Category: Technical Articles

  • Strange Artifacts – Wubi

    I don’t speak French. I learned it at school and don’t use it much but, if it was a pinch, I could probably remember enough to get by. The same goes for using linux. I know a lot of the basic commands and how to set things up so that it is usable, but I’m […]

  • Flashpost: Google Plus Artefacts – URL Forwarding

    While using Google Plus I noticed this and thought that it may be of use to some of you: Whenever you click on a link in G+ you are redirected to a URL that looks like this: You are then quickly redirected to the linked site. Obviously you can see the original link URL […]

  • Detecting CMOS Clock Changes

    During my short career in digital forensics I have seen and heard a number of defences. One that I have seen emerge a number of times is the claim that one of the parties has been ‘framed’ or ‘set-up’ by someone by changing the system clock and doing some nefarious deed before setting the clock […]

  • Testing Acquisition Hardware Part 2

    A few people liked what I wrote the other day so I’m coming back with a couple more tests that I’ve run today. I have acquired the same drive as with the software tools but this time I have done it with the Tableau TD1 and the ImageMaster Solo III. The hard drive is a […]

  • The Risk of Rooting

    If I were to say the name ‘Linus’ and your first reaction is ‘Torvalds’ then you are a monumental geek. You make me proud. If you thought ‘Peanuts’ then you’re still a geek, just not quite as serious a case. Linus, from the Peanuts comic strip, used to keep a tight grip of his security […]

  • Lessons from Data Recovery – Part 1 (Repost)

    I originally posted this entry over on the Disklabs computer forensic forum ( but also thought a lot of people would benefit from it being repeated here too. I’ve been working at Disklabs for a few weeks now. I’ve mostly been confined to the digital forensics lab but I’ve been able to poke my head […]

  • Into The Shadows

    Lee Whitfield gives insight into Microsoft Volume Shadow Copies and shows how to extract meaningful data by manually deconstructing these files.

  • Mac Forensics

    Lee provides a brief overview of what he found interesting from his Mac forensic training.

  • MacBook Air Acquisition

    Lee provides show how to extract the drive ready from a MacBook Air.