Hex viewer showing some highlighted bytes

There are two different methods for describing the order in which a sequence of bytes are stored in digital systems: Big Endian: places the most significant byte first (also known as network byte order) Little Endian: places the least significant byte first Etymology The term endian comes from the novel Gulliver’s Travels by Jonathan Swift. […]

DataDump Featured Image

DataDump™ is a free tool which allows you to dump segments of data from an original source image or physical/logical device. It can be used for the following: Extract a stream of binary data from a source image or logical device Convert an entire image or a segment of an image to a single flat […]

Introduction to Number Systems

Understanding Number Systems Number systems use different number bases. A number base indicates how many different digits are available when using a particular numbering system. For example, decimal is number base 10, which means it uses ten digits: 0, 1, 2, 3, 4, 5, 6, 7, 8 and 9. Binary is number base 2, which […]

Image showing keyboard with the text Understanding Encoding

Introduction to Character Encoding Understanding how Character Encoding works is an essential part of understanding digital evidence. It is part of the common core of skills and knowledge. A character set is a collection of letters and symbols used in a writing system. For example, the ASCII character set covers letters and symbols for English […]

Yellow warning side with black text showing danger

Introduction When using third party image mounting tools to perform the forensic examination of NTFS file systems, it is extremely important to understand NTFS Junction Points so that you don’t find yourself making a critical mistake during your analysis. An issue has been identified with third party image mounting software where NTFS junction points are […]

Front page of the ACPO Manager Guide: Good Practice and Advice for Managers of e-Crime Investigation

Good Practice for e-Crime Investigations Criminal behaviour has shifted to take advantage of electronic mediums and serious and organised criminal networks have become increasingly sophisticated. Corporations, Government departments and businesses now need to invest considerable sums in order to protect their assets and data. Lloyds of London have stated that they are defending up to […]

Front page of the ACPO Good Practice Guide for Digital Evidence

Digital Evidence Good Practice The ACPO good practice guide for dealing with computer based evidence was first released in the late 1990s. Since then, there have been five iterations; some of the changes include an update in document title. The guide is essential reading for anyone involved in the field of digital forensics. The latest […]

Digital Detective Blade® logo on top of a open hard disk drive

Introduction to Blade® v1.9 We are pleased to announce the release of Blade v1.9.   This release of Blade® brings a number of fixes and some great new features.  This is the first release of Blade® to have evaluation capabilities which allow the user to test and evaluate our software for 30  days. When Blade™ is installed […]

Dell XPS Laptop with Digital Detective USB Licence Dongle

Introduction One of the growth areas in digital forensics is the use of USB dongles for the licensing of software. Every single practitioner now finds themselves in dongle hell trying to manage a veritable menagerie of tiny USB devices just to enable them to carry out their day-to-day work. Of course, where dongles for core […]

Binary number over a dark blue background

Introduction A frequent question when dealing with browser forensics is ‘Does the Hit Count value mean that the user visited site ‘x’, on ‘y’ occasions?’ Most browsers record a ‘Hit Count’ value in one or more of the files they use to track browser activity, and it is important that an analyst understands any potential […]