Digital Forensics

  • Most Topular Stories

  • "Digital Forensic SIFTing: Colorized Super Timeline Template for Log2timeline Output Files"

    SANS Computer Forensics and e-Discovery with Rob Lee
    robtlee
    25 Jan 2012 | 12:02 am
    Last Month at the SANS360, I promised the release of the Timeline Template to be used to automatically colorize your timelines.Review on Timeline Creation:1.Mounting Evidence Files 2.Automated Timeline Creation3. Targeted Timeline Creation TIMELINE CREATION CHEAT SHEET The Timeline ...

  • WFA 3/e

    Windows Incident Response
    Keydet89
    28 Jan 2012 | 5:41 am
    While I was in Atlanta recently for the DoD CyberCrime Conference, I received an email telling me that my advance copy of WFA 3/e was available...even though this is my sixth book, I still get excited/nervous/anxious.  After all, you never know how the book is going to be received.  Anyway, I arrived home last night to find a FedEx box sitting on my desk. However, I received an email from someone I know who was at ShmooCon...come find out, the books had been printed and several sent to ShmooCon.  So, apparently, I didn't really get an "advance copy".  I had been…

  • Best Book Bejtlich Read in 2011

    TaoSecurity
    Richard Bejtlich
    9 Jan 2012 | 8:40 pm
    It's time to name the winner of the Best Book Bejtlich Read award for 2011! I've been reading and reviewing digital security books seriously since 2000. This is the 6th time I've formally announced a winner; see my bestbook label for previous winners.Compared to 2010 (31 books), 2011 saw a decrease to 22 books. Remember all reading is neither equal nor fast. When I review a book, I am sure to read it and not just skim it. For 10 books last year, I chose not to read them but to instead post impressions. Posts called "impressions" provide my sense of the book but I do not publish them in my…

  • Reno, Nevada-National Forensic Data Recovery Training Center Opens - PR.com (press release)

    digital forensics - Google News
    28 Jan 2012 | 2:05 am
    Reno, Nevada-National Forensic Data Recovery Training Center OpensPR.com (press release)The National Forensic Data Recovery Training Center (NFDRTC) officially opens for business. The NFDRTC is dedicated to providing advanced training in the area of Forensic Data Recovery to digital forensic examiners and data recovery specialists.

  • Networked Politics » Blog Archive » Digital Forensics Security Self ...

    digital forensics - Google Blog Search
    MccamanYeadon
    28 Jan 2012 | 4:58 am
    Digital Forensics Security Self-Study Training Courses - Some Insights. Two specialist training ar#101;#97;s feature in the #102;#117;ll CompTIA A+ syllabus, #111;#102; which you need to #112;a#115;#115; both to be
  • add this feed to my.Alltop

    SANS Computer Forensics and e-Discovery with Rob Lee

  • "Digital Forensic SIFTing: Colorized Super Timeline Template for Log2timeline Output Files"

    robtlee
    25 Jan 2012 | 12:02 am
    Last Month at the SANS360, I promised the release of the Timeline Template to be used to automatically colorize your timelines.Review on Timeline Creation:1.Mounting Evidence Files 2.Automated Timeline Creation3. Targeted Timeline Creation TIMELINE CREATION CHEAT SHEET The Timeline ...

  • "Digital Forensic SIFTing - Targeted Timeline Creation and Analysis using log2timeline"

    robtlee
    20 Jan 2012 | 12:16 am
    Digital Forensic SIFTing is a series of blog articles that utilize the SIFT Workstation. The free SIFT workstation, can match any modern forensic tool suite, is also directly featured and taught in SANS' Advanced Computer Forensic Analysis and Incident Response course (FOR 508). SIFT demonstrates that advanced investigations and responding to intrusions can be accomplished using cutting-edge open-source tools that are freely available and frequently updated.The SIFT Workstation is a VMware appliance, pre-configured with the necessary tools to perform detailed digital forensic examination in a…

  • "Digital Forensics Case Leads: ReFS, Ex01, and DFIROnline"

    Gregory Pendergast
    19 Jan 2012 | 6:37 am
    This week's cornucopia of forensic goodness so thoroughly defies summary that I nearly gave up writing an introduction. But a few things do merit particular emphasis. First, the second DFIROnline meetup takes place tonightat 20:00 EST. Luminaries Harlan Carvey and Eric Huber will be presenting. Before then, however, you may want to take some time to read up on how Microsoft and Guidance Software will soon be changing our lives. Microsoft has published some information on its new ReFS file system, while Guidance Software has released details for its new EnCase Evidence File Format v2 (Ex01).

  • "Thoughts on Malware, Digital Forensics and Data Breaches by Hal Pomeranz"

    Lenny Zeltser
    17 Jan 2012 | 9:22 pm
    Hal Pomeranz shares his insights on malicious software in the context of data breaches, incident response and digital forensics. Hal's expertise spans several areas of information security, and most recently and most recently has focused on forensics. He teaches several courses at SANS Institute, including Reverse-Engineering Malware.

  • "The Color of a Forensicator's Parachute: Professional Development and Retainment "

    robtlee
    16 Jan 2012 | 11:06 pm
    Next week is DoD Cybercrime and I put in to lead a panel that I feel is often overlooked by many in the community. Proper professional development of our DFIR staff. As a result, I submitted a talk to lead a panel discussion and as a result, On Thursday, 26 January I am leading a panel discussion on Professional Development and Retainment Panel.The Color of a Forensicator's Parachute: Professional Development and Retainment (Panel Discussion)Thursday, 1100-1150; Location: Centennial Ballroom 4; Track: Forensics; Geek Meter: 1Presenter: Rob Lee, Curriculum Lead, Digital Forensic and Incident…
 
  • add this feed to my.Alltop

    Windows Incident Response

  • WFA 3/e

    Keydet89
    28 Jan 2012 | 5:41 am
    While I was in Atlanta recently for the DoD CyberCrime Conference, I received an email telling me that my advance copy of WFA 3/e was available...even though this is my sixth book, I still get excited/nervous/anxious.  After all, you never know how the book is going to be received.  Anyway, I arrived home last night to find a FedEx box sitting on my desk. However, I received an email from someone I know who was at ShmooCon...come find out, the books had been printed and several sent to ShmooCon.  So, apparently, I didn't really get an "advance copy".  I had been…

  • Revisiting "Forensic Value"

    Keydet89
    27 Jan 2012 | 7:10 am
    I posted some thoughts a while back on defining "forensic value"...in that post, I pondered the question of who defines the "forensic value" of an artifact or finding.  The post had received 15 comments relatively quickly, and it seems that there's something of a consensus that the forensic value of data is in the eyes of analyst.  One would suppose that this means, then, that the forensic value of a particular artifact can be determined by viewing that artifact through the lens of the analyst's knowledge and experience.  In my previous post, I used terms like relative and…

  • Stuff

    Keydet89
    20 Jan 2012 | 1:30 pm
    DFIROnline Meetup If you're interested purely in numbers, last night's DFIROnline meetup had, at one point, 97 attendees.  It might've helped that my presentation was addressing malware, and we ended up continuing Cory Altheide's drinking game from last year's OSDFC...every time I mispronounced the word as "mall wear", everyone had to take a drink.  I have to go back and review the tape, but my presentation may have ended up being more like a Ron White concert.  ;-) My previous blog post includes a link to the slides I used, as well as the malware detection checklist that I…

  • DFIROnline: Detecting Malware in an Acquired Image

    Keydet89
    18 Jan 2012 | 9:24 am
    The next DFIROnline meetup is on Thu, 19 Jan 2012, at 8pm EST.  Eric Huber and I will each be presenting, with my presentation being Malware Detection within an Acquired Image (the PDF for the presentation is linked below).  I thought that this would be a good presentation to give, as it seems to be fairly topical.  We'll be focusing on understanding malware and addressing malware detection within an image acquired from a Windows system.For those attending the presentation tonight, I'm sure that Eric and Mike would appreciate questions, feedback, thoughts and comments. …

  • Timeline Analysis

    Keydet89
    13 Jan 2012 | 6:00 pm
    The DoD Cybercrime Conference is approaching, and I've been doing some thinking about my topic, Timeline Analysis.  I'll be presenting on Wed morning, starting at 8:30am...I remember Cory Altheide saying at one point that all tech conferences should start no sooner than 1pm and run no later than 3:30pm, or something like that.  Cool idea.So, anyway...I've been thinking about some of the things that I put into pretty much all of my timeline analysis presentations.  When it comes to creating timelines, IMHO there are essentially two "camps", or approaches.  One is what I…
  • add this feed to my.Alltop

    TaoSecurity

  • Best Book Bejtlich Read in 2011

    Richard Bejtlich
    9 Jan 2012 | 8:40 pm
    It's time to name the winner of the Best Book Bejtlich Read award for 2011! I've been reading and reviewing digital security books seriously since 2000. This is the 6th time I've formally announced a winner; see my bestbook label for previous winners.Compared to 2010 (31 books), 2011 saw a decrease to 22 books. Remember all reading is neither equal nor fast. When I review a book, I am sure to read it and not just skim it. For 10 books last year, I chose not to read them but to instead post impressions. Posts called "impressions" provide my sense of the book but I do not publish them in my…

  • Telling a Security Story with Charts

    Richard Bejtlich
    8 Jan 2012 | 4:10 pm
    The image at left appeared in the 31 December 2011 edition of The Economist magazine in the article Economics focus -- How to get a date: The year when the Chinese economy will truly eclipse America’s is in sight. It depicts 15 measurements of the US and Chinese economies, with historical and projected data. There is a version available at this page with more statistics comparing the two nations. The Economist presents these charts for the following reason:In the spring of 2011 the Pew Global Attitudes Survey asked thousands of people worldwide which country they thought was the leading…

  • Happy 9th Birthday TaoSecurity Blog

    Richard Bejtlich
    8 Jan 2012 | 3:07 pm
    Today, 8 January 2012, is the 9th birthday of TaoSecurity Blog. I wrote my first post on 8 January 2003 while working as an incident response consultant for Foundstone. 2843 posts later, I am still blogging. Looking at all 9 years of blogging, I averaged 315 per year, but in the age of Twitter (2009-2011) I averaged only 171 blog posts per year. I plan to continue blogging, but I expect around the same number as last year -- somewhere in the 60 to 100 post range. I spend a lot more time expressing my views to the press and market researchers and analysts, so I'm often less inclined to do more…

  • Mandiant Webinar Wednesday; Help Us Break a Record!

    Richard Bejtlich
    6 Dec 2011 | 9:06 pm
    I'm back for the last Mandiant Webinar of the year, titled State of the Hack: It's The End of The Year As We Know It - 2011. And you know what? We feel fine! That's right, join Kris Harms and me Wednesday at 2 pm eastern as we discuss our reactions to noteworthy security stories from 2011. Register now and help Kris and me beat the attendee count from last month's record-setting Webinar. If you have questions about and during the Webinar, you can always send them via Twitter to @mandiant and use the hashtag m_soh.TweetCopyright 2003-2011 Richard Bejtlich and TaoSecurity…

  • Tripwire Names Bejtlich #1 of "Top 25 Influencers in Security"

    Richard Bejtlich
    6 Dec 2011 | 8:52 pm
    I've been listed in other "top whatever" security lists a few times in my career, but appearing in Tripwire's Top 25 Influencers in Security You Should Be Following today is pretty cool! Tripwire is one of those technologies and companies that everyone should know. It's almost like the "Xerox" of security because so many people equate the idea of change monitoring with Tripwire. So, I was happy to see my twitter.com/taosecurity feed and the taosecurity.blogspot.com blog make their cut.David Spark asked for my "security tip for 2012," which I listed as:Improve your incident detection and…
 
 
  • add this feed to my.Alltop

    Forensic Focus

  • Harry Onderwater

    24 Jan 2012 | 6:21 am
    A few days ago the Dutch forensics community - indeed, the wider forensics community - lost one of its founding fathers, Harry Onderwater. Having worked for many years for the Dutch police in Amsterdam, Harry then moved to the Centrale Recherche Informatie Dienst (National Criminal Intelligence Service) where he became one of the first investigators in the newly emerging field of computer crime, building a reputation for excellence not just in the Netherlands but also further afield throughout Europe and the USA. Later in his career he became Corporate Security Manager at KPMG in the…

  • SubRosaSoft.com Inc. Releases MacForensicsLab 4.0

    19 Jan 2012 | 6:59 am
    SubRosaSoft.com Inc. announces the immediate availability of the latest version of their powerful computer forensic suite, MacForensicsLab 4.0. The new version brings a streamlined interface and many other improvements to make examinations quicker and more accurate than ever before.

  • Oxygen Forensic Suite 2012 v. 4.0 released

    13 Jan 2012 | 6:37 am
    Oxygen Software announces Oxygen Forensic Suite 2012. The new Communication Statistics section allows experts to explore social connections between device users and their contacts by analyzing calls, text messages and Skype activities. Android Rooting Add-on now supports devices with OS 1.6-3.0.1 covering more than 96% devices on the market. Google+, Twitter, Facebook, Mozilla Firefox, SkyFire, Dolphin Android and iPhone applications data is now available for in-depth analysis. More than 100 new devices including Apple iPhone 4S, Samsung Galaxy Note and various editions of Samsung Galaxy S…

  • AACC Digital Forensics Team Hacks Their Way to First Place

    9 Jan 2012 | 8:09 pm
    The cyber-forensics team at Anne Arundel Community College (AACC) took top honors among community colleges in a competition that pitted them against the best teams in the nation, and 52 other countries. The team consisted of AACC students from all across the county. Though they entered the year-long competition with only 17 days left, they managed to score higher than any other community college in the country... More (BroadneckPatch)

  • Computer crimes meet their match with digital forensics investigator

    9 Jan 2012 | 8:05 pm
    Bombs, sex crimes, homicides, suicides, fraud and burglary. Such cases are where the Brevard County Sheriff’s Office new digital forensics investigator comes into play. To keep up with advances in digital technology and communication — and the criminals who use them — the sheriff’s office added the digital forensics position this year, moving former narcotics investigator Vince Ziccardi into the role... More (FloridaToday.com)
  • add this feed to my.Alltop

    (ISC)2 Blog

  • Keeping Your Information Private: Tips and Tricks for Data Privacy Day

    Julie Peeler
    27 Jan 2012 | 4:19 pm
    By Julie Peeler, (ISC)2 Foundation Director Tomorrow marks Data Privacy Day and while it may not be a national holiday, it’s a great opportunity to take a step back and evaluate our personal data privacy and security measures.   Over the last year, we’ve heard about a lot of companies and organizations getting hacked and customer information being compromised.  And while it’s imperative that we do our best to ensure that we’re working with companies with sound security policies in place, it’s also incredibly important that we make sure we are doing everything we…

  • What´s up for 2012?

    Alexandre Cezar
    24 Jan 2012 | 12:40 am
    Talking of customers, CSO´s, engineers and other IT security people could give me some insights of what companies are looking for in 2012 in terms of overall IT security. Far from a reality or a survey, this is more my personal view of how things will gonna be this year:   Top Challenges Mobile Devices - How to secure so many different devices? How to define borders in a borderless network? Identify Management - How to ensure the proper identity management process and tools when too many systems are moving to outside the organization? Cloud Computing - How to securely take full…

  • Redefining United States Cyber Security: Taking a Holistic View and Machiavellian Approach, part 2

    LPBunch
    18 Jan 2012 | 8:19 am
    3.        Background    In the years since I took my first IT security position in 1999, the cyber security landscape has changed vastly.   Fortunately, there has been an awakening within the entire information technology security community in the years since 9-11 and passage of the “Patriot Act".   We are all just now beginning to realize the true power of the internet and just how interconnected we are on a global scale (public, private, and infrastructure (SCADA) networks).  In today’s dynamic…

  • 2012: Redefining United States Cyber Security: Taking a Holistic View and Machiavellian Approach, part 1

    LPBunch
    13 Jan 2012 | 3:07 pm
    By: Larry P. Bunch CISSP, CEH http://mysite.verizon.net/vze18ez5m/id3.html  Twitter: https://twitter.com/#!/bunchlarryp       Preface     This article was originally intended to be a light reading OP/ED piece.  However, it has slowly evolved into a hybrid OP/ED – Whitepaper dealing with Cyber Intelligence and Network Security.  The opinions in this article do not represent the United States government or my employer (VortechX LLC.).  This article is intended to generate discussion, collaboration, and interaction within the…

  • Moving Health Care Data Safely to the Cloud – It Can be Done!

    Hord Tipton
    11 Jan 2012 | 9:25 am
    By W. Hord Tipton, CISSP-ISSEP, CAP, CISA, Executive Director, (ISC)² A few weeks ago, I was at my doctor’s office, and the topic of the cloud came up.  You may think this is a strange topic of conversation between a man and his doctor, but given my background in security and recent pressures from the Federal Government for doctors to switch from paper to electronic records (a requirement he and his colleagues are less than thrilled about), it turned out to be a very timely and interesting discussion. The reason I found it timely is that last month, I had several in-depth…
  • add this feed to my.Alltop

    viaForensics

  • HOW TO: Properly install VMWare Tools on VMWare Player 4.x

    Jon Pisani
    25 Jan 2012 | 3:21 pm
    With the introduction of VMWare Player 4.0, VMWare Player seems to no longer automates certain aspects of the VMWare Tools Install process. Therefore, you will need to take a few additional steps in order to properly install VMWare Tools on your viaExtract Virtual Machine. Upon initially opening the Virtual Machine, select Install VMWare Tools from the Virtual Machine tab at the top of the Virtual Machine. Select OK at the next message and a CD Icon Should appear on your Desktop. Double click the icon to open up the media window. This ensures that the CD has properly mounted and we can…

  • viaForensics to Kick Off Digital Detectives Podcast Series

    lhaas
    20 Jan 2012 | 10:39 am
    Gallivan, Gallivan and O’Melia (GGO, LLC), the e-discovery experts driving the move toward accessible, affordable e-discovery solutions, have partnered with Legal Talk Network to produce the ‘Digital Detectives’ series of podcasts for 2012. The Digital Detectives series aims to inform legal and technology professionals on a wide range of emerging topics in e-discovery, computer forensics, information security, litigation, and trial technologies. In the podcast series, Sharon Nelson and John Simek invite experts to discuss important topics of interest to litigators, corporate…

  • U.S. Shuts Down Megaupload File-Sharing Site, Anonymous Retaliates With DDoS Attacks

    lhaas
    20 Jan 2012 | 8:25 am
    The battle is heating up: A day after the Internet was abuzz with protests of the proposed SOPA and PIPA anti-piracy bills, the Department of Justice took a major action against many of the top executives of Megaupload, a popular file-sharing site that the government says was the basis for an “international organized criminal enterprise allegedly responsible for massive worldwide online piracy of numerous types of copyrighted works”. Prosecutors revealed indictments against seven people, all of whom are foreign nationals, as part of the case. As a result of the indictments and…

  • Hackers steal $6.7 million in bank cyber heist

    lhaas
    19 Jan 2012 | 9:00 am
    We’ve been preaching for years that organizations needs to take a more proactive approach to their security. Services, such as our liveForensics, add additional layers of security to protect against such breaches. Unfortunately, the Postbank’s fraud detection system hasn’t performed as it should, and the crime was discovered only after everyone returned to work after the holiday break. Apparently, it should not come as a surprise – according to a banking security expert, “the Postbank network and security systems are shocking and in desperate need of an…

  • RSA chief: Last year’s breach has silver lining

    lhaas
    18 Jan 2012 | 3:49 pm
    Silver lining of last year’s security breach is that it has lead to stronger security and better awareness of security issues. On another topic, Coviello says businesses are rushing and therefore missing an opportunity to build security into virtual and cloud environments as they adopt them. “[A]s much as I’ve preached for three or four years that we have an opportunity to get it right this time as we virtualize our environments and we go to cloud [by building] security in, it just isn’t happening,” he says. “We’re making the same mistakes all over…
 
  • add this feed to my.Alltop

    Crime and Forensic Blog

  • GPS Tracking Now Requires a Warrant

    admin
    24 Jan 2012 | 12:42 pm
    by Megan Grimes The 4th amendment states, “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” This text explains briefly about the necessary probable cause to obtain a warrant to validate the search. The Supreme Court has since debated on specific issues that may arise and ruled accordingly. The rulings are…

  • A Movie in the Making

    admin
    23 Jan 2012 | 10:15 am
    By: Theo Kouts  Colton Harris-Moore captured the attention of the public eye when he began his spree of burglaries and police chases in 2008.  Branded as the “Barefoot Bandit” Harris-Moore was known for leaving behind his calling card of bare-footprints at his victims’ establishments. Growing up in an abusive household, he started his unlawful career in his youth, stealing food for survival.  Immortalized in news stories Colton Harris-Moore was portrayed as a skilled, brilliant, evasive burglar able to outsmart the police at most every turn.  Stealing and crash landing five planes,…

  • Infant Abandoned

    admin
    20 Jan 2012 | 3:20 pm
    by Jada Wittow This Sunday, just before midnight, a man named Emmanuel Dugger was on his way home in Northeast Washington, DC when he saw something wrapped in a brown-and-red-striped towel on his neighbor’s stoop. Dugger said that since it was not moving, he thought it may have been a doll. He was unsure, so he went inside his house and got his fathers’ help.  The two men discovered that wrapped in the towel was a small baby girl, apparently less than a week old. She was naked, unconscious, and bleeding from both the nose and the mouth. The house where the infant was dropped off belonged…

  • Historic Robbery in Boston

    admin
    17 Jan 2012 | 12:23 pm
    by Megan Grimes On January 17th, 1950, in Boston, Massachusetts, 11 men stole more than $2 million dollars from a Brinks Armored Car depot.  The men believed to have committed the perfect crime and were not caught until January 1956, just days before the statue of limitations for the theft would have expired. The men planned for 18 months to determine when the most money could be stolen from the car. Anthony “Fats” Pino was given the title of the robbery’s mastermind. He was able to steal the plans to the depot’s alarm system and return them before anyone noticed. Dressed similarly…

  • Toxicology reports solved mystery of head-on collision

    admin
    12 Jan 2012 | 12:42 pm
    On July 26, 2009, a minivan going the wrong way on Taconic State Parkway collided head-on with a Chevrolet TrailBlazer, killing eight people. It was a Sunday afternoon, and the driver of the minivan was Diane Schuler, a successful mother with her children and nieces in the car, so at first, confusion and sympathy characterized the public’s view of the tragic incident. It wasn’t until the toxicology results from Schuler’s autopsy came through that the truth became known. Diane Schuler was both drunk and high. Her blood alcohol content—the amount of alcohol in her bloodstream, and…
  • add this feed to my.Alltop

    DFI News RSS Feeds

  • Supreme Court Rules GPS Tracking Violates Privacy

    rwaters
    26 Jan 2012 | 6:00 pm
    The Supreme Court on Monday ruled unanimously that the police violated the Constitution when they placed a Global Positioning System tracking device on a suspect’s car and monitored its movements for 28 days. read more

  • Unusual Evidence in Grooveshark Copyright Suit

    rwaters
    25 Jan 2012 | 6:00 pm
    The latest high-profile copyright infringement case, against Grooveshark, centers on some unusual and controversial evidence: a pair of anonymous blog comments. Grooveshark allows users to upload songs for others to stream free of charge. The company claims that its actions are legal under the “safe harbor” provisions of the federal Digital Millennium Copyright Act, which protect Web sites that host third-party content. read more

  • Expanded Digital Debugging with New Tools

    rwaters
    25 Jan 2012 | 6:00 pm
    McCann E-Investigations, a Texas-based computer forensics and private investigative firm, expands its computer forensics capabilities to meet the digital debugging demands of their clients in Houston and the surrounding areas. “We have seen significant requests from our clients regarding digital debugging.” said Dan Weiss, Partner at McCann E-Investigations. read more

  • Alabama Funds Fight Against Cybercrime

    rwaters
    25 Jan 2012 | 8:35 am
    The Alabama Office of Prosecution Services was awarded a grant totaling $234,000 to aid its fight against cybercrime. The grant will help fund two full-time investigators and one prosecutor for the office's computer forensics program. The program's investigators and the prosecutor are certified in computer forensics by the United States Secret Service. They have more than a combined 30 years of experience in the field. read more

  • MacForensicsLab 4.0 Released

    rwaters
    25 Jan 2012 | 8:16 am
    SubRosaSoft.com Inc. announces the immediate availability of the latest version of their computer forensic suite, MacForensicsLab 4.0. The new version brings a streamlined interface and many other improvements to make examinations quicker and more accurate. read more
  • add this feed to my.Alltop

    Forensic Focus Blog

  • Harry Onderwater

    24 Jan 2012 | 6:18 am
    A few days ago the Dutch forensics community - indeed, the wider forensics community - lost one of its founding fathers, Harry Onderwater. Having worked for many years for the Dutch police in Amsterdam, Harry then moved to the Centrale Recherche Informatie Dienst (National Criminal Intelligence Service) where he became one of the first investigators in the newly emerging field of computer crime, building a reputation for excellence not just in the Netherlands but also further afield throughout Europe and the USA. Later in his career he became Corporate Security Manager at KPMG in the…

  • Forensic Toolkit v3 Tips and Tricks ― Not on a Budget

    29 Nov 2011 | 10:01 am
    by Sean L. Harrington "A couple of weeks ago, Brian Glass posted a very helpful comment, Forensic Toolkit v3 Tips and Tricks — on a Budget. His comment focused on how to “get close to SSD performance on the cheap” and he discussed the practice of partitioning a large hard drive, but using only the outer sectors of the platter, and frequent defragmentation. In my comment, today, I want to encourage readers to adopt Glass’ advice, and, if you have the budget, to consider a few other enhancements to improve performance..." Read more

  • Is your client an attorney? Be aware of possible constraints (Part 2)

    29 Nov 2011 | 10:01 am
    by Sean L. Harrington "In my first post several weeks ago, I discussed some of the special obligations that digital forensics investigators may have while in the employ of a lawyer. I elaborated briefly on the duty to zealously guard the attorney-client privilege, to correctly apply the work product doctrine, and to conduct investigations in a way that does not compromise the integrity of the case or the rights, privileges, or immunities of the retaining party. In this second part of the series, I will explore another important factor for consideration by examiners: the legality of…

  • iPhone Tracking – from a forensic point of view

    29 Nov 2011 | 10:00 am
    Posted by 4rensiker "iPhoneTracking is sexy! Every mobile forensic suite, at least the ones dealing with iPhones, are providing it proudly. iPhoneTracking also has been a hot topic in the media all around the globe. People stated that there is a way to display every step of an iPhone user ever since the device got bought. Hmm...sounds great for all kind of investigations! Let’s see..." Read more

  • Android Forensics Study of Password and Pattern Lock Protection

    29 Nov 2011 | 10:00 am
    Posted by Oxygen Software "Let’s see what Pattern Lock is, how to access, determine or even get rid of it? We’ll also speak about Password Lock Protection and find out what it has in common with Pattern Lock. And finally we’ll try to understand how these locks are related to forensic investigation process. Generally pattern lock is a set of gestures that phone user performs to unlock his smartphone when he needs to use it. It seems to be complicated, but actually it is not..." Read more
 
Log in