The need for effective event management

First published November 2006

courtesy of GFI Software –


Underrated, undervalued and underutilized; events management is most often rated as a tedious and ungrateful task. System administrators shy away from event logs and the events contained within, citing … Read more

Reflections on a first computer forensic investigation

First published October 2006

by Brian Marofsky

What follows is a synopsis of the experience I had of conducting my first computer forensic investigation. It was my no means a text book investigation. I made my share of mistakes but … Read more

Dissecting NTFS Hidden Streams

First published July 2006

by Chetan Gupta
NII Consulting, Mumbai

Cyber Forensics is all about finding data where it is not supposed to exist. It is about keeping the mind open, thinking like the evil attacker and following
Read more

VMWare as a forensic tool

First published May 2006

Brett Shavers
May 2006

VMWare Workstation is one of the most up and coming software applications in both the corporate environment and in the computer forensic community. This paper will not detail the inner workings of

Read more

The Farmer’s Boot CD

First published May 2006

Preview Data in Under Twenty Minutes
by Thomas Rude


Preview Data in Under Twenty Minutes

On January 1, 2006, THE FARMER’S BOOT CD, or FBCD for short, was officially released to the … Read more

Forensic Analysis of the Windows Registry

First published April 2006

Lih Wern Wong
School of Computer and Information Science, Edith Cowan University
[email protected]


Windows registry contains lots of information that are of potential evidential value or helpful in aiding forensic examiners on other aspects of … Read more

Evidentiary Value of Link Files

First published March 2006

by Nathan Weilbacher

I have been reading the posts in Forensic Focus for about a year now and on many occasions I have followed with great interest the threads of discussion on many topics. There are … Read more

Real-Time Steganalysis

First published October 2005

A Key Component of a Comprehensive Insider Threat Solution

James E. Wingate, CISSP-ISSEP, CISM, IAM
Director, Steganography Analysis & Research Center (SARC)
Vice President for West Virginia Operations
Backbone Security.Com


Chad W. Davis, CCE… Read more

Digital forensics of the physical memory

First published September 2005

Mariusz Burdach
[email protected]
Warsaw, March 2005
last update: July 11, 2005


This paper presents methods by which physical memory from a compromised machine can be analyzed. Through this methods, it is possible to extract useful … Read more

An Analytical Approach to Steganalysis

First published August 2005

by James E. Wingate, CISSP-ISSEP, CISM, IAM
Director, Steganography Analysis & Research Center

Chad W. Davis
Computer Security Engineer
Backbone Security.Com


Rapidly evolving computer and networking technology coupled with a dramatic expansion in … Read more

Smart Anti-Forensics

First published June 2005

by Steven McLeod
steven [email protected] com au
May 2005


This paper highlights an oversight in the current industry best practice procedure for forensically duplicating a hard disk. A discussion is provided which demonstrates that … Read more

Share to...