file system Archives - Forensic Focus

BlockQuery: Toward Forensically Sound Cryptocurrency Investigation

1st September 2022

Tiffanie: Hi, my name is Tiffanie Edwards, and I’m gonna be presenting the paper “BlockQuery: Toward Forensically Sound Cryptocurrency Investigation”. So this is a little bit of background on the authors of this paper. Tyler Thomas is a primary author.

Quantifying Data Volatility for IoT Forensics With Examples From Contiki OS

23rd June 2022

Bruce Nikkel: …paper of the session is from Jens-Petter Sandvik and his colleagues at NTNU, and it’s on “Quantifying Data Volatility for IoT Forensics With Examples From Contiki OS.” Jens-Petter: Yeah. Thank you. So, I’m Jens-Petter Sandvik and my co-authors

Coffee Forensics: Reconstructing Data in IoT Devices Running Contiki OS

21st January 2022

Hi, my name is Jens-Petter Sandvik and I’m a PhD student at Norwegian University of Science and Technology (NTNU for short). In addition to trying to finish a PhD, I’m working for the Norwegian police in the national cyber crime

Encouraging Different Perspectives in Digital Forensics: September Research

15th October 2021

The discussion about how to mitigate human bias in forensic science continued in September. Inclusiveness is a key part of this, not just in terms of racial, gender, ability, or other identity, but also in terms of expertise. This month

Linux Timestamps, Oh boy!

12th May 202025th August 2015

Timestamps are critical for analysts; they usually deal with different filesystems and understanding how the file timestamps work on each is crucial to what they do. If you do an online search for linux timestamps, you’ll get ton of information

ForGe – Computer Forensic Test Image Generator

12th May 202018th October 2013

Introduction Creating test material for computer forensic teaching or tool testing purposes has been a known problem. I encountered the issue in my studies of Computer Forensics at the University of Westminster. We were assigned a task to compare computer

Windows Vista – notes for forensic examiners (part two)

12th May 202013th July 2011

This article was first published in 2007 at http://www.securityfocus.com/infocus/1890 and is reprinted with permission by Jamie Morris Forensic Focus (www.forensicfocus.com) Intro In part one of this series [ref 1] we looked at the different editions of Vista available and discussed

Analysis of hidden data in the NTFS file system

12th May 202010th July 2011

First published January 2006 Cheong Kai Wee Edith Cowan University ckw214@yahoo.com Abstract Criminals with sensitive information such as crime records tend to hide/encrypt this information so that even if their computers are collected by police department, there is no evidence