Why is this Important? During a forensic examination, establishing a timeline of events is usually an important aspect in the analytical process. This may involve you having to identify when a hard disk was manufactured. If you are a data recovery engineer, this information can also be useful when trying to identify donor drives and […]
Zone Identifier, ADS and URL Zones If you are new to the field of digital forensics, you may not be aware of Zone Identifiers, Alternate Data Streams (ADS) or URL Zones. If that is the case, then you have come to the right place. We shall explain all and show you exactly how they can […]
Introduction When using third party image mounting tools to perform the forensic examination of NTFS file systems, it is extremely important to understand NTFS Junction Points so that you don’t find yourself making a critical mistake during your analysis. An issue has been identified with third party image mounting software where NTFS junction points are […]
Good Practice for e-Crime Investigations Criminal behaviour has shifted to take advantage of electronic mediums and serious and organised criminal networks have become increasingly sophisticated. Corporations, Government departments and businesses now need to invest considerable sums in order to protect their assets and data. Lloyds of London have stated that they are defending up to […]
Digital Evidence Good Practice The ACPO good practice guide for dealing with computer based evidence was first released in the late 1990s. Since then, there have been five iterations; some of the changes include an update in document title. The guide is essential reading for anyone involved in the field of digital forensics. The latest […]
Introduction One of the growth areas in digital forensics is the use of USB dongles for the licensing of software. Every single practitioner now finds themselves in dongle hell trying to manage a veritable menagerie of tiny USB devices just to enable them to carry out their day-to-day work. Of course, where dongles for core […]
Internet Explorer Data As forensic examiners will be aware, Microsoft Internet Explorer stores cached data within randomly assigned folders. This behaviour was designed to prevent Internet data being stored in predictable locations on the local system in order to foil a number of attack types. Prior to the release of Internet Explorer v9.0.2, cookies were […]
Introduction to NetAnalysis® v1.52 Digital Detective is pleased to announce the release of NetAnalysis® v1.52 (and HstEx v3.6). The release of this version has been eagerly awaited, so we are glad to say the wait is finally over. NetAnalysis® v1.52 adds a number of new features and fixes some minor bugs. Some of the major new features released […]
Introduction The Internet Explorer disk cache is a storage folder for temporary Internet files that are written to the hard disk when a user views page from the Internet.Internet Explorer uses a persistent cache and therefore has to download all of the content of a page (such as graphics, sound files or video) before it […]
Introduction to Time Zone Identification In a digital forensic examination, establishing which Time Zone the system had been set to should one of the first examination tasks. If this information is not established at an early stage and taken into account, the validity of Date/Time evidence may be brought into question. Not only is this […]