Clik here to view.
Windows Vista – notes for forensic examiners (part two)
This article was first published in 2007 at http://www.securityfocus.com/infocus/1890 and is reprinted with permission by Jamie Morris Forensic Focus (www.forensicfocus.com) Intro In part one of this...
View ArticleClik here to view.
A Forensic Analysis Of The Windows Registry
First published November 2007 Derrick J. Farmer Champlain College Burlington, Vermont dfarmer03@gmail.com (click here for a revised, quick reference PDF version of this paper) AbstractThis paper will...
View ArticleClik here to view.
Potential Impacts of Windows Vista on Digital Investigations
First published December 2007 by Christopher Hargreaves and Howard Chivers Paper received 30th April, 2007. C.J.Hargreaves, Cranfield University, Defence Academy of the United Kingdom, Shrivenham, SN6...
View ArticleClik here to view.
Forensic Analysis of the Microsoft Windows Vista Recycle Bin
First published May 2008 By Mitchell Machor MMachor@gmail.com 1/22/2008 (click here for a PDF version of this paper) - 1 – Introduction Contrary to due belief, when a file is deleted on a Microsoft...
View ArticleClik here to view.
Apple Property List: Comparing the Mac OS X Property List to the Windows...
First published April 2009 Dennis Browning Champlain College Burlington, VT dennisbrowning@gmail.com Abstract This paper will introduce the Property Lists in the Apple OS X and compare them to the...
View ArticleClik here to view.
Linux for computer forensic investigators: «pitfalls» of mounting file systems
First published October 2009 by Suhanov Maxim ITDefence.Ru Introduction Forensic Linux distribution is a customized Linux distribution that is commonly used to complete different tasks during computer...
View ArticleClik here to view.
Simple Steganography on NTFS when using the NSRL
First published October 2009 Adam Hurwitz ahurwitz@biaprotect.com Business Intelligence Associates, Inc. 39 Broadway, NYC, NY 10006 Abstract NTFS is structured so that there can be a physical...
View ArticleClik here to view.
Shrinking the gap: carving NTFS-compressed files
First published October 2009 Recovering deleted NTFS-compressed files By Joachim Metz Hoffmann Investigations www.hoffmannbv.nl 1.0 Joachim Metz September 2, 2009 Initial version. Summary An important...
View ArticleClik here to view.
Timeline Analysis – A One Page Guide
First published February 2010 by Darren Quick Comments and suggestions may be sent to darren_q@hotmail.com Prepare The scope of the request determines the data to be collected, such as within a...
View ArticleClik here to view.
EnCase file copying and Windows Short File Names
First published May 2010 By Lee Hui Jing, EnCe Edited by Sarah Khadijah Taylor ABSTRACT A couple of months ago, one of my clients, an Investigating Officer from a Law Enforcement Agency, had requested...
View ArticleClik here to view.
Windows Search forensics
Analyzing the Windows (Desktop) Search Extensible Storage Engine database by Joachim Metz jbmetz@users.sourceforge.net Summary While some may curse Windows Vista for all its changes, for us forensic...
View ArticleClik here to view.
Standard Units in Digital Forensics
by Dr Chris Hargreaves Lecturer at the Centre for Forensic Computing at Cranfield University in Shrivenham, UK. One of the earliest lectures in the MIT Openware programme in Physics begins with the...
View ArticleClik here to view.
Android Forensics Study of Password and Pattern Lock Protection
Let’s see what Pattern Lock is, how to access, determine or even get rid of it? We’ll also speak about Password Lock Protection and find out what it has in common with Pattern Lock. And finally we’ll...
View ArticleClik here to view.
Parallels hard drive image converting for analysis
Abstract The other day, talking to one of the analysts in Dallas, a question emerged about analyzing Parallels’ virtual machine hard drives. To my surprise, I did not find many help on this issue...
View ArticleClik here to view.
Generating computer forensic supertimelines under Linux: A comprehensive...
When the authors first published this paper, their intentions were to develop a comprehensive guide to digital forensic timelines in order to consolidate the many fragmented sources of information...
View ArticleClik here to view.
Interpretation of NTFS Timestamps
Introduction File and directory timestamps are one of the resources forensic analysts use for determining when something happened, or in what particular order a sequence of events took place. As these...
View ArticleClik here to view.
Geo-tagging & Photo Tracking On iOS
As you may already know, Apple has always been criticized for using their extremely popular devices to track users and use this information to expand their own databases. This tutorial assumes that you...
View ArticleClik here to view.
ForGe – Computer Forensic Test Image Generator
Introduction Creating test material for computer forensic teaching or tool testing purposes has been a known problem. I encountered the issue in my studies of Computer Forensics at the University of...
View ArticleClik here to view.
Analysis Of iOS Notes App
As part of my third year studying Digital Security,Forensics & Ethical Hacking at GCU, I took part in a group research project to study the artifacts created when using the notes app on an iPad...
View ArticleClik here to view.
OS X Mavericks Metadata
Apple recently released the newest version of their desktop operating system, Mac OS X Mavericks. As a free update to all supported Apple desktops and laptops, a wide adoption rate was expected, and...
View Article