This category contains 23 posts

Virtual Hard Disk Image Format – A Forensic Overview

by Anil Kumar Types of Virtual Hard Disk Image Format The hard disk of a VM is implemented as the files, which live on their native file systems of the host machine. MS Virtual PC & MS Virtual Server support the below mentioned types of virtual hard disk formats: Fixed – The fixed hard disk … Continue reading

Countering Anti-Forensic Efforts – Part 2

by Oleg Afonin, Danil Nikolaev, Yuri Gubanov © Belkasoft Research 2015 In the first part of this paper we talked about the most common – and also some of the simplest – ways suspects can try to cover their tracks in an attempt to slow down the investigation. This part of the article is dedicated … Continue reading

Electronic Voiceprints: The Crime Solving Power of Biometric Forensics

By Jared Stern Fingerprinting has been used for years to determine the individuality of a person. But, newer technology allows investigators to capture a person’s voice, a so-called “voiceprint.” Sometimes, a person’s voice is the only clue that police and forensic teams have to go on. What Is It? Voiceprinting is a new kind of … Continue reading

Forensic Analysis of SQLite Databases: Free Lists, Write Ahead Log, Unallocated Space and Carving

SQLite is a widely popular database format that is used extensively pretty much everywhere. Both iOS and Android employ SQLite as a storage format of choice, with built-in and third-party applications relying on SQLite to keep their data. A wide range of desktop and mobile Web browsers (Chrome, Firefox) and instant messaging applications use SQLite, … Continue reading

A guide to RegRipper and the art of timeline building

Background I have often heard RegRipper mentioned on forums and websites and how it was supposed to make examining event logs, registry files and other similar files a breeze (the event logs and the other files isn’t per say examined by RegRipper, but they will be used for creating timelines further on in this post with … Continue reading

Recovering Evidence from SSD Drives in 2014: Understanding TRIM, Garbage Collection and Exclusions

We published an article on SSD forensics in 2012. SSD self-corrosion, TRIM and garbage collection were little known and poorly understood phenomena at that time, while encrypting and compressing SSD controllers were relatively uncommon. In 2014, many changes happened. We processed numerous cases involving the use of SSD drives and gathered a lot of statistical … Continue reading

Understanding Cyber Bullying – Notes for Digital Forensics Examiners

by Carole Phillips The phenomenon of cyber bullying has received a significant amount of attention in the last decade and literature in this field has grown exponentially with advice and guidance on how to deal with cyber bullying. Yet the term cyber bullying did not exist in the public’s consciousness a decade ago and the … Continue reading

Coming apart at the SIEMs …

Security Information and Event Management (SIEM)1 systems are all the rage at the moment – and with good cause. As you are all aware, one item of data2 does not a case make, it is the combination & correlation between _all_ of the data that creates “evidence” – and here in the SIEM we are … Continue reading

Extracting Evidence from Destroyed Skype Logs and Cleared SQLite Databases

Summary This article describes common approaches used for the recovery of cleared Skype histories and deleted chat logs, and discusses methods and techniques for recovering evidence from cleared and damaged SQLite databases. Introduction It is difficult to underestimate popularity of Skype. Hundreds of millions of people use Skype every day, generating a lot of potential … Continue reading

Does Deviant Pornography Use Follow A Guttman-Like Progression?

by Kathryn C. Seigfried-Spellar (a), Marcus K. Rogers (b) (a) The University of Alabama, Tuscaloosa, AL 35487, USA (b) Purdue University, West Lafayette, IN 47907, USA Abstract This study investigated whether deviant pornography use followed a Guttman-like progression in that a person transitions from being a nondeviant to deviant pornography user. In order to observe … Continue reading

Cyberbullying – a growing concern in a connected society

Megan Meier was just twelve years old when the events began that would ultimately lead to her death. Like many teenagers, Megan had accounts on common social networks, including MySpace, where she first met “Josh Evans”. Ostensibly a sixteen-year old boy, “Josh” was actually an accumulation of Sarah, an old friend of Megan’s, Sarah’s mother, … Continue reading

KS – an open source bash script for indexing data

KS – an open source bash script for indexing data ABSTRACT:  This is a keywords searching tool working on the allocated, unallocated data and the slackspace, using an indexer software and a database storage . Often during a computer forensics analysis we need to have all the keywords indexed into a database for making many … Continue reading

Bad Sector Recovery

Bad Sector Recovery Hard drives are built in a way so that they never return unreliable data. This means that if a hard drive cannot guarantee 100 percent accuracy of the data requested, it will simply return an error and will never give away any data at all. This article explains how bad sector recovery … Continue reading

Forensic Artifact: Malware Analysis in Windows 8

Windows is the most used operating system worldwide. I have met a lot of IT guys in my country and also other computer elites. My discovery was that 90 percent of them use Windows. I felt maybe that was just in my country, then I decided to contact some friends from UK, USA, India, and … Continue reading

Forensic Analysis of Windows 7 Jump Lists

Forensic Analysis of Windows 7 Jump Lists Abstract The release of Microsoft Windows 7 introduced a new feature known as Jump Lists which present the user with links to recently accessed files grouped on a per application basis.  The records maintained by the feature have the potential to provide the forensic computing examiner with a … Continue reading


Get every new post delivered to your Inbox.

Join 836 other followers