± Forensic Focus Partners
± Your Account
|New Today: 0||Overall: 33043|
|New Yesterday: 0||Visitors: 189|
± Latest Jobs
± Latest Articles
± Latest Webinars
ReviewsBack to top Back to main Skip to menu
In today's computing environment of tera-byte hard drives and encrypted file systems, the practice of 'pull the plug, image at the lab' is becoming impractical, if not risky. To address these and other challenges, live acquisition is gaining in popularity. Indeed, every digital forensics examiner should become proficient in the techniques of what has come to be the latest buzz-phrase in the industry: “field triage.”
To meet the needs of non-technical first-responders such as law-enforcement, parole officers, private investigators, etc., SubRosaSoft (subrosasoft.com/OSXSoftware/index.php) has introduced MacLockPick II, a USB stick loaded with a suite of acquisition and reporting utilities that will extract pertinent data from Apple Macintosh, Windows (XP and Vista) and Linux systems. more ...
Full disclosure - I was a speaker at PFIC.
I recently attended PFIC 2008 ( www.pfic2008.com ), hosted by Paraben. I found it to be on par with other conferences (CEIC, TechnoForensics) except it was free. Kudos to Paraben.
Their lab machines consisted of mostly Macs. They were donated, I believe, by BlackBag. They were dual boot allowing one to run either in the Mac environment or Windows environment. If you could get past the change in keyboard (which made shortcuts using CTRL or ALT difficult) and the yoga maneuver required for right clicking, they worked very well. But with that being said, I think it is good for forensic examiners to get out of their comfort zone and work with hardware and software with which they do not have a lot of experience. more ...
As a contractor who has to fund his own training (and also loses out on income for the duration of a course) I need to pick my courses carefully. Having heard many positive stories about X-Ways Forensics I had little hesitation in signing up for the five day course which recently ran in London. Monday through to Wednesday covered the application while Thursday and Friday offered an in-depth look at various file systems. To whet your appetite, the full course content can be viewed on the X-Ways’ web page .
The week’s training was delivered by the creator of X-Ways Forensics, Stefan Fleischmann, so understandably his knowledge of the application is unsurpassed. I’ve been on quite a few forensics courses over the past five years and have met and worked with many key players and Stefan’s understanding of file systems and their interaction with operating system artefacts is second to none. He lives and breathes his subject!
To set some perspective, this is not a review of the X-Ways Forensics application, but rather of the training course itself. However, for the uninitiated, X-Ways Forensics is very impressive indeed and I felt that as someone who has not previously used the tool that the course only touched on its potential. Compared to its competitors, the program is tiny, its resource requirements small and its system requirements happily far behind that demanded of a product like FTK 2. more ...