Uncategorized

KS – an open source bash script for indexing data

Posted by nannib ⋅ April 23, 2013 ⋅ 2 Comments

KS – an open source bash script for indexing data ABSTRACT: This is a keywords searching tool working on the allocated, unallocated data and the slackspace, using an indexer software and a database storage . Often during a computer forensics analysis we need to have all the keywords indexed into a database for making many … Continue reading »

Bad Sector Recovery

Posted by dmitrypostrigan ⋅ January 21, 2013 ⋅ Leave a Comment

Bad Sector Recovery Hard drives are built in a way so that they never return unreliable data. This means that if a hard drive cannot guarantee 100 percent accuracy of the data requested, it will simply return an error and will never give away any data at all. This article explains how bad sector recovery … Continue reading »

Forensic Artifact: Malware Analysis in Windows 8

Posted by Ryan Fahey ⋅ January 10, 2013 ⋅ 1 Comment

Windows is the most used operating system worldwide. I have met a lot of IT guys in my country and also other computer elites. My discovery was that 90 percent of them use Windows. I felt maybe that was just in my country, then I decided to contact some friends from UK, USA, India, and … Continue reading »

Forensic Analysis of Windows 7 Jump Lists

Posted by roblyness ⋅ October 30, 2012 ⋅ 2 Comments

Forensic Analysis of Windows 7 Jump Lists Abstract The release of Microsoft Windows 7 introduced a new feature known as Jump Lists which present the user with links to recently accessed files grouped on a per application basis. The records maintained by the feature have the potential to provide the forensic computing examiner with a … Continue reading »

The need for Transnational and State-Sponsored Cyber Terrorism Laws and Code of Ethics

Posted by babylonhoyte ⋅ September 28, 2012 ⋅ 2 Comments

Today, terrorists are making the best use of information technology to carry out their objectives. The NATO definition of cyber terrorism is “a cyber attack using or exploiting computer or communication networks to cause sufficient destruction to generate fear or to intimidate a society into an ideological goal” (Everard P, 2007 p 119). Cyber terrorism … Continue reading »

IPOD – Timestamps secrets

Posted by nannib ⋅ September 3, 2012 ⋅ 10 Comments

ABSTRACT This is a description how the Apple Ipod/Iphone stores the timestamps into their plist files. After an experiment we tried to order the various ways that Apple Idevices manage and store these data. We found the timestamps into PlayCounts.plist are in local time and not in absolute time GMT. During an experiment on an … Continue reading »

New Linux Distro for Mobile Security, Malware Analysis, and Forensics

Posted by infosecbryce ⋅ August 28, 2012 ⋅ 2 Comments

by Jay Turla, a contributor to InfoSec Resources. A new GNU/Linux distribution or distro designed for helping you in every aspect of your mobile forensics, mobile malware analysis, reverse engineering and security testing needs and experience has just been released and its alpha version is now available for download. It’s called Santoku Linux. Santoku is a general … Continue reading »

Computer Analysts and Experts – Making the Most of GPS Evidence

Posted by gorddinog ⋅ August 27, 2012 ⋅ 5 Comments

by Professor David Last http://www.professordavidlast.co.uk The many companies that sell software for computer forensics have developed products for analysing satellite navigators. Police high tech crime units and independent laboratories now use this software on an industrial scale. Computer technicians conduct the analyses. This is home territory for them, since the biggest component of a vehicle … Continue reading »

Forensic Examination of FrostWire version 5

Posted by veronicaschm ⋅ July 19, 2012 ⋅ 4 Comments

Introduction As digital forensic practitioners, we are faced regularly with users utilizing the internet to swop and download copyrighted and contraband material. Peer to peer (P2P) applications are commonly used for this purpose, and like any software application, they is ever changing, and ever evolving. This paper will discuss how the P2P software application, FrostWire … Continue reading »

Firefox Forensics

Posted by infosecbryce ⋅ July 17, 2012 ⋅ 2 Comments

I was showing someone a trick to export Firefox SQLite tables to a spread sheet, and while she is a forensics person, she had never ever heard of this trick. It is neat enough to know when working off an image to pull the entire history of a Firefox user by using the SQLite table … Continue reading »

Dealing with Data Encryption in Criminal Cases

Posted by barristerharri ⋅ March 23, 2012 ⋅ 3 Comments

Introduction Over the last several years, I’ve posted a handful of short blog entries about the topic of compelling a criminal defendant to surrender a passphrase to an encrypted volume or hard-drive. These entries concern the three cases of re Grand Jury Subpoena Duces Tecum Dated March 25, 2011, United States v. Fricosu, (D.Colo, 2012), and In … Continue reading »

Anonymous, what does it mean?

Posted by forens245 ⋅ November 1, 2011 ⋅ Leave a Comment

Anonymous, a word which Merriam-Webster describes as: of unknown authorship or origin, not named or identified, or lacking individuality, distinction, or recognizability. There are some in this world that wish to remain anonymous, not named or identified. Sure I am one of these people, but I have my reasons. With the work that I do, … Continue reading »

Forensic Focus – Articles

Search