Sorry for not blogging recently, I have been writing a ridiculously long piece of coursework (7,441 words at 18 pages) on malware and virtual machines which was due in today. Last Thursday we had 6 hours of Forensic Science Practical classes and 'twas awesome! The first three hours involved taking out clothing and shoes from … Continue reading Forensic Science Practical FTW
Category: forensics
FireFox usage
Great little tool on FirefoxForensics to do the same sort of thing as with IE. Firefox stores its cache of URLs etc in sqlite databases, which can be found in this folder: C:\Documents and Settings\[username]\Application Data\Mozilla\Firefox\Profiles\[profilename] For example there is a cookies.sqlite, formhistory.sqlite and downloads.sqlite for starters! I wish IE would be this neat! I have updated my graph … Continue reading FireFox usage
Internet Explorer usage
For one of my labs this week we had to browse a few websites using IE and then using an Internet Explorer analysis tool find out as much info as possible about what we looked at. IE logs all browser activity in index.dat files. The data stored includes the URL, data and time of last modification and … Continue reading Internet Explorer usage
Doppelgangers at large?
In today’s forensic science theory lectures we got taught that not only is DNA not unique, but there is an actual chance of two people having the same DNA profile. The lecturer first explained the birthday paradox, and then tried to explain it with DNA and got me terribly confused with what numbers go where … Continue reading Doppelgangers at large?
Image Steganography
Steganography is the art of hiding something in something else in plain sight. Usually images or text are hidden within other images or sound files. For example, in the image below of trees there is an image of a cat hidden inside it. Wikipedia explains that for each component of each RGB value, if you take just … Continue reading Image Steganography
Thumbs.db
Most Windows XP users aren't aware of the Thumbs.db file that sits in every folder that contains at least one image, because it is a hidden file that by default is not shown. By going to any folder in explorer and going to Tools > Folder Options > View and choosing 'show hidden files and … Continue reading Thumbs.db
Problems faced in forensic science
In my introductory lecture of Fundamentals of Forensic Science, the lecturer spoke about the problems currently faced in the field. Forensic “science” is not always an exact science. Things such as drug analysis and DNA comparison is exact and very scientific, but clothing damage, blood stain patterns and scene reconstruction is not. It requires a … Continue reading Problems faced in forensic science
Week 1 of masters course
When I first looked at my timetable I thought I'd be in from 10am to 5pm every day, rarely having breaks other than for lunch. All my classes were in 2 hour blocks with some labs scheduled for 3 hours. It looked like a tough schedule, with little time for private study and coursework – … Continue reading Week 1 of masters course
Forensic Examination of Digital Artefacts – ACPO guidelines
Long ago when forensics started out, each police department or private investigation company would do things in their own way. Most didn't have a computer forensics expert and used their IT department or nearest computer geek instead, who would have had varying degrees of expertise. This led to evidence being mistreated and people called expert … Continue reading Forensic Examination of Digital Artefacts – ACPO guidelines
Lowmanio 