Strange Artifacts – Wubi
I don’t speak French. I learned it at school and don’t use it much but, if it was a pinch, I could probably remember enough to get by. The same goes for using linux. I know a lot of the basic commands and how to set things up so that it is usable, but I’m […]
Flashpost: Google Plus Artefacts – URL Forwarding
While using Google Plus I noticed this and thought that it may be of use to some of you: Whenever you click on a link in G+ you are redirected to a URL that looks like this: http://www.google.com/url?sa=z&n=1309767169313&url=http%3A%2F%2Fdilbert.com%2Fstrips%2Fcomic%2F2009-10-04%2F&usg=EazZfazk8jxAKAEECZZ_4OneRqs. You are then quickly redirected to the linked site. Obviously you can see the original link URL […]
Detecting CMOS Clock Changes
During my short career in digital forensics I have seen and heard a number of defences. One that I have seen emerge a number of times is the claim that one of the parties has been ‘framed’ or ‘set-up’ by someone by changing the system clock and doing some nefarious deed before setting the clock […]
Testing Acquisition Hardware Part 2
A few people liked what I wrote the other day so I’m coming back with a couple more tests that I’ve run today. I have acquired the same drive as with the software tools but this time I have done it with the Tableau TD1 and the ImageMaster Solo III. The hard drive is a […]
The Risk of Rooting
If I were to say the name ‘Linus’ and your first reaction is ‘Torvalds’ then you are a monumental geek. You make me proud. If you thought ‘Peanuts’ then you’re still a geek, just not quite as serious a case. Linus, from the Peanuts comic strip, used to keep a tight grip of his security […]
Lessons from Data Recovery – Part 1 (Repost)
I originally posted this entry over on the Disklabs computer forensic forum (http://www.computer-forensics.co.uk/computer-forensics-forums/forum.php) but also thought a lot of people would benefit from it being repeated here too. I’ve been working at Disklabs for a few weeks now. I’ve mostly been confined to the digital forensics lab but I’ve been able to poke my head […]
Into The Shadows
Lee Whitfield gives insight into Microsoft Volume Shadow Copies and shows how to extract meaningful data by manually deconstructing these files.
Mac Forensics
Lee provides a brief overview of what he found interesting from his Mac forensic training.
MacBook Air Acquisition
Lee provides show how to extract the drive ready from a MacBook Air.