During a forensic examination, establishing a timeline of events is usually an important aspect of the analytical process; this may include establishing the manufactured date of a hard disk drive. In a data recovery scenario, this information may be relevant when attempting to identify donor drives for a head swap. Many hard disks have this […]
Introduction When using third party image mounting tools to perform the forensic examination of NTFS file systems, it is extremely important to understand NTFS Junction Points so that you don’t find yourself making a critical mistake during your analysis. An issue has been identified with third party image mounting software where NTFS junction points are […]
Good Practice for e-Crime Investigations Criminal behaviour has shifted to take advantage of electronic mediums and serious and organised criminal networks have become increasingly sophisticated. Corporations, Government departments and businesses now need to invest considerable sums in order to protect their assets and data. Lloyds of London have stated that they are defending up to […]
Digital Evidence Good Practice The ACPO good practice guide for dealing with computer based evidence was first released in the late 1990s. Since then, there have been five iterations; some of the changes include an update in document title. The guide is essential reading for anyone involved in the field of digital forensics. The latest […]
Introduction One of the growth areas in digital forensics is the use of USB dongles for the licensing of software. Every single practitioner now finds themselves in dongle hell trying to manage a veritable menagerie of tiny USB devices just to enable them to carry out their day-to-day work. Of course, where dongles for core […]
Introduction A frequent question when dealing with browser forensics is ‘Does the Hit Count value mean that the user visited site ‘x’, on ‘y’ occasions?’ Most browsers record a ‘Hit Count’ value in one or more of the files they use to track browser activity, and it is important that an analyst understands any potential […]
Internet Explorer Data As forensic examiners will be aware, Microsoft Internet Explorer stores cached data within randomly assigned folders. This behaviour was designed to prevent Internet data being stored in predictable locations on the local system in order to foil a number of attack types. Prior to the release of Internet Explorer v9.0.2, cookies were […]
Introduction to NetAnalysis® v1.52 Digital Detective is pleased to announce the release of NetAnalysis® v1.52 (and HstEx v3.6). The release of this version has been eagerly awaited, so we are glad to say the wait is finally over. NetAnalysis® v1.52 adds a number of new features and fixes some minor bugs. Some of the major new features released […]
Introduction The Internet Explorer disk cache is a storage folder for temporary Internet files that are written to the hard disk when a user views page from the Internet.Internet Explorer uses a persistent cache and therefore has to download all of the content of a page (such as graphics, sound files or video) before it […]
Introduction to Time Zone Identification In a digital forensic examination, establishing which Time Zone the system had been set to should one of the first examination tasks. If this information is not established at an early stage and taken into account, the validity of Date/Time evidence may be brought into question. Not only is this […]
English
Arabic
Chinese (Simplified)
Dutch
French
German
Italian
Portuguese
Russian
Spanish