Over the next wee while I am going to set some small forensic challenges for you to have a go at. The idea is that you donāt need expensive forensic software (i.e. EnCase!) to have a go; all of these are doable by hand using a hex/text editor. If you know how to do it … Continue reading Mini Forensics Challenge: File headers & Footers
Open Source Intelligence Searches
In the context of investigations and forensics, āopen source intelligenceā is information collected from publicly available sources, such as newspapers and the internet. In a commercial forensics environment you may be asked to work out who is behind a certain anonymous identity; for example they might be posting secret company information on a blog or … Continue reading Open Source Intelligence Searches
Lowmanio is now floating in the atmosphere
I apologise for it being absolutely ages since I have last blogged. During this time I have moved flat into my first mortgaged property and also planned more weddingy things. I have also painted the walls of said flat brightly coloured, as opposed to the (boring!) off-white magnolia colour the previous occupants thought would suit … Continue reading Lowmanio is now floating in the atmosphere
Why you need programming skills to be a good computer forensics investigator
(certainly in the commercial world anyway) In the corporate world getting licenses for forensic software is a slow and painful process and using open sourced tools is usually a no go, so you have end up with a limited toolset to carry out forensics. So unless you have all the tools that do exactly what … Continue reading Why you need programming skills to be a good computer forensics investigator
Link Files Forensic Cheat Sheet
I have created a one page 'cheat sheet' for Windows link file analysis. The information comes mostly of the link file paper written by Harry Parsonage who has kindly allowed me to use his wording for the cheat sheet. I hope to make a series of these on different forensics topics so if anyone has any suggestions please get … Continue reading Link Files Forensic Cheat Sheet
Rabbit Vaccines
Last month a new vaccine was released in the UK for rabbits called Nobivac Myxo-RHD. Normally rabbits need two vaccines every 6 months forĀ MyxomatosisĀ andĀ RHDĀ separately, however this new vaccine combines both vaccines together and only needs to be given every year, effectively quartering the cost of vaccines and reducing the stress the rabbits have when going … Continue reading Rabbit Vaccines
Cinc Sentits
Two weeks ago I went to Barcelona for a quick break. Iām a wee bit partial to fine dining and from December last year we decided to always eat at a Michelin starred restaurant (where possible) in whichever city we were holidaying in. For Barcelona, we picked Cinc Sentits for three reasons: firstly it wasnāt all fish … Continue reading Cinc Sentits
File tunnelling: weird creation timestamps
File tunnelling is a little known Windows capability that stems back from MSDOS days. In MSDOS, a āsafe saveā was done by saving a copy of the modified data to a temp file, deleting the original and then renaming the temp file to the original name whilst also retaining the original files metadata. Windows NT … Continue reading File tunnelling: weird creation timestamps
Windows Shellbags Forensics
There are many weird and wonderful registry entries that I have yet to know about that could contain useful forensics information. One of the most recent that Iāve learnt about are theĀ shellbagĀ entries. These keys are stored in the usersĀ ntuser.datĀ file, and store the viewing settings for users folders ā e.g. the size, position and icon of … Continue reading Windows Shellbags Forensics
UK Digital Forensics Conferences 2012
Last year I did aĀ postĀ with the symposiums and conferences I found relating to digital forensics for the coming year as I could not find an authoritative source. Here is the 2012 list. Please add any more conferences as a comment or email me and I'll add them in. I'm sure there will be at least … Continue reading UK Digital Forensics Conferences 2012
Lowmanio 