Blog Posts Tagged with "Forensics"

B64e021126c832bb29ec9fa988155eaf

Memory Forensics: Pull Process and Network Connections from a Memory Dump

November 23, 2011 Added by:Dan Dieterle

From the output of the command, we see the physical memory location, process name and the PID number of all processes that were running. This helps deduce if something was running that should not have been and allows you to view programs that may be running under the process...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Memory Forensics: How to Pull Passwords from a Memory Dump

November 13, 2011 Added by:Dan Dieterle

We now have a list of where several key items are located in the memory dump. Next, we will extract the password hashes from the memory dump. To do this we need to know the starting memory locations for the system and same keys...

Comments  (0)

Bdcd1324539ec513ff7c10014b9668b6

Registry Analysis with Reglookup

November 10, 2011 Added by:Andrew Case

This tool recovers deleted entries within registry hives, then reports them in a CSV format similar to reglookup. This capability has fairly obvious applications in forensics investigations, and investigators should consider adding reglookup-recover usage to their forensics process...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Memory Forensics: How to Capture Memory for Analysis

November 10, 2011 Added by:Dan Dieterle

Analysts use memory dumps to analyze malicious software. Once you have the memory dump, you can perform some very interesting analysis on it, like viewing what processes and programs were running on the machine, and what network connections the system had. You can even pull passwords from them...

Comments  (2)

69dafe8b58066478aea48f3d0f384820

NYSBA Releases E-Discovery Best Practices Guidelines

November 04, 2011 Added by:Headlines

The guidelines are organized in a systematic fashion covering topics applicable to electronically stored information before, during and after e-discovery has occurred and includes coverage of legal holds, adequate preservation, investigations, duty to preserve, inadvertent alteration...

Comments  (0)

Bdcd1324539ec513ff7c10014b9668b6

Open Source Registry Decoder 1.1 Tool Released

November 02, 2011 Added by:Andrew Case

We are announcing the release of Registry Decoder 1.1, a free and open source tool. We are reaching out to practitioners and research groups (professional and academic) in an attempt to proliferate Registry Decoder. We would appreciate any plugins contributed from these communities...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

File Forensics: Unzipping Word Docs to See XML Source

October 16, 2011 Added by:Dan Dieterle

Run the Docx file through an unzip program and you can see several files and folders full of XML data. You will also find information that could be very useful for forensics, including file revision, creation and modify dates, document creator and the person one to modify the document...

Comments  (1)

3e35900ae6facc6c146a85c435c71d82

Digital Evidence and Computer Crime

September 28, 2011 Added by:Ben Rothke

When it comes to digital crime, the evidence is often at the byte level, deep in the magnetics of digital media, invisible to the human eye. That is just one of the challenges of digital forensics, where it is easy to destroy crucial evidence and often difficult to preserve it correctly...

Comments  (0)

C6dd57cb9806eadc9f7915a90d91aa92

Forensics for Network, Internet, and Cloud Computing

September 06, 2011 Added by:Tony Campbell

A number of chapters had a very long and complete reference section, while a few chapters had no reference section at all, yet it was obvious that they required a reference section. And poor screenshots and lack of references seems like laziness on behalf of the author and publisher...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

EFF Releases 'Know Your Digital Rights' Guide

June 28, 2011 Added by:Headlines

"Sometimes police can search your computer whether you like it or not, but sometimes they can't. We wrote this guide to help you tell the difference and to empower you to assert your rights when the police come knocking..."

Comments  (0)

F29746c6cb299c1755e4087e6126a816

Understanding Network Forensics Makes Security Smarter

June 05, 2011 Added by:Kelly Colgan

Recovering successfully from a breach is definitely something to shoot for. But nothing makes executives smile, or helps build back customer confidence, more then putting the bad guys behind bars. It makes for good news headlines. Plan for it...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Osama Bin Laden's Computer Files and Data Encryption

May 06, 2011 Added by:Headlines

"Correctly implemented encryption is very difficult to break. If data is encrypted correctly using good, best practices, I'm not aware of the ability to break that encryption. If correctly implemented and done by someone who understands how to do it, it's a huge, huge challenge..."

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Log Forensics and “Original” Events

April 03, 2011 Added by:Anton Chuvakin

Since the early days of my involvement in SIEM and log management, this question generated a lot of delusions and just sheer idiocy. A lot of people spout stuff like “you need original logs in court” without having any knowledge about forensics in general. So, what is an “original” event?

Comments  (0)

7e6249b5c7f6b63c28587c820b16edcb

Solid-State Disk Behavior Underlying Digital Forensics

March 06, 2011 Added by:Robert Gezelter

What was a previously a simple matter of running a recovery utility against a disk with corrupted structures may now involve multiple actors, all of which are operating with no mechanisms for synchronization. The possible risks may invalidate sound operating procedures, leading to data loss...

Comments  (0)

7e6249b5c7f6b63c28587c820b16edcb

Electronic Discovery and Digital Forensics: The Applications Front

February 28, 2011 Added by:Robert Gezelter

Attorneys and Information Technologists need to cooperate to identify relevant data and ensure that both the raw data and the technological context needed to understand data files is preserved to protect all interests, both actual parties and otherwise non-involved third parties...

Comments  (0)

7e6249b5c7f6b63c28587c820b16edcb

Digital Forensics and E-Discovery on OpenVMS

February 21, 2011 Added by:Robert Gezelter

OpenVMS system managers need to develop the plans, processes, and procedures to respond to legal process requests. Correctly dealing with these requests minimizes the impact on production systems. Failure to address these situations can expose the organization to significant liability...

Comments  (0)

Page « < 1 - 2 - 3 - 4 > »