Windows 7 Registry Forensics: Part 3
A typical Windows 7 Registry consists of at least five Hives, each of which performs a different function.
Top 5 Articles of 2011
Before we turn our attention to the New Year, let’s take a moment to reflect on the top five articles of 2011.
Validating Proprietary Digital Forensic Tools: A Case for Open Source
Open source forensic tools may not be easy to work with, but can save a lot of grief down the road when used to validate results from proprietary tools.
Managing Expectations in Digital Forensics
Explaining what went wrong in an unsuccessful investigation requires consideration and professionalism.
Can Your Digital Images Withstand A Court Challenge?
While the transition from film to digital happened with little fanfare, the vastly different steps, processes, limitations, and vulnerabilities involved when creating a digital photograph hasn’t been widely recognized.
Windows 7 Registry Forensics: Part 2
Many forensic examiners are not familiar with the Registry or its forensic importance. One way to gain first-hand knowledge is to explore the Registry on a live, non-forensic computer.
Cyberstalking and Law Enforcement: Part 2
A step by step guide to handling a cyberstalking investigation.
Cyberstalking and Law Enforcement: Part 1
Understanding the crime of cyberstalking will provide law enforcement with tools to serve their community in the new communication age.
Rapid Cyber Attack Response: Three Days Make All the Difference
To reduce the impact of cyber attacks, today’s organizations must be prepared for a rapid incident response to minimize damage to IT systems and maximize the amount of information they can learn about the attack.
iTunes Forensic Analysis: Part 2
The digital forensic community is receiving more criminal cases involving iTunes and other programs that support the Digital Audio Access Protocol where video files of suspected child pornography are shared across a local network. This article highlights investigations into these systems.
iTunes Forensic Analysis
A Practitioner’s Guide to locating fruits of a crime when explicit files are shared on a local network.
Windows 7 Registry Forensics: Part 1
While the Windows Registry is forensically important, frequently it is not captured during the triage of a live system. Similarly, it is often overlooked during post-mortem examinations.
Quicken: Deleted Data Has Hidden Traces
Quicken does not remove all data for an account upon account deletion. Instead, fragments of deleted data remain hidden though not obviously visible. This data can be retrieved and reviewed.
Mutual Benefits: A University Joins Law Enforcement to Create Digital Lab
The Officer David M. Petzold Digital Forensics Laboratory opened on March 24, 2011. This unique collaboration between a university and law enforcement made an otherwise cost-prohibitive project possible.
The Forensic Significance of Handwriting Biometrics
Now that pen and paper are being replaced by computers and software, one would think that the handwriting expert (AKA Forensic Document Examiner) would lose his place in the world of forensics. Enter the digital signature pad…
Book Review: The Software IP Detective’s Handbook
Software IP Detective’s Handbook by Bob Zeidman provides excellent background information regarding intellectual property, copyrights, patents, and trade secrets as they relate to software, its development, and its ownership.
Memory Forensics: Where to Start
Have you ever received an image of RAM as part of a forensic case, but didn't really know where to begin in the analysis process? This article talks about the different artifacts that can be found when conducting RAM analysis and the process one could follow to conduct the analysis.
Scoping an Intrusion
The objective of this article is to illustrate all the different types of digital data that should be collected when searching a crime scene or the location of a computer intrusion. Each crime scene or intrusion is different and will pose different challenges.
Enhancing Investigations with GPS Evidence
The value of collecting evidence from GPS devices has been well established over the last several years. Most investigators think in terms of being able to obtain GPS evidence in the form of the “breadcrumb trail” known as trackpoints, but much more data is available from these devices.
Handling Search and Seizure Issues in Digital Evidence
The collection of digital evidence in criminal cases is governed at the Federal and State levels by numerous constitutional and statutory provisions, including statutes that regulate the communications and computer industries and that directly govern the gathering and use of digital evidence.
Validation of Forensic Tools and Software: A Quick Guide for the Digital Forensic Examiner
This article will attempt to outline the issues faced when drafting tool and software validations, the legal standards that should be followed when drafting validations, and a quick overview of what should be included in every validation.
The 2-Year Digital Forensics Degree
A look at how community colleges fit in the ever-expanding field of digital forensics education.
Decoding Prefetch Files for Forensic Purposes: Part 2
Examining the contents of the prefetch directory can provide a storyline of activity on a computer system because the prefetch file captures the activity of applications that were first or subsequently executed.
Decoding Prefetch Files for Forensic Purposes: Part 1
The purpose of this article is to explore the many different forensic artifacts that can be discovered from Windows prefetch files.
Architectural and Engineering Design Requirements for a Digital Forensic Facility
A fully equipped digital forensics laboratory contains numerous specialty spaces, each with its own unique and specific architectural/engineering design issues that must be addressed.