Hex viewer showing some highlighted bytes

There are two different methods for describing the order in which a sequence of bytes are stored in digital systems: Big Endian: places the most significant byte first (also known as network byte order) Little Endian: places the least significant byte first Etymology The term endian comes from the novel Gulliver’s Travels by Jonathan Swift. […]

Introduction to Number Systems

Understanding Number Systems Number systems use different number bases. A number base indicates how many different digits are available when using a particular numbering system. For example, decimal is number base 10, which means it uses ten digits: 0, 1, 2, 3, 4, 5, 6, 7, 8 and 9. Binary is number base 2, which […]

Image showing keyboard with the text Understanding Encoding

Introduction to Character Encoding Understanding how Character Encoding works is an essential part of understanding digital evidence. It is part of the common core of skills and knowledge. A character set is a collection of letters and symbols used in a writing system. For example, the ASCII character set covers letters and symbols for English […]

Yellow warning side with black text showing danger

Introduction When using third party image mounting tools to perform the forensic examination of NTFS file systems, it is extremely important to understand NTFS Junction Points so that you don’t find yourself making a critical mistake during your analysis. An issue has been identified with third party image mounting software where NTFS junction points are […]

Digital Detective Blade® logo on top of a open hard disk drive

Introduction to Blade® v1.9 We are pleased to announce the release of Blade v1.9.   This release of Blade® brings a number of fixes and some great new features.  This is the first release of Blade® to have evaluation capabilities which allow the user to test and evaluate our software for 30  days. When Blade™ is installed […]

Binary number over a dark blue background

Introduction A frequent question when dealing with browser forensics is ‘Does the Hit Count value mean that the user visited site ‘x’, on ‘y’ occasions?’ Most browsers record a ‘Hit Count’ value in one or more of the files they use to track browser activity, and it is important that an analyst understands any potential […]

Cookies next to a laptop keyboard

Internet Explorer Data As forensic examiners will be aware, Microsoft Internet Explorer stores cached data within randomly assigned folders. This behaviour was designed to prevent Internet data being stored in predictable locations on the local system in order to foil a number of attack types. Prior to the release of Internet Explorer v9.0.2, cookies were […]

Hands typing on computer keyboard

Introduction to Userdata Internet Explorer 8+ user data persistence is a function which allows online forms to save a small file to the system with information about values entered in a particular form.  This allows the user to retrieve a half filled web based form when they revisit. Persistence creates new opportunities for website authors.  Information […]

Digital Detective Blade® logo on top of a open hard disk drive

Introduction to Blade® v1.8 This release of Blade has a number of new features and improvements.  We have added 8 new Data Recovery Profiles to the Global Recovery Database, as well as releasing some new Professional Modules.  We have released a new 3GP/MPEG-4/ISO Base Media Format Intelli-Carve® Recovery Profile for the recovery of MP4/3GP video files.  […]

Computer keyboard with red enter key being pressed

Introduction to NetAnalysis® v1.52 Digital Detective is pleased to announce the release of NetAnalysis® v1.52 (and HstEx v3.6).  The release of this version has been eagerly awaited, so we are glad to say the wait is finally over. NetAnalysis® v1.52 adds a number of new features and fixes some minor bugs.  Some of the major new features released […]