I had been waiting with some anticipation for this book. I have done a lot with the registry over the years, including writing my own registry viewer, and I was looking forward to what I was hoping would be an authoritative reference, I was both pleased with what I got and a little disappointed. I wanted to get the paper version but was too impatient to wait until it was released over on this side of the pond so I decided it was time to try a digital book. To be fair ...
Updated 02-15-2011 at 07:16 PM by sandy771 (Typos)
Scenario You have a document that you need to know the provenance of, or in my case you need to find an earlier version. There are no obvious backups and you have checked the existing shadow copies (using vssadmin) and there is nothing of interest there –however you have good intel to show that the file had been modified, but unfortunately the file was binary and it is not easy or possible to do a keyword search for the older version. Technical background ...
It never fails to amaze me how many computer forensics investigators are happy to just regurgitate something they have read on a forensics forum or on the Internet in general. While the Internet is obviously a great source of information we do appreciate, don't we, that it is populated by the well meaning but sometimes ill informed. It doesn't take you long to find a thread on a computer forensics forum (this includes those forums that are closed to the public) where someone with a ...
I have just spent considerable amount of time and money destroying some old hard disk drives that have contained indecent images of children from past investigations. This has got me thinking again as to whether secure destruction, be that shredding, hammering a six inch nail through them, degaussing or simple lump hammer therapy is an appropriate way to destroy the data on the drive especially given the cost of the drives and the potential for re-use. We are now a green(ish) society after all. ...
A post on one of the computer forensics forums in relation to computer forensics standards and specifically about a non computer forensics officer switching on a device that is currently switched off has got me thinking. First off I didn’t see the program (I understand it was in relation to the occupants of a car stopped in for questioning in respect to drug related matters) so can't comment specifically, but that aside, are we a little over paranoid about computer evidence and the affect that such ...
Archive
Recent Comments