belkasoft

belkasoft has written 3 posts for Forensic Focus – Articles

Catching the ghost: how to discover ephemeral evidence with Live RAM analysis

Posted by belkasoft ⋅ June 18, 2013 ⋅ Leave a Comment

Oleg Afonin and Yuri Gubanov, contact@belkasoft.com © Belkasoft Research, 2013 Belkador Dali. “Losing volatile Evidence”. All rights reserved. Ephemeral Evidence Until very recently, it was a standard practice for European law enforcement agencies to approach running computers with a “pull-the-plug” attitude without recognizing the amount of evidence lost with the content of the computer’s volatile … Continue reading »

Why SSD Drives Destroy Court Evidence, and What Can Be Done About It

Posted by belkasoft ⋅ October 23, 2012 ⋅ 9 Comments

by Yuri Gubanov yug@belkasoft.com, Oleg Afonin aoleg@voicecallcentral.com Belkasoft Ltd. http://belkasoft.com Abstract Solid State drives (SSD) introduced dramatic changes to the principles of computer forensics. Forensic acquisition of computers equipped with SSD storage is very different of how we used to acquire PCs using traditional magnetic media. Instead of predictable and highly possible recovery of information the … Continue reading »

Retrieving Digital Evidence: Methods, Techniques and Issues

Posted by belkasoft ⋅ July 11, 2012 ⋅ 3 Comments

by Yuri Gubanov yug@belkasoft.com Belkasoft Ltd. http://belkasoft.com Abstract This article describes the various types of digital forensic evidence available on users’ PC and laptop computers, and discusses methods of retrieving such evidence. Download article in PDF format Introduction A recent research conducted by Berkeley scientists concluded that up to 93% of all information never leaves the digital domain. … Continue reading »