Advertisement
Articles
Subscribe to DFI News

The Lead

Current research in the area of digital image forensics is developing better ways to convert image files into frequencies, such as using wavelet transforms in addition to more traditional cosine transforms and more sensitive methods for determining if eac

Leading the Eyewitness: Digital Image Forensics in a Megapixel World

November 19, 2014 | by William Weaver, Ph.D. | Comments

Current research in the area of digital image forensics is developing better ways to convert image files into frequencies, such as using wavelet transforms in addition to more traditional cosine transforms and more sensitive methods for determining if each area of an image belongs to the whole.

TOPICS:
View Sample

SUBSCRIBE TO FREE
DFI News
EMAIL NEWSLETTER

A month after rebranding from Telecom to Spark, the leading New Zealand ISP had received collateral damage from the conflict between Russia and Ukraine. Fights there have never really been toe-to-toe, but, on Friday evening, September 5, Spark engineers a

Spark DNS Bounces DDoS Attack

November 21, 2014 4:58 pm | by Debbie Fletcher | Comments

A month after rebranding from Telecom to Spark, the leading New Zealand ISP had received collateral damage from the conflict between Russia and Ukraine. Fights there have never really been toe-to-toe, but, on Friday evening, September 5, Spark engineers announced that a layer-3 DDoS attack was causing an overload of its DNS servers.

TOPICS:
Do you ever feel overwhelmed as a manager? Being overburdened by the responsibility of having to figure out what others want and need of you is a familiar feeling shared among leaders. Fortunately, there is a “best practice” for obtaining just the kind of

What Every Employee Wants in a Leader

November 7, 2014 8:47 am | by DeEtta Jones | Comments

Do you ever feel overwhelmed as a manager? Being overburdened by the responsibility of having to figure out what others want and need of you is a familiar feeling shared among leaders. Fortunately, there is a “best practice” for obtaining just the kind of information needed to increase your leadership effectiveness — ask them what they want. 

TOPICS:
Boot loaders are currently considered the most forensically sound physical extraction method. While they do involve loading a piece of code onto the device, this happens before the forensic tool accesses any evidentiary data. That’s because they replace t

Accurate Data, Forensic Soundness

October 31, 2014 8:23 am | by Ronen Engler and Christa M. Miller | Cellebrite USA, Inc. | Comments

Boot loaders are currently considered the most forensically sound physical extraction method. While they do involve loading a piece of code onto the device, this happens before the forensic tool accesses any evidentiary data. That’s because they replace the device’s normal boot loader, or the first set of operations that kick off the phone’s startup process and hand off to the main controlling program, like the operating system.

TOPICS:
Advertisement

Book Excerpt: Checklist: Building a Penetration Testing Lab

October 29, 2014 8:48 am | by Bruce Middleton | CRC Press/Taylor & Francis Group LLC | Comments

This checklist can help you to build a penetration testing lab. To successfully set up your lab will require attention to detail, redundancy, and a littel bit of paranoia.                   

TOPICS:

Cloud Computing Presents a Unique Forensic Challenge

October 23, 2014 8:00 pm | Comments

Cloud computing raises some unique law enforcement concerns regarding the location of potential digital evidence, its preservation, and its subsequent forensic analysis. Further forensic issues concern the potential effect the cloud services could have on the digital data itself and how the forensic examiner can explain all these indiscretions to the court.

TOPICS:

How to Collect Internet Evidence

October 22, 2014 8:00 pm | Comments

The courts have generally accepted evidence collected from the Internet as long as its authenticity can be established. Commonly accepted digital forensic methodologies can all be used to identify a three-pronged approach to Internet forensics.

TOPICS:

Investigator Turns Eyewitness

October 20, 2014 8:21 pm | by Benjamin Wright | Comments

In today’s world of social media, investigators are taking on a new role; they are becoming a form of eyewitness. As the eyewitness, an investigator observes evidence that might not be visible to any other available investigator. The investigator is wise to create a record of what he or she sees at any particular point in time, including print outs of screenshots.  

TOPICS:

Who? What? When? Why? Where? And How?

October 17, 2014 8:13 am | by Brett Shavers | Comments

A key factor in placing any person at the scene of a crime is obtaining evidence that can place an identified suspect as it relates to the scene of the crime. Previously discussed methods of physical surveillance and obtaining records are usually the best evidence of placing a suspect at a specific place and at a specific time, but as most investigations involve reacting to incidents, this may not be always possible.

TOPICS:
Advertisement
In 2012 we published an article called “Why SSD Drives Destroy Court Evidence, and What Can Be Done About It,” back then SSD self-corrosion, TRIM, and garbage collection were little known and poorly understood phenomena. In 2014, the situation looks diffe

Recovering Evidence from SSD Drives: Understanding TRIM, Garbage Collection, and Exclusions

October 15, 2014 8:47 am | by Yuri Gubanov and Oleg Afonin | Belkasoft | Comments

In 2012 we published an article called “Why SSD Drives Destroy Court Evidence, and What Can Be Done About It,” back then SSD self-corrosion, TRIM, and garbage collection were little known and poorly understood phenomena. In 2014, the situation looks different. We now know things about SSD drives that allow forensic specialists to obtain information from them despite the obstacles. 

TOPICS:

String-Centered Analysis Techniques

October 10, 2014 8:27 am | by Michael Barr | Comments

A surprisingly powerful and less costly binary analysis technique, which does not require reverse engineering, is a review of the character strings contained in the executable. These strings might include, in an ATM machine, words like “Please enter your 4-digit PIN."

TOPICS:
Malware is an important consideration for examiners working on traditional computer forensic cases. Malware can add complexity to a case, but in some instances, it actually can help investigators. Like any other piece of data, malware can be used as a clu

Understanding Malware

October 8, 2014 9:19 am | by Cindy Murphy | SANS Institute | Comments

Malware is an important consideration for examiners working on traditional computer forensic cases. Malware can add complexity to a case, but in some instances, it actually can help investigators. Like any other piece of data, malware can be used as a clue within a forensic examination.

TOPICS:
The United States Supreme Court’s ruling in Riley v. US may not have been much of a surprise to American law enforcement. Many agencies were already requiring officers to obtain search warrants before searching mobile devices. Ultimately, rather than limi

Mobile Device Search and Seizure in a Post-Riley World

October 1, 2014 8:26 am | by Christa Miller | Cellebrite USA, Inc. | Comments

The United States Supreme Court’s ruling in Riley v. US may not have been much of a surprise to American law enforcement. Many agencies were already requiring officers to obtain search warrants before searching mobile devices. Ultimately, rather than limiting law enforcement, the Riley decision frees agencies to deploy mobile data extraction capabilities across a much wider field of officers.

TOPICS:

Should You Say "I Don’t Know" on the Witness Stand?

September 26, 2014 8:17 am | by Elaine M. Pagliaro | Comments

It goes without saying that the expert will understand the scientific basis of the testing that was done. However, even the most educated and experienced persons have gaps in their knowledge and experience. In most cases, what you don’t know will have no effect on the outcome of a trial.

TOPICS:
Often an examiner will analyze all the digital media only to determine that the probative data was limited to a browser’s history file, an e-mail, a document, the mobile devices’ logs, or an inappropriate graphic video or picture. Finding the critical pro

Streamlining the Digital Forensic Workflow: Part 2

September 24, 2014 8:58 am | by John J. Barbara | Digital Forensics Consulting, LLC | Comments

Often an examiner will analyze all the digital media only to determine that the probative data was limited to a browser’s history file, an e-mail, a document, the mobile devices’ logs, or an inappropriate graphic video or picture. Finding the critical probative data faster in a cost effective manner while reducing or eliminating case backlogs is going to require a more efficient methodology.

TOPICS:

Legal Aspects and Tool Reliability

September 23, 2014 8:13 am | by Gary C. Kessler and Matt Fasulo | Comments

Because of the newness of network forensic activity, network examiners are often left to use existing and emerging tools that have not yet faced the challenge of being proven valid in court. In some respects, the presentation phase of a digital investigation is the most critical; regardless of what has been found, it is worthless if the information cannot be convincingly conveyed to a judge and jury.

TOPICS:

Pages

X
You may login with either your assigned username or your e-mail address.
The password field is case sensitive.
Loading