Hardware

Why SSD Drives Destroy Court Evidence, and What Can Be Done About It

Posted by belkasoft ⋅ October 23, 2012 ⋅ 9 Comments

by Yuri Gubanov yug@belkasoft.com, Oleg Afonin aoleg@voicecallcentral.com Belkasoft Ltd. http://belkasoft.com Abstract Solid State drives (SSD) introduced dramatic changes to the principles of computer forensics. Forensic acquisition of computers equipped with SSD storage is very different of how we used to acquire PCs using traditional magnetic media. Instead of predictable and highly possible recovery of information the … Continue reading »

AccessData FTK 4.0: initial impressions

Posted by barristerharri ⋅ March 18, 2012 ⋅ 31 Comments

Introduction In this post, I will provide some initial impressions and findings. I do not endeavor to write a white paper, or to employ an industry standard, scientific methodology to evaluating the tool (if for no other reason than because I am constrained by time). PostgreSQL First, I note that it appears that no one … Continue reading »

Forensic Imaging of Hard Disk Drives- What we thought we knew

Posted by webcase ⋅ January 27, 2012 ⋅ 8 Comments

By Todd G. Shipley and Bryan Door (A complete copy of this white paper and its figures and diagrams can be found at http://www.nfdrtc.net). WHAT WE HAVE BEEN TAUGHT Imaging of hard drives has been the main stay of the “Science” part of digital forensics for many years. It has been articulated by many, including us, … Continue reading »

Forensic Toolkit v3 Tips and Tricks – On a budget

Posted by Brian K. Glass ⋅ November 6, 2011 ⋅ Leave a Comment

While researching FTK 3X and Oracle, you just recently discovered that the best configuration of your Oracle database would be on a solid state drive (SSD). Solid state drives give the maximum level of performance to Oracle databases and in turn speed up your FTK 3X responsiveness. You are a conscientious analyst and decide to try … Continue reading »

The End of Digital Forensics?

Posted by forensicfocus ⋅ July 23, 2011 ⋅ Leave a Comment

by Craig Ball When Microsoft introduced its Encrypting File System (EFS) in Windows 2000, the Cassandras of computer forensics peppered the listserves with predictions that the days of digital forensics were numbered. Ten years on and hundreds of systems acquired, I’ve yet to handle a case stymied by encryption—and 90% of my acquisitions were corporate … Continue reading »

Flash drives and acquisition

Posted by forensicfocus ⋅ July 19, 2011 ⋅ Leave a Comment

First published June 2010 by Dominik Weber, Senior Software Architect for Guidance Software, Inc. “Take a look at this”. It started simply with that.A co-worker was looking into some strange issue with an acquisition of a flash drive. It seemed that the acquisition hash changed every time the drive was acquired. The write switch was … Continue reading »

Build Your Own Digital Evidence Collection Kit

Posted by forensicfocus ⋅ July 16, 2011 ⋅ Leave a Comment

First published June 2009 by David Kovar, NetCerto, Inc. Overview Collecting evidence accurately is clearly a foundational element for any ediscovery or forensics analysis project. The equipment required is important, but so are the supporting items – office supplies, forms, and documentation tools. And if you cannot find the items, or get them to the … Continue reading »

Forensic Focus – Articles

Search