Computer Forensics
Subscribe to Computer Forensics

The Lead

Computer Forensics Reveal Murderous Searches

July 21, 2014 9:04 am | by Andy Kravetz, Journal Star | News | Comments

Although they don’t have an eyewitness or the actual murder weapon, Peoria County, Illinois prosecutors believe they have the next best thing — a series of Internet searches on Nathan Leuthold’s computer about ways to kill someone.     

Computer Forensics with P2 Commander

July 18, 2014 9:42 am | by Pranshu Bajpai, Infosec Institute | News | Comments

Computer Forensics is the methodical series of procedures and techniques used for procuring...

Live Response vs. Traditional Forensics

July 18, 2014 8:03 am | by Editor | Blogs | Comments

The term live response is being heard more and more frequently but what exactly is it and how...

Approximate Matching Helps Digital Forensics Find Similar Artifacts

July 17, 2014 8:32 am | by Kim Mays, IT Business Edge | News | Comments

According to the National Institute of Standards and Technology, approximate matching is a...

View Sample


US GAO Report Highlights Incident Response Shortcomings

July 16, 2014 3:23 pm | by Richard Bejtlich | Blogs | Comments

The US Government Accountability Office compared documented incident response actions to requirements set by the Federal Information Security Management Act of 2002 (FISMA) and National Institute of Standards and Technology (NIST) Special Publication 800-61, Computer Security Incident Handling Guide. The results were surprising.

Digital Crime-fighters Face Technical Challenges with Cloud Computing

July 15, 2014 3:55 pm | by NIST | News | Comments

The National Institute of Standards and Technology has issued for public review and comment a draft report summarizing 65 challenges that cloud computing poses to forensics investigators who uncover, gather, examine and interpret digital evidence to help solve crimes.

From China with Love?

July 15, 2014 9:52 am | by Ken Pryor | Blogs | Comments

Linux forensics/incident response is a new thing for me. I've never had occasion thus far to conduct a "real" investigation into a Linux machine. This "intrusion" into my honeypot inspired me to conduct my own attack and investigation so I could learn more about the subject.


Internet Examiner Toolkit 4

July 15, 2014 8:19 am | SiQuest Corporation | Product Releases | Comments

SiQuest Corporation has launched Internet Examiner Toolkit Version 4 (IXTK v4), a 3-in-1 tool for recovery and analysis of Internet-based evidence.

Beware Keyloggers at Hotel Business Centers

July 14, 2014 11:12 am | by Editor | Blogs | Comments

U.S. Secret Service is advising the hospitality industry to inspect computers made available to guests in hotel business centers, warning that crooks have been compromising hotel business center PCs with keystroke-logging malware in a bid to steal personal and financial data from guests.

Linkz for SIEM

July 14, 2014 9:52 am | by Corey Harrell | Blogs | Comments

Security information and event management (SIEM) has been an area where I have spent considerable time researching. My research started out as curiosity to see if the technology could solve some problems then continued to get organization buy-in followed by going all in to architect, implement, and manage a SIEM for my organization.

Flasher Box or No Flasher Box?

July 11, 2014 9:27 am | Articles | Comments

Let’s be very clear before we go down the flasher box path, there is no replacement or substitute for the automated forensic tools produced by mobile forensic manufacturers. Unfortunately, with growing consumer demand for newer and more technologically advanced mobile phones, these automated and safe solutions do not meet some investigative requirements.

Random Stuff

July 10, 2014 8:57 am | by Harlan Carvey | Blogs | Comments

There are a lot of folks with different skill sets and specialties involved in targeted threat analysis and threat intel collection and dissemination. There are a lot of researchers with specific skill sets in network traffic analysis, malware reverse engineering, etc.


DFI Software Helps Croatian Police Solve International Child Abuse Case

July 9, 2014 3:09 pm | Belkasoft | News | Comments

Digital forensic investigation software was used by Croatian Police to prosecute an international case involving exploitation of children for pornography. During this case, Croatian Police used Belkasoft Evidence Center to extract and analyze information from suspects' computers, memory dumps and hard drive images.

Data Storage Issues: Part 3

July 9, 2014 8:53 am | by John J. Barbara | Digital Forensics Consulting, LLC | Articles | Comments

The incredible amount of data being produced by individuals, industries, and governments continues to increase yearly along with the demand for greater archival storage capacities. Alternative storage technologies are already under development and they may eventually replace the conventional HDD for data storage.

Windows Forensic Environment Training Course Review

July 7, 2014 10:33 am | by Ken Pryor | Blogs | Comments

As I mentioned in my last post, Brett Shavers is offering a free course on the Windows Forensic Environment (WinFE). The Windows Forensic Environment course covers the history, building and usage of WinFE. The course consists of 30 modules, including 27 video lessons, a wrap-up video, a qualification exam and a course downloads page.

Phishing Scam Targets US Marshals Service Bitcoin Auction List

July 7, 2014 10:10 am | News | Comments

Individuals on the recipients list of the leaked US Marshals Service email to Silk Road auction enquirers are being targeted in a phishing attack, and at least one individual has fallen for the scam. Several individuals on the list received phishing emails from the same source. However, not all the individuals on the leaked email recipients list were targeted.

The Frontier of Cloud Forensics

July 1, 2014 11:23 am | by William Jackson, GCN | News | Comments

Cloud computing helps to make data more accessible, but the same technologies that make it readily available — on-demand provisioning, reprovisioning and virtual environments — also can obscure it. This is creating new challenges for digital forensics, complicating incident response and criminal and civil investigations into incidents and data in the cloud.


California Authorities Arrest 275 Child Predators

June 30, 2014 10:05 am | by Tami Abdollah, Associated Press | News | Comments

A monthlong national effort to capture sex predators led to 275 arrests in Southern California that included a teaching assistant for special needs kids, a retired sheriff's deputy and a U.S. Army soldier. The effort dubbed "Operation Broken Heart" involved dozens of local, state and federal authorities throughout the month of May who targeted sex offenders, child sex traffickers, pimps, child porn traders and sex tourists traveling abroad.

In many ways preparation is key to success.

Improving Your Malware Forensics Skills

June 26, 2014 12:27 pm | by Corey Harrell | Blogs | Comments

In many ways preparation is key to success. Preparation is a significant factor to one's success in the Digital Forensic and Incident Response field. This applies to the entire field and not just malware forensics. When you are confronted with a system potentially impacted with malware your ability to investigate the system successfully depends on your knowledge, experience, and toolset.

Mobile Data Drives a Big Data World

June 25, 2014 8:27 am | by Lee Reiber | AccessData Group | Articles | Comments

Today’s world is becoming more and more mobile every day. In fact, 91% of all people own a mobile device and 56% own some type of smart device. It is no surprise that today there are more mobile devices on the earth than there are people! Equally impressive is that the amount of data we consume is becoming increasingly focused on mobile devices.

Nuix has appointed experienced digital forensics investigator Chris Pogue as Senior Vice President for Cyber Threat Analysis.

Nuix Appoints Digital Forensics and Incident Response Expert

June 24, 2014 4:36 pm | Nuix | News | Comments

Nuix has appointed experienced digital forensics investigator Chris Pogue as Senior Vice President for Cyber Threat Analysis. Pogue brings experience with Trustwave SpiderLabs, the IBM/ISS X-Force incident response and ethical hacking teams and the US Army Signal Corps to Nuix’s growing cybersecurity team.

 valuable Windows operating system artifacts that will help investigators gain insight into details about a system and its users.

Finding and Analyzing Windows System Artifacts with IEF

June 24, 2014 12:07 pm | by Jamie McQuaid | Blogs | Comments

New with the Business and OS artifacts module in Internet Evidence Finder (IEF) v6.4, we have added a number of valuable Windows operating system artifacts that will help investigators gain insight into details about a system and its users.   

Fight Over Child Porn Evidence Pits Prosecutors Against Former Detective

June 23, 2014 9:20 am | News | Comments

The four words float through a messy criminal case, two contentious lawsuits and multiple appeals to the Washington State Supreme Court filed over the past three years. “We can’t see her.” The four words refer to an ugly photo: one frame in an infamous series of child pornography images, familiar to those who collect them like baseball cards.

Moscow-based Elcomsoft has developed a tool to collect iCloud backup files without knowing a person's Apple ID, a development intended to help law enforcement analyze seized computers.

Forensic Tool Snags iCloud Backups without Apple ID

June 19, 2014 12:11 pm | by Jeremy Kirk, InfoWorld | ElcomSoft Co., Ltd. | News | Comments

Moscow-based Elcomsoft has developed a tool to collect iCloud backup files without knowing a person's Apple ID, a development intended to help law enforcement analyze seized computers.                   

Keeping Track of Time in Cyber-Physical Systems

June 16, 2014 10:04 am | by The National Science Foundation | News | Comments

The National Science Foundation (NSF) has announced a five-year, $4 million award to tackle the challenge of synchronizing time in cyber-physical systems (CPS) — systems that integrate sensing, computation, control and networking into physical objects and infrastructure.

Evidence Encryption in the Post-TrueCrypt Era

June 16, 2014 9:15 am | by Editor | Blogs | Comments

TrueCrypt has been a double-edged sword for digital investigators. On one edge, TrueCrypt's wide availability means it has been used to hide data from the eyes of investigators. Full disk, container, and hidden container encryption have created "game over" situations for investigators for years. 

Digital Forensics Using Kali

June 16, 2014 9:10 am | by Editor | Blogs | Comments

I'll try to develop this series in a logical and sequential manner that a forensic investigator would follow. I will also include units in here on anti-forensics, or ways you can stymie the forensic investigator.           

Review of Windows Forensic Analysis 4th Edition

June 16, 2014 8:38 am | by Corey Harrell | Blogs | Comments

About a month ago I finished reading Windows Forensic Analysis 4th Edition by Harlan Carvey. Due to personal obligations I was unable to post my WFA 4/e review until now. All in all the 4th edition is good update to the Windows Forensic Analysis series.

Attackers Rely on Social Engineering to Activate Macros in Malicious Office Documents

June 13, 2014 8:13 am | by Editor | Blogs | Comments

Microsoft Office documents offer a convenient way to infect systems through the use of macros. However, the attacker needs to persuade victims to enable macros after opening the booby trapped file. Social engineering is an important aspect of these attack strategies.

You may login with either your assigned username or your e-mail address.
The password field is case sensitive.