It never fails to amaze me how many computer forensics investigators are happy to just regurgitate something they have read on a forensics forum or on the Internet in general. While the Internet is obviously a great source of information we do appreciate, don't we, that it is populated by the well meaning but sometimes ill informed. It doesn't take you long to find a thread on a computer forensics forum (this includes those forums that are closed to the public) where someone with a ...
I have just spent considerable amount of time and money destroying some old hard disk drives that have contained indecent images of children from past investigations. This has got me thinking again as to whether secure destruction, be that shredding, hammering a six inch nail through them, degaussing or simple lump hammer therapy is an appropriate way to destroy the data on the drive especially given the cost of the drives and the potential for re-use. We are now a green(ish) society after all. ...
A post on one of the computer forensics forums in relation to computer forensics standards and specifically about a non computer forensics officer switching on a device that is currently switched off has got me thinking. First off I didn’t see the program (I understand it was in relation to the occupants of a car stopped in for questioning in respect to drug related matters) so can't comment specifically, but that aside, are we a little over paranoid about computer evidence and the affect that such ...
Originally Posted by sandy771 I have just uploaded a beta version of the software for you to play with. version 1.1.0 This version has an inbuilt hex editor (based on RevEnge and the same as that seen in LinkAlyzer and PmExplorer) when you select a file entry from the file list the MFT is displayed raw in the hex view and the decoded fields are displayed in the vertical list to the right of the screen. When a value in the vertical list is selected (say the created date) the relevant bytes in the raw data are highlighted. ...
Originally Posted by sandy771 I have decided to release my old program KaZAlyser as unsupported software as I still get the very occasional request for it. you can download the software from here http://www.sandersonforensics.com/fi...lysersetup.exe the password for which is power attitude trim When prompted you will need to enter the following information to fully enable KaAzlyser In the top box enter the following single line Free software - no ...
Archive
Recent Comments