± Forensic Focus Partners
± Your Account
|New Today: 5||Overall: 33319|
|New Yesterday: 8||Visitors: 267|
± Latest Jobs
± Latest Articles
± Latest Webinars
ReviewsBack to top Back to main Skip to menu
Here’s two things you can be sure of; hard drives will constantly increase in capacity and the requirement to finish the job as soon as possible at minimum cost will be an ever present. So any device which may result in being able to complete our tasks quicker has got to be worth a closer look. Creating forensic images is the foundation of our work, but let’s face it, is pretty boring and even worse, dependent on where it’s being done, can be actively hostile. Happily, there’ve been some recent developments in the field of imaging, with the all-in-one devices of the Image MASSter Solo 4 Forensic and the Logicube Forensic Dossier being released, and on the software side Tableau’s and Guidance’s latest imaging software have been launched, both taking advantage of multi-core processors to help expedite the imaging process. more ...
A photos-only application can be a very handy part of a digital forensic examiner's “toolkit.” Many cases revolve around recovered images, whether the matter is criminal, civil or domestic. Adroit Photo Forensics from Digital Assembly (Brooklyn, NY, USA) has been created as just such a tool. The current version, 1.003, of Adroit Photo Forensics was released commercially in September 2009. Full disclosure: I was one of the testers of the first few beta versions, but have no financial interest in the company or their products, other than receiving a copy for evaluation purposes. more ...
Advanced Live Forensics & RAM Analysis Training
Worcester University, UK, Oct 20th - 22nd 2009
Course run by Nick Furneaux, CSI Tech.
Perhaps the biggest changes and advances in computer forensics over the last few years have come from the collection and subsequent analysis of volatile data from running systems. Look back just 3 years ago or so and you’ll see a profession where the widely accepted view was that if you were to find your target computer on, you’d pull the power. The turnaround in approach is such that to take that approach now could even be considered negligent; for by pulling the power before you’ve collected the volatile data you’re quite likely to be destroying a whole mass of incredibly useful data. more ...
Helix 3 Enterprise (H3E) is e-fense’s flagship investigation suite pitched at a similar level as EnCase Enterprise or Access Data Enterprise. It’s aimed at organisations which need to be able to carry out incident response, forensics and e-discovery functions over networks. H3E facilitates centralised incident response, imaging of drives and volatile data and also enables scans and searches of a user’s internet history and documents on any computer which has had the H3E Agent pre-installed on it. The integrity of data in transit and within the H3E database is ensured through 256-bit AES encryption. more ...
Digital evidence needs to come from somewhere, right? It doesn’t appear, “forensically sound”, from out of the blue. And the phrase “forensically sound” is key – the evidence needs to be acquired in a manner that ensures that the process doesn’t modify the evidence in any manner. There are exceptions to this – cell phones and live acquisitions come to mind – but even then, the process should be minimally invasive.
The key to this acquisition process is the ubiquitous write blocker, probably the most important tool in any acquisition kit. A write blocker was my first forensics hardware purchase and I keep my collection of write blockers up to date religiously. more ...