Computer Forensics
Subscribe to Computer Forensics

The Lead

Inside Europe's Digital Crime Unit

April 16, 2014 10:37 am | by Tom Brewster, the Guardian | News | Comments

Four black brick towers search upwards to an empty grey sky. Mounted security cameras watch on balefully. If it weren’t for all the cheery cyclists passing by, some with surfboards in hand, alleviating the unfaltering graveness of the place, Europol’s headquarters would strike any visitor as some post-apocalyptic Mordor.

Solid State Drives: Part 6

April 16, 2014 8:17 am | by John J. Barbara | Articles | Comments

When compared to a typical hard drive, SSDs are totally different in design and functionality...


April 14, 2014 2:34 pm | by Harlan Carvey | Blogs | Comments

Within the DFIR and threat intel communities, there has been considerable talk about "TTPs"...

Chad Tilbury Joins CrowdStrike as Technical Director

April 14, 2014 10:39 am | News | Comments

Tilbury will provide technical leadership for the services team, driving innovation to support...

View Sample


Advanced Office Password Recovery v.6.0

April 10, 2014 4:48 pm | ElcomSoft Co., Ltd. | Product Releases | Comments

Advanced Office Password Recovery has been updated with smarter attacks on strong passwords protecting Microsoft Office 2010 and 2013 document. The newly added attacks are based on models of human behavior, enabling the recovery of pseudo-random passwords with social engineering-like attacks. 

Signature Detection with CrowdResponse

April 10, 2014 3:30 pm | by Chad Tilbury | Blogs | Comments

The goal of CrowdResponse is to provide a lightweight solution for incident responders to perform signature detection and triage data collection.                             

Holding the Line

April 10, 2014 10:55 am | by Corey Harrell | Blogs | Comments

You end up having to talk to a range of people when building out an internal incident response process. It's a natural consequence because the way people did things in the past is changing and these changes will impact the way they do things going forward.


Nuix Reaches Milestone Helping Children through Room to Read

April 9, 2014 3:29 pm | by Nuix | News | Comments

Nuix has announced its philanthropic product Proof Finder has reached a new milestone, raising $150,000 for Room to Read. Room to Read is a global non-profit organization transforming the lives of children across Asia and Africa by focusing on literacy and gender equality in education.

What's Up?

April 4, 2014 5:01 pm | by Harlan Carvey | Blogs | Comments

Back when I was doing PCI exams (while a member of the IBM ISS ERS team), Visa would send us these lists which included file names (no paths) and hashes ... we had to search for them in every exam, so we did.            

Never-ending Training Cycle

April 3, 2014 11:18 am | by Editor | Blogs | Comments

It has solidified my opinion that to defeat the evil minions trying to steal our data or indeed trying to hide their own, we as a community need to be as collaborative as possible, sharing our knowledge and experience as much as we can.    

Verifying Program Behavior Using Source Code

April 2, 2014 10:30 am | by Dan Pullega | Blogs | Comments

How are Firefox profile directory names generated? To answer this question, we first have to understand which artifacts we are examining. In this case, we are dealing with Firefox profiles.                 

Search History on Windows 8 and 8.1

April 1, 2014 10:44 am | by Editor | Blogs | Comments

Windows 8 introduced a new feature of saving previously searched terms/keywords. I am refering to the Windows Search functionality which moved from the Start-menu in Windows 7 to the Charms bar in Windows 8.            


Federal Agents Pierce Tor Web-anonymity Tool

April 1, 2014 10:38 am | by Andrew Grossman, The Wall Street Journal | News | Comments

Law-enforcement agencies are increasingly finding ways to unmask users of a popular Web browser designed to hide identities and allow individuals to exist online anonymously.                     

Deadbolt Comments on MH370 Digital Investigation

April 1, 2014 10:21 am | Deadbolt Forensics LLC | News | Comments

Deadbolt Forensics has commented on the role that digital forensics has played during the investigation into the disappearance of Malaysian Airlines flight MH370.                         

The Importance of Command and Control Analysis for Incident Response

March 31, 2014 10:21 am | by Anuj Soni | Blogs | Comments

Understanding command and control (a.k.a. C2, CnC or C&C), is critical to effectively detect, analyze, and remediate malware incidents. The phrase "command and control," which has its origins in military terminology, refers to the approach an attacker uses to take command of and exercise control over a compromised system. 

Incident Response Now Shaping Security Operations

March 31, 2014 10:12 am | by Kelly Jackson Higgins, Dark Reading | News | Comments

Now that organizations and the security industry for the most part have accepted the ugly truth that breaches are inevitable and the bad guys are going to find a way to get inside, the new focus is on how you respond to an attack or attack attempt and minimize the damage.

Physical Memory Acquisition

March 28, 2014 8:15 am | by Dr. C Andras Moritz, Kristopher Carver, Jeff Gummeson | Articles | Comments

Once a password has been bypassed, an investigator has full access to the computer, allowing them to gather any evidence necessary, including the contents of the DRAM in the system. You can then use a PCI Express or ExpressCard device for memory acquisition.


Extending Burp Proxy with Extensions

March 27, 2014 10:24 am | by Chris Bush | Blogs | Comments

The world of information security is awash with tools to help security practitioners do their jobs more easily, accurately and productively. Regardless of whether you are responsible for doing PCI audits, network vulnerability assessments, enterprise risk assessments, social engineering, or what have you, there’s a tool for that. 

Coding for Digital Forensic Analysis

March 26, 2014 11:52 am | by Harlan Carvey | Blogs | Comments

Questions on the topic of coding for digital forensic analysis tend to devolve into a quasi-religious debate over the programming language used, and quite honestly, that detracts from the discussion as a whole.           

Field Acquisition & Analysis

March 26, 2014 9:03 am | MediaClone, Inc. | Product Releases | Comments

MediaClone's Computer Forensic Field Acquisition & Analysis platform SuperImager™ Rugged 12in Unit is a very useful tool for field investigators. It is compact, rugged and easy to carry and achieves amazing data acquisition speeds and powerful computation.

Hunting Shylock

March 25, 2014 8:57 am | by Albert Fruz | Blogs | Comments

The Shylock Trojan is a banking malware that exhibits rootkit characteristics. It leaves very few artifacts on the filesystem and is completely memory resident.                         

Exploring the Program Inventory Event Log

March 24, 2014 10:01 am | by Corey Harrell | Blogs | Comments

The Application Experience and Compatibility feature ensures compatibility of existing software between different versions of the Windows operating system. The implementation of this feature results in some interesting program execution artifacts that are relevant to Digital Forensic and Incident Response (DFIR).

DHS Digs Out 27,000-member Child Abuse Ring Buried on Tor

March 19, 2014 4:55 pm | by Lisa Vaas | Blogs | Comments

The US has busted a massive child abuse image ring running on the Darknet's Onion router, aka Tor.                                           

Malaysia, FBI Probing Data from Pilot's Simulator

March 19, 2014 12:49 pm | by Ian Mader, Associated Press | News | Comments

Malaysian investigators — with the help of the FBI — are trying to restore files deleted last month from the home flight simulator of the pilot aboard the missing Malaysia Airlines plane to see if they shed any light on the disappearance, officials said Wednesday.

Microsoft Forcasts Cost of Cyber Crime

March 19, 2014 11:58 am | by David Finn, Microsoft | News | Comments

A new study from Microsoft’s Digital Crimes Unit reaffirms that cyber crime is a booming business for organized crime groups all over the world.                              

Debugging Metasploit Modules with Pry-debugger

March 17, 2014 9:48 am | by Editor | Blogs | Comments

Have you ever had those times when you’re developing, updating, or when a Metasploit module throws a backtrace on ya, and you’re scratching your head asking yourself, “why me, what’s going on?"                

Autopsy 3 Digital Forensics Platform

March 17, 2014 9:04 am | Basis Technology | Product Releases | Comments

Autopsy 3 is a premier digital forensics platform that has largely been built by engineers at Basis Technology and the open source community to enable fast, thorough, and efficient hard drive investigations that can evolve with your needs.

Tackling Insider Cyber Threats Requires a Credible Digital Forensic Strategy

March 14, 2014 10:41 am | by the Guardian | News | Comments

As organizations brace themselves for another year of heightened cybersecurity threats, a risk much closer to home may pose a greater challenge.                              

Bruteforcing XOR with YARA

March 12, 2014 4:54 pm | by Editor | Blogs | Comments

I'm often asked to look at some artifact that's believed to be encoded in some fashion or hear that even if something is XOR'ed that they wouldn't know how to go about decrypting/decoding it.                 

You may login with either your assigned username or your e-mail address.
The password field is case sensitive.