DFRWS-EU 2022: The Future of Digital Forensics Is Now

An analog clock superimposed on a blue background showing hexadecimal code
Moving digital forensics forward in terms of methods and frameworks, as well as organizational and cross-cultural collaboration, was an overarching theme of this year’s European Union edition of the Digital Forensics Research Workshop (DFRWS).  After 40 years, mainstays like file

Interpretation of NTFS Timestamps

Introduction File and directory timestamps are one of the resources forensic analysts use for determining when something happened, or in what particular order a sequence of events took place. As these timestamps usually are stored in some internal format, additional

Standard Units in Digital Forensics

by Dr Chris Hargreaves Lecturer at the Centre for Forensic Computing at Cranfield University in Shrivenham, UK. One of the earliest lectures in the MIT Openware programme in Physics begins with the lecture “Units and Dimensional Analysis”. Units of measurement

EnCase file copying and Windows Short File Names

First published May 2010 By Lee Hui Jing, EnCe Edited by Sarah Khadijah Taylor ABSTRACT A couple of months ago, one of my clients, an Investigating Officer from a Law Enforcement Agency, had requested me to extract some of the

Linux for computer forensic investigators: «pitfalls» of mounting file systems

First published October 2009 by Suhanov Maxim ITDefence.Ru Introduction Forensic Linux distribution is a customized Linux distribution that is commonly used to complete different tasks during computer forensics investigations. These distributions are often used to complete the following tasks: –