit does not allow viewing this file, which is full of juicy data. I don't know how much black box work has been done with WinHex, so I don't how reliable it would be as testimony.
_________________
Those who exalt human intellect are laughing stock for The Sons of God. 
 
  

keydet89
Senior Member
 

Re: future challenges and trends

Post Posted: Apr 06, 06 16:02

AwesomeMachine,

Interesting post.

"Putting a certain person at the keyboard, at a certain time, after the fact will be the biggest challenge."

It already is. This is something LEOs and forensic analysts try to do all the time. However, without some sort of visual evidence, it's nearly impossible to do.

"Second to that is going to be criminals developing skills to use someone elses computer to do their dirty work, store contraband, store records, create mayhem."

Again...we're already there. We've been there for a long time. In fact, it's no longer really even an issue of a criminal developing the skills, but of a newbie getting his hands on a worm/Trojan creation toolkit and accessing someone else's computer with NO skills.

"I'm very surprised no one has written a program to easily hijack a computer on a residential internet connection."

Been around for a long time. In my book, I mentioned an autorooter. Add to that bots and worms...

"Regedit does not allow viewing this file..."

Really? So, when I opend up the RegEdit and look at the HKEY_CURRENT_USER hive, what am I looking at?

Hint: I'm looking at the content of the NTUSER.DAT file for that account.

Harlan  
 
  

debaser_
Senior Member
 

Re: future challenges and trends

Post Posted: Apr 06, 06 18:56

- AwesomeMachine
Putting a certain person at the keyboard, at a certain time, after the fact will be the biggest challenge. Second to that is going to be criminals developing skills to use someone elses computer to do their dirty work, store contraband, store records, create mayhem. Every Windows computer can be uniquely identified by the MD5 hash sums of the photos in "My Photos", the serial numbers of the chassis components, the file hal.dll, and a host of other criteria. I'm very surprised no one has written a program to easily hijack a computer on a residential internet connection.

WinHex has a facility to coherently read NTUSER.DAT, which, in reality, is part of the MS Windows registry. Regedit does not allow viewing this file, which is full of juicy data. I don't know how much black box work has been done with WinHex, so I don't how reliable it would be as testimony.


Are the md5 hashes salted with a value unique to that particular machine or something? Is there any papers written on these types of things on the net? Id like to read up on it.  
 

Page 3 of 4
Page Previous  1, 2, 3, 4  Next