Dissecting NTFS Hidden Streams

First published July 2006 by Chetan Gupta NII Consulting, Mumbai www.niiconsulting.com   Cyber Forensics is all about finding data where it is not supposed to exist. It is about keeping the mind open, thinking like the evil attacker and following

VMWare as a forensic tool

First published May 2006 Brett Shavers May 2006 VMWare Workstation is one of the most up and coming software applications in both the corporate environment and in the computer forensic community. This paper will not detail the inner workings of

The Farmer’s Boot CD

First published May 2006 Preview Data in Under Twenty Minutes by Thomas Rude THE FARMER’S BOOT CD Preview Data in Under Twenty Minutes On January 1, 2006, THE FARMER’S BOOT CD, or FBCD for short, was officially released to the

Forensic Analysis of the Windows Registry

First published April 2006 Lih Wern Wong School of Computer and Information Science, Edith Cowan University lihwern@yahoo.com Abstract Windows registry contains lots of information that are of potential evidential value or helpful in aiding forensic examiners on other aspects of

Evidentiary Value of Link Files

First published March 2006 by Nathan Weilbacher I have been reading the posts in Forensic Focus for about a year now and on many occasions I have followed with great interest the threads of discussion on many topics. There are

Are non technical juries keeping criminals at large?

First published February 2006 by Carrie Moss, Marketing Assistant, CY4OR www.CY4OR.co.uk In England and Wales the only qualifications required of a jury member to be eligible to appear in a court of law are that they are registered on the

Analysis of hidden data in the NTFS file system

First published January 2006 Cheong Kai Wee Edith Cowan University ckw214@yahoo.com Abstract Criminals with sensitive information such as crime records tend to hide/encrypt this information so that even if their computers are collected by police department, there is no evidence

Analyzing Exchange and mbox e-mail files using Free and Open Source Software

First published December 2005 Mike Harrington, CFCE EnCE linuxchimp@gmail.com Innovative Digital Forensic Solutions, L.L.C. Mark Lachniet, CISA CISSP mlachniet@analysts.com Analysts International Table of Contents 1.Document Overview 2.LIBPST/LIBDBX 3.Locating Exchange .dbx/.pst Files 3.2 Locating files in the filesystem 3.2.1 Deleted Files

Real-Time Steganalysis

First published October 2005 A Key Component of a Comprehensive Insider Threat Solution James E. Wingate, CISSP-ISSEP, CISM, IAM Director, Steganography Analysis & Research Center (SARC) and Vice President for West Virginia Operations Backbone Security.Com and Chad W. Davis, CCE

Digital forensics of the physical memory

First published September 2005 Mariusz Burdach Mariusz.Burdach@seccure.net Warsaw, March 2005 last update: July 11, 2005 Abstract This paper presents methods by which physical memory from a compromised machine can be analyzed. Through this methods, it is possible to extract useful

The Enhanced Digital Investigation Process Model

First published September 2005 Venansius Baryamureeba and Florence Tushabe barya@ics.mak.ac.ug, tushabe@ics.mak.ac.ug Institute of Computer Science, Makerere University P.O.Box 7062, Kampala Uganda www.makerere.ac.ug/ics May 27, 2004 Abstract Computer crimes are on the rise and unfortunately less than two percent of the

An Analytical Approach to Steganalysis

First published August 2005 by James E. Wingate, CISSP-ISSEP, CISM, IAM Director, Steganography Analysis & Research Center www.sarc-wv.com Chad W. Davis Computer Security Engineer Backbone Security.Com www.backbonesecurity.com Introduction Rapidly evolving computer and networking technology coupled with a dramatic expansion in

Smart Anti-Forensics

First published June 2005 by Steven McLeod steven mcleod@ozemail com au May 2005 EXECUTIVE SUMMARY This paper highlights an oversight in the current industry best practice procedure for forensically duplicating a hard disk. A discussion is provided which demonstrates that

Data: The Basics of Computer Forensics

First published June 2005 by Edward Pscheidt www.edwardpscheidt.com Everything is created on a computer. To be more precise, almost everything that is the subject of litigation was created on a computer. Be they letters, blueprints or company books, the vast

An Investigation Into Computer Forensic Tools

First published June 2005 K.K. Arthur & H.S. Venter Information and Computer Security Architectures (ICSA) Research Group Department of Computer Science University of Pretoria Pretoria This material is based upon work supported by Telkom, IST and the NRF through THRIP.

Developing A Framework For Evaluating Computer Forensic Tools

First published May 2005 by Colin Armstrong Curtin University of Technology School of Information Systems WA Australia Abstract Forensic science is the application of science to those criminal and civil laws that are enforced by police agencies in a criminal