Forensic Focus

Reflections on a first computer forensic investigation

First published October 2006 by Brian Marofsky What follows is a synopsis of the experience I had of conducting my first computer forensic investigation. It was my no means a text book investigation. I made my share of mistakes but

Examining Wireless Access Points and Associated Devices

First published October 2006 Sgt. Christopher Then, CISSP, EnCE September 17, 2006 Computer Crimes Unit Morris County Prosecutor’s Office Morristown, NJ 07963 [email protected] Wireless access for the home has become the preferred choice of connecting computers to the Internet. As

Dissecting NTFS Hidden Streams

First published July 2006 by Chetan Gupta NII Consulting, Mumbai www.niiconsulting.com   Cyber Forensics is all about finding data where it is not supposed to exist. It is about keeping the mind open, thinking like the evil attacker and following

VMWare as a forensic tool

First published May 2006 Brett Shavers May 2006 VMWare Workstation is one of the most up and coming software applications in both the corporate environment and in the computer forensic community. This paper will not detail the inner workings of

The Farmer’s Boot CD

First published May 2006 Preview Data in Under Twenty Minutes by Thomas Rude THE FARMER’S BOOT CD Preview Data in Under Twenty Minutes On January 1, 2006, THE FARMER’S BOOT CD, or FBCD for short, was officially released to the

Forensic Analysis of the Windows Registry

First published April 2006 Lih Wern Wong School of Computer and Information Science, Edith Cowan University [email protected] Abstract Windows registry contains lots of information that are of potential evidential value or helpful in aiding forensic examiners on other aspects of

Evidentiary Value of Link Files

First published March 2006 by Nathan Weilbacher I have been reading the posts in Forensic Focus for about a year now and on many occasions I have followed with great interest the threads of discussion on many topics. There are

Are non technical juries keeping criminals at large?

First published February 2006 by Carrie Moss, Marketing Assistant, CY4OR www.CY4OR.co.uk In England and Wales the only qualifications required of a jury member to be eligible to appear in a court of law are that they are registered on the

Analysis of hidden data in the NTFS file system

First published January 2006 Cheong Kai Wee Edith Cowan University [email protected] Abstract Criminals with sensitive information such as crime records tend to hide/encrypt this information so that even if their computers are collected by police department, there is no evidence

Real-Time Steganalysis

First published October 2005 A Key Component of a Comprehensive Insider Threat Solution James E. Wingate, CISSP-ISSEP, CISM, IAM Director, Steganography Analysis & Research Center (SARC) and Vice President for West Virginia Operations Backbone Security.Com and Chad W. Davis, CCE

Digital forensics of the physical memory

First published September 2005 Mariusz Burdach [email protected] Warsaw, March 2005 last update: July 11, 2005 Abstract This paper presents methods by which physical memory from a compromised machine can be analyzed. Through this methods, it is possible to extract useful

An Analytical Approach to Steganalysis

First published August 2005 by James E. Wingate, CISSP-ISSEP, CISM, IAM Director, Steganography Analysis & Research Center www.sarc-wv.com Chad W. Davis Computer Security Engineer Backbone Security.Com www.backbonesecurity.com Introduction Rapidly evolving computer and networking technology coupled with a dramatic expansion in