This category contains 33 posts

Recovering Evidence from SSD Drives in 2014: Understanding TRIM, Garbage Collection and Exclusions

We published an article on SSD forensics in 2012. SSD self-corrosion, TRIM and garbage collection were little known and poorly understood phenomena at that time, while encrypting and compressing SSD controllers were relatively uncommon. In 2014, many changes happened. We processed numerous cases involving the use of SSD drives and gathered a lot of statistical … Continue reading

Understanding Cyber Bullying – Notes for Digital Forensics Examiners

by Carole Phillips The phenomenon of cyber bullying has received a significant amount of attention in the last decade and literature in this field has grown exponentially with advice and guidance on how to deal with cyber bullying. Yet the term cyber bullying did not exist in the public’s consciousness a decade ago and the … Continue reading

Coming apart at the SIEMs …

Security Information and Event Management (SIEM)1 systems are all the rage at the moment – and with good cause. As you are all aware, one item of data2 does not a case make, it is the combination & correlation between _all_ of the data that creates “evidence” – and here in the SIEM we are … Continue reading

Extracting Evidence from Destroyed Skype Logs and Cleared SQLite Databases

Summary This article describes common approaches used for the recovery of cleared Skype histories and deleted chat logs, and discusses methods and techniques for recovering evidence from cleared and damaged SQLite databases. Introduction It is difficult to underestimate popularity of Skype. Hundreds of millions of people use Skype every day, generating a lot of potential … Continue reading

Does Deviant Pornography Use Follow A Guttman-Like Progression?

by Kathryn C. Seigfried-Spellar (a), Marcus K. Rogers (b) (a) The University of Alabama, Tuscaloosa, AL 35487, USA (b) Purdue University, West Lafayette, IN 47907, USA Abstract This study investigated whether deviant pornography use followed a Guttman-like progression in that a person transitions from being a nondeviant to deviant pornography user. In order to observe … Continue reading

Cyberbullying – a growing concern in a connected society

Megan Meier was just twelve years old when the events began that would ultimately lead to her death. Like many teenagers, Megan had accounts on common social networks, including MySpace, where she first met “Josh Evans”. Ostensibly a sixteen-year old boy, “Josh” was actually an accumulation of Sarah, an old friend of Megan’s, Sarah’s mother, … Continue reading

KS – an open source bash script for indexing data

KS – an open source bash script for indexing data ABSTRACT:  This is a keywords searching tool working on the allocated, unallocated data and the slackspace, using an indexer software and a database storage . Often during a computer forensics analysis we need to have all the keywords indexed into a database for making many … Continue reading

Bad Sector Recovery

Bad Sector Recovery Hard drives are built in a way so that they never return unreliable data. This means that if a hard drive cannot guarantee 100 percent accuracy of the data requested, it will simply return an error and will never give away any data at all. This article explains how bad sector recovery … Continue reading

Forensic Artifact: Malware Analysis in Windows 8

Windows is the most used operating system worldwide. I have met a lot of IT guys in my country and also other computer elites. My discovery was that 90 percent of them use Windows. I felt maybe that was just in my country, then I decided to contact some friends from UK, USA, India, and … Continue reading

Forensic Analysis of Windows 7 Jump Lists

Forensic Analysis of Windows 7 Jump Lists Abstract The release of Microsoft Windows 7 introduced a new feature known as Jump Lists which present the user with links to recently accessed files grouped on a per application basis.  The records maintained by the feature have the potential to provide the forensic computing examiner with a … Continue reading

The need for Transnational and State-Sponsored Cyber Terrorism Laws and Code of Ethics

Today, terrorists are making the best use of information technology to carry out their objectives. The NATO definition of cyber terrorism is “a cyber attack using or exploiting computer or communication networks to cause sufficient destruction to generate fear or to intimidate a society into an ideological goal” (Everard P, 2007 p 119). Cyber terrorism … Continue reading

IPOD – Timestamps secrets

ABSTRACT This is a description how the Apple Ipod/Iphone stores the timestamps into their plist files. After an experiment we tried to order the various ways that Apple Idevices manage and store these data. We found the timestamps into PlayCounts.plist are in local time and not in absolute time GMT. During an experiment on an … Continue reading

New Linux Distro for Mobile Security, Malware Analysis, and Forensics

by Jay Turla, a contributor to InfoSec Resources. A new GNU/Linux distribution or distro designed for helping you in every aspect of your mobile forensics, mobile malware analysis, reverse engineering and security testing needs and experience has just been released and its alpha version is now available for download. It’s called Santoku Linux. Santoku is a general … Continue reading

Computer Analysts and Experts – Making the Most of GPS Evidence

by Professor David Last The many companies that sell software for computer forensics have developed products for analysing satellite navigators. Police high tech crime units and independent laboratories now use this software on an industrial scale. Computer technicians conduct the analyses. This is home territory for them, since the biggest component of a vehicle … Continue reading

Forensic Examination of FrostWire version 5

Introduction As digital forensic practitioners, we are faced regularly  with users utilizing the internet to swop and download copyrighted and contraband material. Peer to peer (P2P) applications are commonly used for this purpose, and like any software application, they is ever changing, and ever evolving. This paper will discuss how the P2P software application, FrostWire … Continue reading

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,301 other followers