FastBloc Field Edition Forensically Validated by NIST

Guidance Software announced today that the National Institute of Standards and Technology (NIST) has filed its test results on the company’s FastBloc(r) FE write blocker. The Guidance Software product performed at or above expectations by the governing body, indicating that the product is forensically valid…Digital evidence is playing an increasingly important role in investigations throughout the world and validation by NIST supporting the use of FastBloc in a court of law is incredibly important to the digital investigators who rely on Guidance Software’s products. FastBloc is now added to the expanding list of Guidance Software key offerings, including EnCase(r) Forensic and EnCase(r) Enterprise that have been validated by independent and well-respected third parties as forensically sound, and admissible in a court of law.

Founded in 1997, Guidance Software revolutionized computer forensic investigations with the creation of EnCase Forensic and has become a recognized expert in the field of digital investigations with years of case law supporting its products. In 2001, Guidance Software released FastBloc(r) which revolutionized the hard drive acquisition process by write-blocking hard drives, via a hardware device, to ensure forensically-sound acquisitions. In 2003, Guidance Software released EnCase Enterprise for faster, more complete computer investigations and incident response over a LAN/WAN. This ability to now conduct investigations and incident response across a global network, regardless of size, presents corporations and government agencies around the world with an enterprise-wide investigative reach, never before attainable.

“Guidance Software engineers its EnCase solutions to deliver capabilities that map directly to critical mandates and recommendations, including National Institute of Standards and Technology (NIST) recommendations, FISMA and various Department of Defense mandates,” said Ken Basore, VP of Research and Development for Guidance Software. “People that use our products need to know that they not only offer the best quality and investigative capabilities but that they are also admissible in courts around the world and this report goes a long way toward fortifying that confidence. We look forward to continuing our support of NIST in the important work that they do for organizations like ours and for the industry as a whole.”

About Guidance Software (GUID)

Get The Latest DFIR News!

Top DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

Guidance Software is recognized worldwide as the industry leader in digital investigative solutions. Its EnCase(r) platform provides the foundation for government, corporate and law enforcement organizations to conduct thorough and effective computer investigations of any kind, such as intellectual property theft, incident response, compliance auditing and responding to eDiscovery requests – all while maintaining the forensic integrity of the data. There are more than 20,000 licensed users of the technology, and thousands of investigators and corporate security personnel attend Guidance Software’s forensic methodology training annually. Validated by numerous courts worldwide, EnCase software is also frequently honored with top security awards and recognition from eWEEK, SC Magazine and Network Computing, as well as the Socha-Gelbmann.

Leave a Comment

Latest Videos

Quantifying Data Volatility for IoT Forensics With Examples From Contiki OS

Forensic Focus 22nd June 2022 5:00 am

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run. 

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems. 

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run.

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems.

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i0zd7HtluzY

A Systematic Approach to Understanding MACB Timestamps on Unixlike Systems

Forensic Focus 21st June 2022 5:00 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...