Digital Forensics

  • Most Topular Stories

  • Analysis of Malware: Detecting Behavior & Anti-Reversing Techniques

    Checkmate
    Sanoop
    17 Apr 2014 | 2:42 am
    Scenario: One of our clients observed a suspicious behavior in a program and wanted us to analyze and identify if any malicious activities were being performed by the same. The program wasn’t detected by their anti-virus solution during ‘file access operations’. However, some unusual outbound network traffic triggered alerts from the network monitoring team. Filename Read More... The post Analysis of Malware: Detecting Behavior & Anti-Reversing Techniques appeared first on Checkmate.
  • Android Forensics: How To Bypass The Android Phone Pattern Lock

    Checkmate
    Sumit Shrivastava
    6 Apr 2014 | 11:36 pm
    Introduction Android is an open source operating system based on the Linux kernel, initially developed by Android Inc., which Google bought in 2005. Initially, Android was developed to support touch screen devices like smartphones. These devices support different types of screen locks, like swipe lock, PIN lock, pattern lock, gesture lock, facial lock, etc. Swipe Read More... The post Android Forensics: How To Bypass The Android Phone Pattern Lock appeared first on Checkmate.
  • Paraben’s Forensic Innovations Conference (PFIC) 2014 Registration Now Open

    Forensic Focus
    22 Apr 2014 | 3:45 am
    Paraben is pleased to announce that registration is now open for Paraben’s Forensic Innovations Conference 2014. Come back to the mountains of Snowbird Utah with us Nov 12-14, 2014. We are returning to beautiful Snowbird, Utah with a full agenda, larger exhibit hall, and more offerings for everyone. There are two enrollment categories, each with 8 Hours of Labs, 8 Hours of Lectures, & 8 Hours of Training: • Basic • Advanced All attendees will attend every lecture and then split based on category to custom labs and training sessions. By the end of the conference, you will get to…
  • "#FOR526 #MemoryForensics Course - Special Deal for Online Training and Capital City in July"

    SANS Digital Forensics and Incident Response Blog
    SANS Institute
    14 Apr 2014 | 12:18 am
    FOR526 - 10% Off for vLive (Online Live Training)orCapital City in July. Use code = m3mory[caption id="attachment_64698" align="aligncenter" width="715" caption="Memory Forensics"][/caption]FOR526 - 10% Off forvLive(Online Live Training)orCapital City in July. Use code = m3mory
  • Follow up on TTPs post

    Windows Incident Response
    Harlan Carvey
    16 Apr 2014 | 5:17 am
    David Bianco's "Pyramid of Pain"As a follow-up to my previous post on TTPs, a couple of us (David Bianco, Jack Crook, etc.) took the discussion to G+.  Unfortunately, I did not set the conversation to public, so I wanted to recap the comments here, and then take this back to G+ for open discussions.First, if you're new to this discussion, start by reading my previous post, and then check out David's post on combining the "Kill Chain" with the Pyramid of Pain.  For another look at this, check out David's Enterprise Security Monitoring presentation from BSidesAugusta - he talks about…
  • add this feed to my.Alltop

    SANS Digital Forensics and Incident Response Blog

  • "#FOR526 #MemoryForensics Course - Special Deal for Online Training and Capital City in July"

    SANS Institute
    14 Apr 2014 | 12:18 am
    FOR526 - 10% Off for vLive (Online Live Training)orCapital City in July. Use code = m3mory[caption id="attachment_64698" align="aligncenter" width="715" caption="Memory Forensics"][/caption]FOR526 - 10% Off forvLive(Online Live Training)orCapital City in July. Use code = m3mory
  • "HeartBleed Links, Simulcast, etc."

    jacobwilliams
    9 Apr 2014 | 7:15 pm
    At SANS 2014 last night, I gave a quick briefing on the HeartBleed vulnerability that impacts the security of the Internet. I wanted to post a few links in the interim (until the webcast itself is published, which I'm told will be by 3PM EDT).The slides are available here.I have built a server in the cloud that exposes the vulnerability. You can access the server at https://heartbleed.csr-group.com until it gets taken down by the hosting provider (which seems inevitable). However, if your management needs to see this in action, please feel free to use the server to demonstrate the…
  • "Signature Detection with CrowdResponse"

    Chad Tilbury
    8 Apr 2014 | 10:10 pm
    CrowdResponse is a free tool written by Robin Keir from CrowdStrike. Robin has a long history of developing excellent tools for the community including SuperScan, BinText, Fpipe, and CrowdInspect. The goal of CrowdResponse is to provide a lightweight solution for incident responders to perform signature detection and triage data collection. It supports all modern Windows platforms up to Server 2012 and is command-line based making it easy to deploy at scale. Version 1.0 focuses on signature detection, with a powerful YARA scanning engine. It ships with a very detailed user manual but since…
  • "The Importance of Command and Control Analysis for Incident Response"

    Anuj Soni
    31 Mar 2014 | 12:11 am
    Understanding how malicious software implements command and control (C2) is critical to incident response. Malware authors could use C2 to execute commands on the compromised system, obtain the status of the infection, commandeer numerous hosts to form a bot network, etc. This article explains how malware performs C2 functions and clarifies how this information can aid responders in detecting, analyzing, and remediating malware incidents.
  • "Finding Evil on Windows Systems - SANS DFIR Poster Release"

    Rob Lee
    26 Mar 2014 | 3:49 am
    Adding to our ever growing number of Posters and Cheat Sheets for DFIR, we are proud to announce the availability of a brand new SANS DFIR Poster "Finding Evil" created by SANS Instructors Mike Pilkington and Rob Lee.This poster was released with the SANSFIRE 2014 Catalog you might already have one. If you did not receive a poster with the catalog or would like another copy here is a way to get one. For a limited time, we have set up a website whereanyonecan easily order one to use in their hunt to "Find Evil."Get the "Find Evil Poster" Here
 
  • add this feed to my.Alltop

    Windows Incident Response

  • Follow up on TTPs post

    Harlan Carvey
    16 Apr 2014 | 5:17 am
    David Bianco's "Pyramid of Pain"As a follow-up to my previous post on TTPs, a couple of us (David Bianco, Jack Crook, etc.) took the discussion to G+.  Unfortunately, I did not set the conversation to public, so I wanted to recap the comments here, and then take this back to G+ for open discussions.First, if you're new to this discussion, start by reading my previous post, and then check out David's post on combining the "Kill Chain" with the Pyramid of Pain.  For another look at this, check out David's Enterprise Security Monitoring presentation from BSidesAugusta - he talks about…
  • WFA 4/e

    Harlan Carvey
    14 Apr 2014 | 5:37 pm
    Okay, so Windows Forensic Analysis 4/e showed up in a couple of boxes on my doorstep tonight.  It's now a thing.  Cool.As I write this, I'm working on finishing up the materials that go along with the book.  I got hung up on something, and then there was work...but the link will be posted very soon.A question from Twitter from "Dark Operator":so it is a version per version of Windows or the latest will cover 7 and 8?I know the cover says "for Windows 8", and  I tried to incorporate as much info as I could about Windows 8 into the book by the time it went in for the final…
  • TTPs

    Harlan Carvey
    13 Apr 2014 | 5:00 am
    Within the DFIR and threat intel communities, there has been considerable talk about "TTPs" - tactics, techniques and procedures used by targeted threat actors.  The most challenging aspect of this topic is that there's a great deal of discussion of "having TTPs" and "getting TTPs", but when you really look at something hard, it kind of becomes clear that you're gonna be left wondering, "where're the TTPs?"  I'm still struggling a bit with this, and I'm sure others are, as well.I ran across Jack Crook's blog post recently, and didn't see how just posting a comment to his article…
  • What's Up?

    Harlan Carvey
    3 Apr 2014 | 7:34 am
    TTPsA bit ago, I ran across this fascinating blog post regarding the Pyramid of Pain.  Yes, it's over a year old, but it's still relevant today. For one thing, back when I was doing PCI exams (while a member of the IBM ISS ERS team), Visa would send us these lists which included file names (no paths) and hashes...we had to search for them in every exam, so we did.  While I could see the value in the searches themselves, I felt at the time that Visa was sitting on a great deal of valuable intelligence that, if shared and used properly, could not only help us with our analysis, but…
  • Writing DFIR Books: Questions

    Harlan Carvey
    29 Mar 2014 | 5:02 am
    Based on my Writing DFIR Books post, Alissa Torres tweeted that she had a "ton of questions", so I encouraged her to start asking them.  I think that getting the questions out and asked now would be a great way to get started, for a couple of reasons.  First, the Summit is a ways away still, and it's unlikely that she's going to remember the questions.  Second, we don't know how the panel itself is going to go, so even if she did remember her "ton of questions", she may not be able to ask all of them.  Third, it's likely that some questions, and responses, are going to…
  • add this feed to my.Alltop

    Checkmate

  • Analysis of Malware: Detecting Behavior & Anti-Reversing Techniques

    Sanoop
    17 Apr 2014 | 2:42 am
    Scenario: One of our clients observed a suspicious behavior in a program and wanted us to analyze and identify if any malicious activities were being performed by the same. The program wasn’t detected by their anti-virus solution during ‘file access operations’. However, some unusual outbound network traffic triggered alerts from the network monitoring team. Filename Read More... The post Analysis of Malware: Detecting Behavior & Anti-Reversing Techniques appeared first on Checkmate.
  • Heartbleed Open SSL Bug FAQ & Advisory

    K K Mookhey
    10 Apr 2014 | 3:37 am
    Heartbleed Advisory & FAQ Please find below a quick FAQ on the Heartbleed vulnerability and what you can to address it: Q. What is the Heartbleed vulnerability and what is its impact? The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL Read More... The post Heartbleed Open SSL Bug FAQ & Advisory appeared first on Checkmate.
  • Android Forensics: How To Bypass The Android Phone Pattern Lock

    Sumit Shrivastava
    6 Apr 2014 | 11:36 pm
    Introduction Android is an open source operating system based on the Linux kernel, initially developed by Android Inc., which Google bought in 2005. Initially, Android was developed to support touch screen devices like smartphones. These devices support different types of screen locks, like swipe lock, PIN lock, pattern lock, gesture lock, facial lock, etc. Swipe Read More... The post Android Forensics: How To Bypass The Android Phone Pattern Lock appeared first on Checkmate.
  • Insecure Implementation of Guest Wireless Networks

    Wasim Halani
    28 Mar 2014 | 11:41 pm
    Most large organizations provide wireless facilities for their guest, which may include vendors, consultants, business associates, employees from other regions etc. Certain points should be considered while implementing a guest wireless network. Encryption in use Captive Portals or Guest Authentication Network Segregation Finding the SSID of a Hidden wireless network To simplify the connectivity for Read More... The post Insecure Implementation of Guest Wireless Networks appeared first on Checkmate.
  • From SQL Injection To 0wnage Using SQLMap

    Shrikant Antre
    28 Jan 2014 | 12:45 am
    SQL injection – one of the most critical vulnerabilities till now – is still included in the OWASP Top 10 list’s Injection flaws section. SQLMap is a tool that helps penetration testers prove that SQL injection is one the most critical vulnerabilities present in enterprise security. ‘SQLMap’is a simple python based tool to exploit SQL Read More... The post From SQL Injection To 0wnage Using SQLMap appeared first on Checkmate.
 
  • add this feed to my.Alltop

    Forensic Focus

  • Webinar: Uncovering Hidden Evidence from Mobile Devices with Oxygen Forensics

    22 Apr 2014 | 8:31 am
    This new webinar, recorded by Tatiana Pankova of Oxygen Forensics, discusses the challenges that examiners face in obtaining and analyzing critical evidence from mobile devices. Learn how to reveal more about a suspect or victim before, during and after an incident with the solutions offered by Oxygen Forensic Suite software. There is no need to register, you can view the webinar immediately here or on the Forensic Focus YouTube channel. If you would like to discuss the webinar, or ask any questions, please do so in the forums here.
  • Paraben’s Forensic Innovations Conference (PFIC) 2014 Registration Now Open

    22 Apr 2014 | 3:45 am
    Paraben is pleased to announce that registration is now open for Paraben’s Forensic Innovations Conference 2014. Come back to the mountains of Snowbird Utah with us Nov 12-14, 2014. We are returning to beautiful Snowbird, Utah with a full agenda, larger exhibit hall, and more offerings for everyone. There are two enrollment categories, each with 8 Hours of Labs, 8 Hours of Lectures, & 8 Hours of Training: • Basic • Advanced All attendees will attend every lecture and then split based on category to custom labs and training sessions. By the end of the conference, you will get to…
  • Forensic Focus Forum Round-Up

    15 Apr 2014 | 9:29 am
    Welcome to this round-up of recent posts to the Forensic Focus forums. Forensic acquisition of a secure boot enabled Fujitsu laptop – what is the best method? Forum members discuss why a Windows 7 MBR system may be unable to view a Windows 8 hard drive. Car camera forensics – where do car cameras store data, and how can it be accessed? Add your thoughts on the forum. Forum members explain how to recover internet history from an XBOX Live hard drive using IEF. How does Microsoft Excel encrypt passwords? Chime in on the forum. Should we take deleted data as a sign of guilt? Forum members…
  • HMIC report highlights concern over cybercrime plans

    10 Apr 2014 | 5:29 am
    Three out of 43 police forces in England and Wales have a comprehensive plan to deal with a large-scale cyber-attack, a report has found. Her Majesty's Inspectorate of Constabulary (HMIC) warned only Derbyshire, Lincolnshire and West Midlands had sufficient plans in place. It also found only 2% of police staff across 37 forces had been trained on investigating cybercrime... Read More (BBC)
  • CSI IT: Forensic security skills for IT professionals

    9 Apr 2014 | 6:34 am
    TV shows such as CSI have popularised the world of digital forensics, glamorising the field and piquing the interest of a generation of graduates and career-movers, writes Kevin Waugh. Because of this, it would be natural to assume that most businesses could now call on an extensive pool of talented experts in the forensics field capable of investigating technical security issues, such as the source of internal intellectual property (IP) leaks, or the theft of sales books by ex-employees moving to rival companies. The reality is somewhat different... Read More (ComputerWeekly.com)
  • add this feed to my.Alltop

    (ISC)2 Blog

  • Look to (ISC)2 for Cybersecurity Resources and Support for Academia

    Dr. Jo Portillo
    17 Apr 2014 | 12:08 pm
    As (ISC)2 celebrates its 25th anniversary, we continue to branch out to offer new ways to help meet the demand for more skilled cybersecurity professionals through community support programs. To help provide cybersecurity resources and support to the global academic community, I am proud to announce the launch of the (ISC)2 Global Academic Program (GAP)! My name is Dr. Jo Portillo and I am in charge of managing the development and implementation of this program. As an educator and advocate for academic-industry collaboration, I am thrilled to introduce this initiative, which has been part of…
  • Assessing decision-making skills of information security professionals is crucial for developing and sustaining talent.

    Jason Young
    17 Mar 2014 | 10:06 am
    I have been intrigued by the recent dialogue surrounding how to keep security professionals up to date with the latest information.  More specifically, identifying the skills that are critical for individuals to have as defined by their leadership to protect the business from future disaster.  Everything from in-depth security best practices to software development skills to industry specific protocol and regional variations has been noted as important.  My question to leadership is this:   How have you assessed your security professionals’ decision-making…
  • What will it take to Prioritize Security in Healthcare?

    Amanda D'Alessandro
    28 Feb 2014 | 6:57 am
    With security breaches dominating news headlines daily, those responsible for securing our systems, networks, and devices are struggling to keep pace with the evolving threat landscape. Perhaps some of the most concerning potential breach data comes from the healthcare industry where we entrust our most personal information—social security number, birth date, medical history—as well as our immediate family members’ sensitive information to medical care providers. Further, medical devices rely on secure IT networks to function properly and deliver continuous, critical care to patients…
  • Critical Times Demand Critical Skills – (ISC)²® Research Report Analyzes InfoSec Skills Gap

    Julie Peeler
    20 Feb 2014 | 1:03 pm
    When is a security professional not a security professional? When they’re an analyst, a political scientist, a sociologist, an accountant, a communicator, and a risk manager. A subset of the 2013 (ISC)2 Global Information Security Workforce Study (GISWS) report, “Critical Times Demand Critical Skills: An analysis of the skills gap in information security”, was just launched to further analyze the skills gap by job title, region, skill sets, industry vertical, and company size to define the specific challenges that contribute to this gap. In partnership with Booz Allen Hamilton and…
  • (ISC)²® Enhances the Rigor of CISSP® Certification Exam Questions

    Hord Tipton
    6 Feb 2014 | 12:15 pm
    One of our core processes for maintaining (ISC)2’s reputation for gold standard information security certifications involves frequent, rigorous evaluation of current certification exam questions and subsequent updates. As a result of the last evaluation of the Certified Information Systems Security Professional (CISSP) exam, the format of the questions has been enhanced to include innovative item formats, including interactive drag & drop and hotspot questions. These question types can measure a broader base of knowledge, skills, and higher cognitive levels to represent the real-world…
 
  • add this feed to my.Alltop

    Computer Forensics, Malware Analysis & Digital Investigations

  • EnCase v7 EnScript to quickly provide MD5/SHA1 hash values and entropy of selected files

    10 Apr 2014 | 9:22 pm
    I recently had the need to quickly triage and hash several specific files within a case, but I did not want to (or possibly could not) run the "process evidence" option to generate hash values for *all* files.EnCase v7 has the ability to generate hash values of selected files through the right-click context menu->Entries->Hash/Sig Selected files.The downside to this option is that it requires you to close the "evidence" tab and then reopen it, causing you to lose your place/highlighted file.So I wanted a way to quickly generate the MD5 & SHA1 hash so that I could…
  • EnCase EnScript to show file summary of user's profile by extension

    20 Mar 2014 | 10:33 pm
    This is another "quick hit" EnScript to generate a quick report on the types of files under a user's profile based on file extensions. The EnScript will automatically create an Excel spreadsheet, with a sheet for each user, showing the total number of files for each extension and the total number of bytes for each extension, percentage for each extension and total bytes for each summary. Folders and files with zero logical size are ignored:Download EnCase v6 EnScript Here
  • EnCase EnScript to parse each NTUSER.DAT for RecentDocs

    19 Mar 2014 | 9:20 pm
    This EnScript is another "quick hit" to parse out all the recently accessed files recorded in the user's NTUSER.DAT.HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocsWhen run, it will parse each NTUSER.DAT and display the results in console, as well as automatically open Excel (Excel is required to be installed on the examiner's machine in order to use this EnScript) and create a worksheet for each user processed:The EnScript will also create a bookmark for each user. It will put the date the registry key was last modified in the comment section of each…
  • EnCase EnScript to parse & display recent RDP sessions from user's NTUSER.DAT

    19 Mar 2014 | 10:20 am
    This EnScript was designed as a "quick hit" to parse and show the MRU values for the Terminal server client for each user.The EnScript checks the Software\Microsoft\Terminal Server Client\Default for each NTUSER.DAT and displays/bookmarks any values.*The link below has been updated to an EnScript that can be run in either v6 & v7.Download EnCase v6 & v7 here
  • *Updated* - EnCase EnScript to parse wireless network information for Vista, 7 & 8

    17 Mar 2014 | 7:56 pm
    I updated the original v6 & v7 EnScripts to now include the date the access point was first connected and the date it was last connected to: Download EnCase v6 hereDownload EnCase v7 here
  • add this feed to my.Alltop

    viaForensics

  • Android Developer

    Isaac Adamson
    15 Apr 2014 | 9:13 am
    We hire smart, motivated people who like to break things and build them back up…better, stronger and more secure. The kind of people who are passionate about their work and curious about the world around them. People who want to work with others who challenge them, constantly learn and share new ideas. We have an open position for an exciting, high-profile security project and product development role that focuses on the Android platform. The successful candidate will work as part of a team in order to: Develop innovative products to solve real-world mobile security challenges Understand…
  • iOS Kernel Reversing Step by Step

    Marco Grassi
    14 Apr 2014 | 11:28 am
    Introduction One of the biggest players in mobile, Apple, has based each of their devices on one main Operating System. Known simply as “iOS”, the popular mobile operating system by Apple runs on their flagship mobile devices such as the iPhone and iPad. iOS is a closed source platform. This means that the source code of iOS is not shared publicly for anyone to view or make changes to. Closed source does not mean, however, that we cannot view specific pieces of the iOS structure – particularly the kernel, which is based on free, open sourced software. As will be discussed…
  • New viaLab 2.6 Features: iOS Binary Checks, Androguard Shell and more

    Isaac Adamson
    9 Apr 2014 | 10:00 am
    viaLab, the mobile app security assessment suite developed by viaForensics, now includes iOS binary checks, Androguard Shell and SQL injection/path traversal background checks. Combined with other automated app security testing features available in viaLab, you can greatly reduce the time required to discover vulnerabilities and sensitive data leaks during application development while increasing assurance such issues are discovered. iOS Binary Checks More automated checks. viaLab now automatically checks for more flags and potential issues in the static analysis step for iOS, including:…
  • Heartbleed OpenSSL Vulnerability

    Ted E
    8 Apr 2014 | 8:34 am
    Today a major vulnerability in OpenSSL was disclosed (CVE-2014-0160), affecting an estimated 2/3 of active Web servers. Generally speaking, servers affected are those running OpenSSL 1.0.1 through 1.0.1f, including many Apache and Nginx servers. The vulnerability takes advantage of heartbeat support, so servers using OpenSSL compiled without that feature are not vulnerable. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug. It can also be remediated by re-compiling OpenSSL without heartbeat support. These and other details are available from vulnerability discoverers Codenomicon Ltd.
  • Android Security Cookbook

    Isaac Adamson
    8 Apr 2014 | 5:21 am
    Our own Senior Developer Scott Alexander-Bown recently co-authored the Android Security Cookbook, which covers a variety of topics including analyzing Android devices, operating systems and applications down to the code level for security vulnerabilities. It also offers measures that application developers can put in place to protect their applications and devices from common vulnerabilities and attacks. As the book’s preface states: “Android has been around in the public domain since 2005 and has seen massive growth in capability and complexity. Mobile smart phones in general now…
  • add this feed to my.Alltop

    Forensics from the sausage factory

  • Mac OS X "Set date and time automatically"

    9 Apr 2014 | 9:51 am
    Just as I've found the time to write up a blog post along comes an appropriate time related subject.Recently I examined an Apple iMac running Mountain Lion.  I was only given access to an image. This presented a problem because the matter under investigation relied on accurate time stamps and I had no system clock to check. I knew that by default Apple OS X (Snow Leopard through to Mavericks for certain and probably earlier versions) will Set date and time automatically whilst connected to the internet (to allow a connection to a network time server using Network Time Protocol [ntp] ) as…
  • Apple Safari update and fsCachedData

    10 Dec 2013 | 3:41 am
    Recently I have had cause to look again at how the Apple Safari web browser stores cache. Surprisingly much of what I wrote concerning Safari back in 2010 still holds true.  The introduction of OSX Lion brought some changes in that a new table cfurl_cache_receiver_data was created within the SQLite cache.db database and used to store the cached item as a binary large object in the receiver_data field.   Previously this field was within the cfurl_cache_blob_data table.I have now looked at Safari version 7 running in OSX Mavericks and found that not all cached data…
  • Location Data within JPGs

    4 Mar 2013 | 11:15 am
    We have become accustomed to fact that many of our digital photographs have location data embedded within them, populated with a GPS receiver. This data is often utilized by the modern photo management programs such as iPhoto and could conceivably have some evidential value at some point.  So where is it stored? You are probably thinking, like I was, that it was sat along with all that other Exif data, is possibly in plain text and that it would be easy to locate and retrieve.  In fact there is a little more to it.In Figure 1 we can see the first…
  • Windows Live Messenger – MessengerCache folder

    15 May 2012 | 4:36 am
    A recent case was unusual because most of the ipoc were located by the police examiner in a folder entitled MessengerCache at the path C:\Users\<user_name>\AppData\Local\Temp\MessengerCache. My mission was to have a closer look at how this folder is utilised by the program Windows Live Messenger.  The folder is a hidden folder and is used for various purposes by WLM.  I found that the folder can be used to store the user tile (this may be an icon or a thumbnail photograph or graphic) and theme picture of a remote contact. Of course the remote user (who could be anywhere in the…
  • Old Servers never die – unfortunately

    15 May 2012 | 3:39 am
    But you can bet your last penny that at some stage you will have to image them.  That is the problem I faced one wet weekend recently when I was required to image an HP behemoth resplendent with two sizable raid 5 arrays and two USB 1 ports.  All drive bays and ports were in use so I could not insert a new drive into the box to image it and I didn’t fancy imaging all the elderly SCSI raided hard drives separately.  I was permitted to shut down the server and had decided to boot the box to a forensic linux distro that had suitable HP Raid Controller drivers. The problem I…
 
  • add this feed to my.Alltop

    DFI News All

  • OpenBSD Forks OpenSSL to Create Safer SSL/TLS Library

    eaustin
    23 Apr 2014 | 6:36 am
    For all the talk about how something should be done to fix OpenSSL so that a Heartbleed situation is never again repeated, there has been little to no concrete action so far.Read more about OpenBSD Forks OpenSSL to Create Safer SSL/TLS LibraryComments
  • Forensic Thumbdrive Imager

    eaustin
    23 Apr 2014 | 6:10 am
    The MiniDAS is a portable, installable, live forensic analysis environment that provides the most comprehensive collection of forensic data possible. Inspired by CyanLine's FDAS, MiniDAS allows investigators to not only collect a disk image — but also its critical metadata: total number of hours disk has been in use, power cycle count, errors on the drive.  Read more about Forensic Thumbdrive ImagerComments
  • Two Vital Pieces of Computer Evidence Have a Hidden Source

    eaustin
    23 Apr 2014 | 5:59 am
    Sometimes, when a computer forensics expert is dissecting a suspect’s computer, the most important question to answer is this: “Am I looking at the original hard-drive, with all of its incriminating evidence, or has that drive been swapped out surreptitiously for a new drive, which will not contain the evidence that I’m hoping to find?”  Read more about Two Vital Pieces of Computer Evidence Have a Hidden SourceComments
  • Dutch Man's Case Linked to Amanda Todd

    eaustin
    22 Apr 2014 | 8:09 am
    Read more about Dutch Man's Case Linked to Amanda ToddComments
  • Crime is Not Falling, It's Moved Online

    eaustin
    22 Apr 2014 | 7:58 am
    The drop in the crime rate over the past decade is misleading, according to a Hertfordshire, UK police chief.   Jon Boutcher, the national policing spokesman on surveillance, argues that criminal behavior has moved online, where much of it goes either unreported or undetected.  Read more about Crime is Not Falling, It's Moved OnlineComments
Log in