Archives For Computer Forensics
I had the good fortune to attend a High Tech Crime Investigation Association meeting in Singapore last week. Attendees were primarily from the Singapore business community and represented a good cross section of forensic disciplines. After giving a talk on Windows Shadow Copy forensics, I sat in on chapter business that included preparation for the annual HTCIA Asia Pacific conference in Hong Kong. I thought I would provide the details in case anyone will be nearby in December:
Fifth Annual HTCIA Asia Pacific Training Conference
December 5-7, 2011
Cliftons, Hong Kong
“Companies should not be behaving like supercookie monsters, gobbling up personal, sensitive information without users’ knowledge.”
- Ed Markey, Co-Chairman of the US House Bi-Partisan Privacy Caucus, calling for a FTC investigation into the increasing use of “supercookies”.
Note: This post originally appeared on the SANS Forensics blog
Daunting as it may seem, one of the most wonderful aspects of Windows forensics is its complexity. One of the fascinating aspects of digital forensics is how we often leverage conventional operating system features to provide information peripheral to their original design. One such feature is the Windows NTFS Index Attribute, also known as the $I30 file. Knowing how to parse $I30 attributes provides a fantastic means to identify deleted files, including those that have been wiped or overwritten.
August was a busy month for CDFS, with the official launch, introduction of the website, and open membership enrollment. Membership is growing fast and, if the mailing list is any indication, the organization is already working to support the digital forensics field. Why should you care? Here is what a student of mine from Texas had to go through just to have the privilege of continuing to practice forensics.
As most of you are aware, multiple states have enacted legislation to require private investigator licenses for those conducting digital forensics. My colleague had a successful, long standing forensics practice in Texas performing data recovery and forensic investigations. Continue Reading…
I am pleased to announce that my talk was accepted at Paraben’s Forensic Innovations 2011 conference (PFIC). I will be speaking on Computer Intrusion Forensics: Tools and Techniques to Find Evil. This will be my third year speaking at the event, and I have grown to look forward to it as a great way to round out the year. Paraben does an excellent job with consistently good speakers and interesting topics. The conference price is unbeatable at $299, and it doesn’t hurt that it is being held at a great resort in my hometown (Canyons Resort in Park City, Utah). If you will be attending, make sure to get in touch so we can meet up!