Articles

Timeline Analysis – A One Page Guide

First published February 2010 by Darren Quick Comments and suggestions may be sent to darren_q@hotmail.com Prepare The scope of the request determines the data to be collected, such as within a specific timeframe, and data of relevance such as specific

The darker side of computer forensics

First published January 2010 by John Irvine http://johnjustinirvine.com http://twitter.com/John_Irvine For the better part of the past thirteen (thirteen?!) years, I have been a computer forensic examiner. Sure, the title varies by job and location — digital forensic analyst, media exploiter,

Serving search warrants in Spain

First published January 2010 The expert witness perspective by Joaquim Anguas Abstract This article describes the most common schema and basic procedure in which search warrants related to computer evidence are served in Spain from the expert witness perspective, and

Computer incident response – DO NOT PANIC

First published January 2010 by Karl Obayi – Solicitor http://www.itevidence.co.uk This article seeks to advance some basic steps to be adopted in case you are confronted with a computer incident that calls for appropriate response. The incident in question could

Shrinking the gap: carving NTFS-compressed files

First published October 2009 Recovering deleted NTFS-compressed files By Joachim Metz Hoffmann Investigations www.hoffmannbv.nl 1.0 Joachim Metz September 2, 2009 Initial version. Summary An important part of digital forensic investigation is the recovery of data, particulary files. The recovery of

The Importance of Memory Search and Analysis

First published October 2009 by Access Data www.accessdata.com Introduction Historically, criminal or corporate investigations involving computer equipment began by immediately disconnecting any compromised machines from the network, powering them down, and securing them in a proper environment where they would

Simple Steganography on NTFS when using the NSRL

First published October 2009 Adam Hurwitz ahurwitz@biaprotect.com Business Intelligence Associates, Inc. 39 Broadway, NYC, NY 10006 Abstract NTFS is structured so that there can be a physical separation of the data that comprises a file and the properties or metadata

E-mail and appointment falsification analysis

First published September 2009 Analysis of e-mail and appointment falsification on Microsoft Outlook/Exchange By Joachim Metz Hoffmann Investigations www.hoffmannbv.nl Version: 1.0 Joachim Metz August 17, 2009 Initial version. Summary In digital forensic analysis it is sometimes required to be able

Experiences as a recent graduate

First published September 2009 Name withheld After graduating in the Summer of 2009, I knew that it would not be easy to find employment in a Computer Forensic related role. More specifically, I knew that the state of the UK’s

Alternatives to Helix3

First published August 2009 by BJ Gleason Author’s note: The article you are about to read was originally written in March 2009. The kind people at Linux+DVD magazine have allowed us to make my articles available after the printed version

Graduates: produce an excellent CV

First published July 2009 In this short article, David Sullivan of www.appointments-uk.co.uk, a specialist computer forensics recruiter, looks at how graduates can increase your chances of being selected for interview by improving your CV. David can be contacted at: David@appointments-uk.co.uk

Forensic Investigation of Instant Messenger Histories

First published July 2009 by Belkasoft http://www.belkasoft.com What is an Instant Messenger? According to Wikipedia, “instant messaging (IM) is a form of real-time communication between two or more people based on typed text. The text is conveyed via devices connected

Build Your Own Digital Evidence Collection Kit

First published June 2009 by David Kovar, NetCerto, Inc. Overview Collecting evidence accurately is clearly a foundational element for any ediscovery or forensics analysis project. The equipment required is important, but so are the supporting items – office supplies, forms,