Notes On Vista Forensics, Part One
While the fundamental principles of computer forensics remain largely unchallenged, the landscape upon which investigators operate is constantly changing. A combination of new technologies and changing habits of use means that forensic examiners must always strive to keep up to date with the latest developments. One of the most anticipated new product releases this year is the Microsoft operating system Windows Vista. Vista was under development for a long time with Microsoft promising a raft of new features together with major improvements to security.
Read the Article
|
Notes On Vista Forensics, Part Two
In part one of this series we looked at the different editions of Vista available and discussed the various encryption and backup features which might be of interest to forensic examiners. In this article we will look at the user and system features of Vista which may (or may not) present new challenges for investigators and discuss the use of Vista itself as a platform for forensic analysis.
Read the Article
|
Anti Forensics - making computer forensics hard
What is computer forensics?
The application of scientific methods in digital ways with the objective to determine if a computational resource (hard disks, compact disks, solid state devices, etc) is being or was used for illegal or unauthorized activities.
Read the Article
|
Pros and Cons of using Linux and Windows Live CDs in Incident Handling and Forensics
This paper describes the examination of the use of five different live CDs in the six-step incident handling process and the subsequent forensic examination of the machines. A brief synopsis of the six step incident handling process to provide the background for the testing conducted.
Read the Article
|
Forensic Analysis of a Compromised Intranet Server
This document details the forensic analysis process of a compromised Intranet server, from the verification stage to the dissection of malware code, supported by an explanation of the followed methodology.
Read the Article
|
Packet forensics using TCP
This article is set to arm you with the knowledge that allows one to approach a packet stream and successfully be able to determine if there are any missing packets. This is imperative in cases where your data set is missing packets that may contain crucial indicators of the breach. You would only know that by doing the analysis shown below. One aspect we will not deal with in this article is analysis of application layer data. We shall concentrate with trying to arm you with just the knowledge that you require in order to pull off packet forensics.
Read the Article
|
An Overview of Disk Imaging Tool in Computer Forensics
The objective of this paper is to educate users on disk imaging tool; issues that arise in using disk imaging, recommended solutions to these issues and examples of disk imaging tool.
Read the Article
|
Building a Low Cost Forensics Workstation
This paper will outline the fundamentals of computer forensic investigation and then, based on these essentials, create requirements for a low cost forensics workstation for use in electronic investigation.
Read the Article
|
Computer Forensic Legal Standards and Equipment
This paper addresses an issue of increasing importance to companies in this modern era. Computer Incident Response Teams (CIRTs), network security, and intellectual property (IP) security are growing.
Read the Article
|
Computer Forensics - We've Had an Incident, Who Do We Get to Investigate?
Computer forensics is used to conduct investigations into computer related incidents, whether the incident is an external intrusion into your system, internal fraud, or staff breaching your security.
Read the Article
|
