Recent Posts Tagged With 'forensics'

• Digital Forensics Framework - A Perspective Forensics Tool

  Posted on Saturday November 7th, 2009 at 16:59 in information security, forensics

  After Helix Forensic went commercial, the open source Computer Forensics is missing a tool that integrates required forensic techniques as well as Helix did.The toolA group which calls themselves ArxSys have developed a Python based Forensic Analysis...

• Scalpel - File Carving from Partially Wiped Evidence Disk

  Posted on Sunday January 11th, 2009 at 07:30 in how to, computer security, information security, forensics

  On the previous article on proper information disposal, a visitor suggested that Darik's Boot and Nuke (DBAN) can be used for emergency evidence destruction. While it is quite correct, DBAN takes time to finish. So, what evidence can be recovered fro...

• New Helix3 Forensic CD - Welcome

  Posted on Sunday November 9th, 2008 at 14:56 in computer security, information security, forensics

  E-fense has published a new version of their acclaimed Helix Forensic Live CD. It is now in version 2.0. Here are the first impressions of the new version.Just as the old version, the new one contains two major componentsA LiveCD (Based on Ubuntu) - ...

• Thrown in the Fire - Database Corruption Investigation

  Posted on Thursday September 18th, 2008 at 10:33 in information security, forensics, incident management

  Analyzing an incident when the manufacturer claims that it's an operator error and the operator claims that it is an application error is one of the most daunting tasks of a security officer.And this is a type of incident that the security officer wi...

• Competition Results - Computer Forensic Investigation

  Posted on Friday August 22nd, 2008 at 05:48 in competition, forensics, penetration testing

  The Computer Forensic Investigation Competition is closed, and here are the resultsWhat was there to be found:Tshark sniffer - part of the wireshark suite in /moodle/enrol/paypal/dbNetCat tool for backdoor creation - renamed as MyTool.exe - in /moodl...

• Competition - Computer Forensic Investigation

  Posted on Tuesday July 22nd, 2008 at 13:02 in competition, forensics, penetration testing

  Shortinfosec is hosting a computer forensics competition.In the competition, you will have to analyze a submitted disk image for incriminating evidence, as per the scenario belowScenarioThe investigators suspect that the employee was doing the follow...

• Tutorial - Mail Header Analysis for Spoof Protection

  Posted on Friday July 18th, 2008 at 06:07 in information security, forensics

  In the age where a huge percentage of all attacks are done through e-mail, very few of us know how to analyze where this e-mail was sent from. This analysis must go beyond the sender e-mail displayed in your e-mail client (which are easily spoofed). ...

• Tutorial - Computer Forensics Evidence Collection

  Posted on Friday July 18th, 2008 at 05:06 in computer security, information security, forensics

  Following up on the Tutorial - Computer Forensics Process for Beginners , here is a step-by-step tutorial on how to process a suspect computer to obtain dumps of RAM memory and Disk Drive using Helix Forensic CD.Our suspect computer is a Windows XP V...

• Tutorial - Computer Forensics Process for Begginners

  Posted on Thursday July 17th, 2008 at 01:06 in computer security, forensics, incident management

  Computer forensics is currently a very popular term, and a lot of conferences are organized and books written on the subject. This, together with the popularity of the CSI series, brings an aura of certain very special, even magical steps that forens...