Linux Timestamps, Oh boy!

Timestamps are critical for analysts; they usually deal with different filesystems and understanding how the file timestamps work on each is crucial to what they do. If you do an online search for linux timestamps, you’ll get ton of information… Read more

ForGe – Computer Forensic Test Image Generator

Introduction Creating test material for computer forensic teaching or tool testing purposes has been a known problem. I encountered the issue in my studies of Computer Forensics at the University of Westminster. We were assigned a task to compare computer… Read more

Windows Vista – notes for forensic examiners (part two)

This article was first published in 2007 at and is reprinted with permission by Jamie Morris Forensic Focus ( Intro In part one of this series [ref 1] we looked at the different editions of Vista available and discussed… Read more

Analysis of hidden data in the NTFS file system

First published January 2006 Cheong Kai Wee Edith Cowan University Abstract Criminals with sensitive information such as crime records tend to hide/encrypt this information so that even if their computers are collected by police department, there is no evidence… Read more