Advertisement
Articles
Subscribe to DFI News

The Lead

One should not expect to find all user information sitting in the default folder or default location for a given type of file (e.g. Application Data or similar folder). Searching the entire hard disk is required in order to locate all unencrypted log and

Retrieving Obscured Files

September 19, 2014 | Comments

One should not expect to find all user information sitting in the default folder or default location for a given type of file (e.g. Application Data or similar folder). Searching the entire hard disk is required in order to locate all unencrypted log and history files. 

TOPICS:
View Sample

SUBSCRIBE TO FREE
DFI News
EMAIL NEWSLETTER

Thrifty attackers, are you tired of investing your dollars in a botnet that's constantly being disrupted by new anti-virus signatures and bot downtime? A "cloudbot" might be just what you seek.

iCloud Hacked!?!

September 23, 2014 6:15 am | by Rebecca Waters | Comments

About a week before this issue went to press, we were treated to a veritable media frenzy surrounding the alleged hacking of iCloud and the news of hundreds of celebrity nude photos leaked. Every news outlet, it seemed, was ready to put forth its own “digital forensics expert”. Now as we prepare to send this page to the printer we are beginning to see the results of the real investigations into the incident.

TOPICS:

Data Storage Issues: Part 4

September 23, 2014 6:12 am | by John J. Barbara | Digital Forensics Consulting, LLC | Comments

Future data storage needs for businesses, corporations, and governments are going to far exceed the ability of current technology to provide those storage devices. Obviously, without major technological advancements, the cost of future data storage could be unprecedented. There are however, a number of technologies under development which may eventually be able to store vast amounts of information, far exceeding today’s devices.

TOPICS:

Book Excerpt: Checklist: Building a Penetration Testing Lab

September 23, 2014 6:06 am | by Bruce Middleton | CRC Press/Taylor & Francis Group LLC | Comments

This checklist can help you to build a penetration testing lab. To successfully set up your lab will require attention to detail, redundancy, and a littel bit of paranoia.                   

TOPICS:
Advertisement

Recovering Evidence from SSD Drives: Understanding TRIM, Garbage Collection, and Exclusions

September 23, 2014 5:50 am | by Yuri Gubanov and Oleg Afonin | Belkasoft | Comments

In 2012 we published an article called “Why SSD Drives Destroy Court Evidence, and What Can Be Done About It,” back then SSD self-corrosion, TRIM, and garbage collection were little known and poorly understood phenomena. In 2014, the situation looks different. We now know things about SSD drives that allow forensic specialists to obtain information from them despite the obstacles. 

TOPICS:

Using Metadata in Litigation

September 23, 2014 5:37 am | by Gary Torgersen | Comments

When it comes to metadata as part of a litigation strategy, we mostly see it used as supporting information about the data. It is unusual, but not unheard of, to see metadata used directly as evidence. That is likely to change as more people understand the role metadata can have in developing legal strategy. With proper forensic analysis, metadata can help highlight patterns, establish timelines, and point to gaps in the data.

TOPICS:

Understanding Malware

September 23, 2014 5:30 am | by Cindy Murphy | SANS Institute | Comments

Malware is an important consideration for examiners working on traditional computer forensic cases. Malware can add complexity to a case, but in some instances, it actually can help investigators. Like any other piece of data, malware can be used as a clue within a forensic examination. 

TOPICS:

Streamlining the Digital Forensic Workflow: Part 2

September 23, 2014 5:24 am | by John J. Barbara | Digital Forensics Consulting, LLC | Comments

Often an examiner will analyze all the digital media only to determine that the probative data was limited to a browser’s history file, an e-mail, a document, the mobile devices’ logs, or an inappropriate graphic video or picture. Finding the critical probative data faster in a cost effective manner while reducing or eliminating case backlogs is going to require a more efficient methodology.

TOPICS:

Mobile Device Search and Seizure in a Post-Riley World

September 23, 2014 5:16 am | by Christa Miller | Cellebrite USA, Inc. | Comments

The United States Supreme Court’s ruling in Riley v. US may not have been much of a surprise to American law enforcement. Many agencies were already requiring officers to obtain search warrants before searching mobile devices. Ultimately, rather than limiting law enforcement, the Riley decision frees agencies to deploy mobile data extraction capabilities across a much wider field of officers.

TOPICS:
Advertisement
Over the years, cookies have been overlooked in forensic examinations. For the most part, cookies were used to show that a user account had accessed a website. Since no set structure for cookies existed, determining the content’s meaning was problematic.

Finding Good Cookies

September 5, 2014 12:14 pm | Comments

Over the years, cookies have been overlooked in forensic examinations. For the most part, cookies were used to show that a user account had accessed a website. Since no set structure for cookies existed, determining the content’s meaning was problematic. With the advent of Google Analytics (GA) cookies, that has changed.

TOPICS:
Triaging a computer can be a methodology to avoid many issues inherent with “pulling the plug.” For instance, capturing the system volatile information can very quickly provide investigators valuable information.

When Not to 'Pull the Plug'

August 15, 2014 8:52 am | Comments

Triaging a computer can be a methodology to avoid many issues inherent with “pulling the plug.” For instance, capturing the system volatile information can very quickly provide investigators valuable information.           

TOPICS:
Digital forensic science is not a matter of recovering a file that proves   somebody’s guilt; it is about wading through hundreds of thousands, possibly   millions, of a wide variety of digital artifacts and making very pointed   critical judgments about

Find the Context

July 30, 2014 3:50 pm | Comments

Digital forensic science is not a matter of recovering a file that proves somebody’s guilt; it is about wading through hundreds of thousands, possibly millions, of a wide variety of digital artifacts and making very pointed critical judgments about which provide some sort of inculpatory or exculpatory evidence relevant to the case.

TOPICS:
Realistically, Live RAM analysis has its limitations, lots of them. Many types of artifacts stored in the computer’s volatile memory are ephemeral.

Limitations of Volatile Memory Analysis

July 25, 2014 8:51 am | Comments

Realistically, Live RAM analysis has its limitations, lots of them. Many types of artifacts stored in the computer’s volatile memory are ephemeral. While information about running processes will not disappear until they are finished, remnants of recent chats, communications, and other user activities may be overwritten with other content any moment the operating system demands yet another memory block.

TOPICS:

The Switch to Private Sector Digital Forensics

July 18, 2014 9:05 am | Comments

There is clearly a difference in the type of investigations and examinations being performed versus what are encountered in the public sector. The private sector examiner can be expected to provide evidence to private attorneys, corporations, private investigators, and corporate security departments.

TOPICS:
With the global smartphone market expected to total 1.75 billion users this year, it is rare for an investigator to conduct a digital forensic investigation that does not include a smartphone.

Digging for Data, Finding Evidence in Third-Party Applications

July 16, 2014 8:13 am | by Heather Mahalik and Cesar Quezada | Basis Technology, SANS Institute | Comments

With the global smartphone market expected to total 1.75 billion users this year, it is rare for an investigator to conduct a digital forensic investigation that does not include a smartphone. While smartphone forensics has vastly improved over the years, third-party apps are making it increasingly difficult for investigators to find data. As a result, valuable evidence is being overlooked.

TOPICS:

Flasher Box or No Flasher Box?

July 11, 2014 9:27 am | Comments

Let’s be very clear before we go down the flasher box path, there is no replacement or substitute for the automated forensic tools produced by mobile forensic manufacturers. Unfortunately, with growing consumer demand for newer and more technologically advanced mobile phones, these automated and safe solutions do not meet some investigative requirements.

TOPICS:

Pages

X
You may login with either your assigned username or your e-mail address.
The password field is case sensitive.
Loading