Forensic Focus – Articles
Network Forensics
Book Review: Mastering Windows Network Forensics & Investigations
Mastering Windows Network Forensics and Investigations fills an interesting niche not well addressed in the pantheon of digital forensics resources. The material is well suited for beginning and intermediate forensic examiners looking to better understand network artifacts and go beyond single-system forensics. I highly recommend it for system administrators looking for a different perspective on network … Continue reading
Introduction to Penetration Testing – Part 3a – Active Reconnaissance
Apologies in advance, this is a bit of a connective blog entry – this is a big topic, and it needs some scene setting, basic understanding and several weeks worth to get the most out of it. We live in a connected world now – my other half was showing me a washing machine with … Continue reading
Introduction to Penetration Testing – Part 2 – The Discovery Phase – Passive Reconnaissance
PenTest, like forensics, is almost as much an art as it is a science – you can only be taught so far, technical techniques and tools are all very well, but you really need a mind that can think sideways and approach a task from as many angles as possible. The ex-LE forensicators have this … Continue reading
An Introduction to Penetration Testing – Part 1
In an earlier article, many moons ago (Sorry Jamie !), I stated my opinion that Forensics and Security were opposite sides of the same coin. I’ve felt very strongly that my skills as a Security Consultant have only been strengthened and expanded by the experiences I’ve gained with Forensics, both as part of the Forensic … Continue reading
Web History Visualisation for Forensic Investigations
Web History Visualisation for Forensic Investigations Sarah Lowman (1) and Ian Ferguson (2) (1) – sarah@lowmanio.co.uk (2) – University of Abertay I.Ferguson@abertay.ac.uk Abstract. Current tools for analysing web history often produce large amounts of data. This data is usually presented in a tabular format, which makes it difficult for forensic investigators to spot patterns and … Continue reading
How to Create an Open Source Network Forensics Appliance
By Ondrej Krehel Chief information security officer at Identity Theft 911 okrehel@IDT911.com IntroductionEncryption and anti-forensics attacker techniques are commonly encountered in incident response investigations, while the power of network forensics intelligence is often overlooked by busy IT and legal departments. Compromised networks only occasionally capture network incident data sets for further analysis, but when they … Continue reading
