Software

KS – an open source bash script for indexing data

Posted by nannib ⋅ April 23, 2013 ⋅ 2 Comments

KS – an open source bash script for indexing data ABSTRACT: This is a keywords searching tool working on the allocated, unallocated data and the slackspace, using an indexer software and a database storage . Often during a computer forensics analysis we need to have all the keywords indexed into a database for making many … Continue reading »

Bad Sector Recovery

Posted by dmitrypostrigan ⋅ January 21, 2013 ⋅ Leave a Comment

Bad Sector Recovery Hard drives are built in a way so that they never return unreliable data. This means that if a hard drive cannot guarantee 100 percent accuracy of the data requested, it will simply return an error and will never give away any data at all. This article explains how bad sector recovery … Continue reading »

Windows 8: Important Considerations for Computer Forensics and Electronic Discovery

Posted by Larry Lieb ⋅ December 9, 2012 ⋅ 1 Comment

Introduction Documents identified by computer forensic investigations in civil litigation typically require review and analysis by attorneys to determine if the uncovered evidence could support causes of action such as breach of contract, breach of fiduciary duty, misappropriation of trade secrets, tortious interference, or unfair competition. In addition, bit-for-bit forensic imaging of workstations is also … Continue reading »

Collecting and Processing Bloomberg Data

Posted by scforensics ⋅ September 12, 2012 ⋅ Leave a Comment

A few years ago, Bloomberg data may have been relatively unusual, however today we see Bloomberg chat and email data being collected quite frequently. Not a surprise really considering some of the headlines relating to certain Banks and Financial institutions of late. Below are some examples of the tips, tricks and considerations involved in working … Continue reading »

Introduction to Penetration Testing – Part 3a – Active Reconnaissance

Posted by ThinkingSec ⋅ July 17, 2012 ⋅ 3 Comments

Apologies in advance, this is a bit of a connective blog entry – this is a big topic, and it needs some scene setting, basic understanding and several weeks worth to get the most out of it. We live in a connected world now – my other half was showing me a washing machine with … Continue reading »

Introduction to Penetration Testing – Part 2 – The Discovery Phase – Passive Reconnaissance

Posted by ThinkingSec ⋅ July 3, 2012 ⋅ 2 Comments

PenTest, like forensics, is almost as much an art as it is a science – you can only be taught so far, technical techniques and tools are all very well, but you really need a mind that can think sideways and approach a task from as many angles as possible. The ex-LE forensicators have this … Continue reading »

Mobile Phone Forensic Challenges

Posted by Oxygen Software ⋅ May 17, 2012 ⋅ 2 Comments

Introduction A great number of the mobile phones used worldwide every second require special knowledge and skills from forensic experts. More often it is not enough to be an experienced expert in computer forensics to understand all the peculiarities and difficulties of the mobile forensics. This article describes technical problems encountered by specialists in mobile … Continue reading »

Key Twitter and Facebook Metadata Fields Forensic Investigators Need to be Aware of

Posted by John Patzakis ⋅ April 25, 2012 ⋅ 4 Comments

Authentication of social media evidence can present significant challenges when you collect by screen shots, printouts or raw html feeds from an archive tool. This is just one reason why social media data must be properly collected, preserved, searched and produced in a manner consistent with best practices. When social media is collected with a … Continue reading »

689 Published Cases Involving Social Media Evidence (with full case listing)

Posted by John Patzakis ⋅ April 16, 2012 ⋅ 2 Comments

The torrent of social media evidence continues to grow. In November 2011 we, at X1 Discovery, searched online legal databases of state and federal court decisions across the United States to identify the number of cases from 2010 and through November 2011 where evidence from social networking sites played a significant role. As we mentioned … Continue reading »

Overcoming Potential Legal Challenges to the Authentication of Social Media Evidence

Posted by John Patzakis ⋅ April 2, 2012 ⋅ 3 Comments

By John Patzakis1 Summary: Social media evidence is highly relevant to most legal disputes and broadly discoverable, but challenges lie in evidentiary authentication without best practices technology and processes. This whitepaper examines these challenges faced by eDiscovery practitioners and investigators and illustrates best practices for collection, preservation, search and production of social media data. Also … Continue reading »

AccessData FTK 4.0: initial impressions

Posted by barristerharri ⋅ March 18, 2012 ⋅ 31 Comments

Introduction In this post, I will provide some initial impressions and findings. I do not endeavor to write a white paper, or to employ an industry standard, scientific methodology to evaluating the tool (if for no other reason than because I am constrained by time). PostgreSQL First, I note that it appears that no one … Continue reading »

Firefox Cache Format and Extraction

Posted by John Ritchie ⋅ March 9, 2012 ⋅ 4 Comments

Introduction In the forensic lab where I work, we frequently investigate malware-infected workstations. As our user population started shifting from Internet Explorer to Firefox, we observed that one of our favorite forensic tools, Kristinn Gudjonsson’s log2timeline, wasn’t able to provide as much data for Firefox as it was for IE. The missing component was cache … Continue reading »

Review: Proof Finder by Nuix

Posted by forensicfocus ⋅ January 23, 2012 ⋅ 7 Comments

Reviewed by Jonathan Krause of Forensic Control Well, this is an interesting proposition. Early last December Nuix, the respected producers of eDiscovery software, released an intriguing, and as far as I know in this sector, unique, application. Called Proof Finder, it’s a restricted and limited version of their enterprise product which they’re making available for … Continue reading »

Forensic Toolkit v3 Tips and Tricks ― Not on a Budget

Posted by barristerharri ⋅ November 23, 2011 ⋅ 4 Comments

A couple of weeks ago, Brian Glass posted a very helpful comment, Forensic Toolkit v3 Tips and Tricks — on a Budget. His comment focused on how to “get close to SSD performance on the cheap” and he discussed the practice of partitioning a large hard drive, but using only the outer sectors of the … Continue reading »

iPhone Tracking – from a forensic point of view

Posted by 4rensiker ⋅ November 20, 2011 ⋅ 14 Comments

- Introduction – iPhoneTracking is sexy!!! Every mobile forensic suite, at least the ones dealing with iPhones, are providing it proudly. iPhoneTracking also has been a hot topic in the media all around the globe. People stated, that there is a way to display every step of an iPhone user ever since the device got … Continue reading »

Forensic Focus – Articles

Search