Feed on
Posts
Comments

Category Archive for 'Computer Forensics'

It is all about time

I have made several Computer Forensics at companies and I often wonder why timesync in the domain seldom works or is not implemented alltogether. Apart from technical issues with Kerberos and such there is also a big problem when doing investigations if the clock on the client do not match the clock on the servers. […]

Read Full Post »

Microsoft Forensics

Today I hade the great opportunity to have a very long talk with one of Microsofts malware investigators regarding how they work and what kind of routines they have. Sadly I am not allowed to say anything about the details but what I can say is that they have a very, very deep knowledge of […]

Read Full Post »

I frequently follow a blog at ITToolBox named “A day in the life of a security investigator”. His latest blog entry discussed the top ten errors that investigators often do. If you ever think of starting out in this business you should know these by heart. You could find them here: http://blogs.ittoolbox.com/security/investigator/archives/top-ten-investigative-booboos-14576

Read Full Post »

Vacation photos

When doing Computer Forensics it is uninvitable that you sooner or later will come across a computer where a person full life is stored in pictures, letters and so forth. That is the time you realise what is tough in this line of business. It is not finding a way around an encrypted file or […]

Read Full Post »

Even if encryption is a very good tool for protecting data it do tend to come in the way when doing Computer Forensics. Pointsec gladly has a way to login in so that you could read the harddrive decrypted without booting the operatingsystem. By pressing CTRL+F9 when you see the logon to Pointsec and then […]

Read Full Post »

When I do Computer Forensics one of the largest problems is to find all the needed information. Most of the time we have to recreate this from different sources if it is at all possible to do. With this little casestudy I will try to give the basic setup for what is needed to have a good […]

Read Full Post »

Importance of logging

When I look inside a computer I find a lot of stuff that could prove as evidence in several cases but sometime the evidence in it self is not enough. In some cases we want to find where the information came from, what connections existed on the computer when it was active or how an […]

Read Full Post »

In swedish newspapers there have been a prolonged discussion regarding young girls beeing harassed or threatend to be harassed if they do not do guys homework, do this or that on a party or whatever the culprit is after. Sadly the reaction has been way to mild and possibly this is due to little or […]

Read Full Post »

Some tools

Every investigator needs access to several tools. One of the most important is you investigationapplication, for example Encase. In this you´ll do the mainpart of your analysis and there you´ll find deleted files, encrypted files, check timestamps, views pictures and so forth. Every investigation will generate a lot fo files that you need to examine further […]

Read Full Post »

What is Computer Forensics?

Computer Forensics (CF) is the art of securing evidence in an computer to be able to give answers when an incident happens. Depending on the case different kinds of computers and devices has to be copied to the investigation.  Note the word copied. To make sure that all information is available, that an investigation in any […]

Read Full Post »

« Prev