Computer Forensics
SUBSCRIBE TO FREE
DFI News EMAIL NEWSLETTER
Retrieving Digital Evidence: Methods, Techniques, and Issues: Part 3
June 5, 2012 8:00 pm | Articles | CommentsMethods and techniques for extracting evidence out of the original PC and into the hands of a forensic investigator.
Covered-Writing Then and Now
May 30, 2012 1:47 pm | by Chet Hosmer | Articles | CommentsThe underlying technology has changed since 400 B.C., but covered writing is alive and well. Unfortunately, modern sentries are as overwhelmed, and possibly as oblivious, as they were then.
Windows 7 Registry Forensics: Intrusion Related Activities
May 30, 2012 1:42 pm | by John J. Barbara | Articles | CommentsTwo possible situations arise when forensically examining a system for evidence of an intrusion: performing live incident response and/or conducting a post mortem examination of hard drives
Retrieving Digital Evidence Methods, Techniques, and Issues
May 30, 2012 1:40 pm | by Yuri Gubanov | Articles | CommentsMost digital activities leave definite traces, allowing investigators to obtain essential evidence, solve criminal cases, and prevent crimes.
Report Writing Guidelines
May 30, 2012 1:22 pm | by Melia Kelley | Articles | CommentsDespite its importance, report writing meets with a lot of ambivalence, and even antipathy, in our industry.
Book Review: Windows Forensic Analysis Toolkit
May 29, 2012 8:00 pm | by John J. Barbara | Articles | CommentsWindows Forensic Analysis Toolkit by Harlan Carvey provides the reader with an in-depth understanding of the Digital Forensic analysis of Windows 7 systems.
Windows 7 Registry Forensics: Part 6
May 22, 2012 8:00 pm | by John J. Barbara | Articles | CommentsRegistry Keys track each mounted volume and assigned drive letter used by the NTFS file system. Information concerning any external devices that had previously been attached to the system will be recorded in certain Registry Keys.
Book Review: The Basics of Digital Forensics
May 15, 2012 8:00 pm | by John J. Barbara | Articles | CommentsThis book should be considered a must-read for anyone who wants to pursue a career in digital forensics and a must-have for those examiners already working in the discipline.
Evidence Acquisition
April 24, 2012 8:00 pm | Articles | CommentsDigital evidence, by its very nature, is fragile and can be altered, damaged, or destroyed by improper handling or examination. For these reasons special precautions should be taken to preserve this type of evidence.
Windows 7 Registry Forensics: Part 5
April 10, 2012 1:32 pm | by John J. Barbara | Articles | CommentsGenerally, any user activity leaves some type of artifact somewhere. Depending on the type of activity, the artifacts can be of enormous forensic importance.
Windows 7 Registry Forensics: Part 4
April 3, 2012 8:00 pm | by John J. Barbara | Articles | CommentsThere are thousands of Keys in the Registry. Many of the forensically important Keys can be grouped into several broad categories based upon what potential probative information they may provide.
Protocol Data Hiding
March 6, 2012 11:32 am | by Chet Hosmer | Articles | CommentsVulnerabilities in the Transmission Control Protocol (TCP) present a very simple and straight-forward method for hiding data in the TCP initial handshake sequence. From an investigative perspective, analyzing the protocol requires a network protocol analyzer or sniffer.
ISO/IEC 17025:2005 Accreditation of the Digital Forensics Discipline
February 23, 2012 12:59 pm | by John J. Barbara | Articles | CommentsThe importance of accurate, technically competent, and valid examination results cannot be understated. Laboratory accreditation can provide a standard which can ensure confidence in the results obtained from the examination of digital evidence.
The Future of Steganography
February 23, 2012 12:57 pm | by Chet Hosmer | Articles | CommentsOur ability to discover hidden information during our investigations is vital, especially as new and innovative methods continue to evolve.
The Digital Forensics Cyber Exchange Principle
February 23, 2012 12:47 pm | by Ken ZatykoDr. John Bay | Articles | CommentsIts application to cyber crime brings a new and exciting dimension to the famous Locard Exchange Principle.
Windows 7 Registry Forensics: Part 3
January 11, 2012 6:12 am | by John J. Barbara | Articles | CommentsA typical Windows 7 Registry consists of at least five Hives, each of which performs a different function.
Top 5 Articles of 2011
January 5, 2012 7:16 am | Articles | CommentsBefore we turn our attention to the New Year, let’s take a moment to reflect on the top five articles of 2011.
Validating Proprietary Digital Forensic Tools: A Case for Open Source
December 13, 2011 8:24 am | by Cory AltheideChrista M. Miller | Articles | CommentsOpen source forensic tools may not be easy to work with, but can save a lot of grief down the road when used to validate results from proprietary tools.
Managing Expectations in Digital Forensics
December 6, 2011 6:11 am | by Bryce Davis | Articles | CommentsExplaining what went wrong in an unsuccessful investigation requires consideration and professionalism.
Can Your Digital Images Withstand A Court Challenge?
October 25, 2011 5:53 am | by D. Eric Johnson, CEPClaire W. White | Articles | CommentsWhile the transition from film to digital happened with little fanfare, the vastly different steps, processes, limitations, and vulnerabilities involved when creating a digital photograph hasn’t been widely recognized.
Windows 7 Registry Forensics: Part 2
October 19, 2011 8:01 am | by John J. Barbara | Articles | CommentsMany forensic examiners are not familiar with the Registry or its forensic importance. One way to gain first-hand knowledge is to explore the Registry on a live, non-forensic computer.
Cyberstalking and Law Enforcement: Part 2
October 12, 2011 5:29 am | by J. A. Hitchcock | Articles | CommentsA step by step guide to handling a cyberstalking investigation.
Cyberstalking and Law Enforcement: Part 1
October 5, 2011 9:01 am | by J. A. Hitchcock | Articles | CommentsUnderstanding the crime of cyberstalking will provide law enforcement with tools to serve their community in the new communication age.
Rapid Cyber Attack Response: Three Days Make All the Difference
September 28, 2011 9:18 am | by Garry Byers | Articles | CommentsTo reduce the impact of cyber attacks, today’s organizations must be prepared for a rapid incident response to minimize damage to IT systems and maximize the amount of information they can learn about the attack.
iTunes Forensic Analysis: Part 2
September 21, 2011 10:44 am | by Paul B. Ciaccio | Articles | CommentsThe digital forensic community is receiving more criminal cases involving iTunes and other programs that support the Digital Audio Access Protocol where video files of suspected child pornography are shared across a local network. This article highlights investigations into these systems.
