General Discussion: Strange startup traffic
I have detected an inusual network traffic in PC's startup. With a wireshark capture you see after the user introduces his password, the Windows XP Client connecting to remote registry of the domain...
View ArticleGeneral Discussion: Audio forensic examples
Hey guys. I've recently applied for an audio job for the UK police. I have mountain of experience from working as an audio producer for radio and a qualification in audio technology. My question is, is...
View ArticleGeneral Discussion: graphics card memory
http://www.cs.uno.edu/~golden/gpu-malware-research.html the time has come...
View ArticleGeneral Discussion: Acquiring netshares/mail through an unreliable connection
Sorry for the lack of details, the situation was pretty complicated. Basically the company was bought by another company and they temporarily shared part of the equipment however they kept everything...
View ArticleForensic Hardware: mac pros for f lab?
Holy thread resurrection! I am pretty much an all Mac lab. My Macs are set up OS X and Bootcamp usually with a few VMs (Windows, Linux, Linux Boot Disk distros, etc). I use one of the new trash can Mac...
View ArticleGeneral Discussion: Assumptionware, a neologism by Jonathan Zdziarski
athulin wrote: Though I think I disagree somewhat (only somewhat, mind) with the statement that validation isn't possible with closed source: it's possible to cook up hostile testing data to stress the...
View ArticleGeneral Discussion: Security Changes Registry Keys
pimp wrote: If someone changes the security for a registry key (for example deny for a user), is possible to track this change and know who did it? Is there any clue in the registry? In the Registry?...
View ArticleGeneral Discussion: Windows Registry Default Printer
jaclaz wrote: That will tell you which user was logged in at the time the key was changed, but not necessarily which user changed the key at that time. Let's say that I set an AT or SCHTASK scheduled...
View ArticleGeneral Discussion: Forensic Scripts and tasks
pimp wrote: How is posible to know if a script was executed in a Windows Machine using WMI, wscript or cscript? I mean, where do you have to search to know exactly that a script was executed, from...
View ArticleGeneral Discussion: Forensic Scripts and tasks
pimp wrote: Is there any method to execute hidden tasks using the Windows Scheduler? If by "hidden task" it is intended something that runs without showing on the user desktop, yes, actually that is...
View ArticleMobile Phone Forensics: iPhone 5s is disabled try again in 2 million years
CopyRight wrote: Hi Everyone, so yes people are smarter now, when an iphone comes to you and says" iphone 5s is disabled try again in 2 million years" is there anyway round that? Other than wiping the...
View ArticleGeneral Discussion: Adequacy of the offline acquisition of FDE drive
If you have the Admin credentials: http://digital-forensics.sans.org/blog/2009/09/11/decrypting-a-pointsec-encrypted-drive-using-live-view-vmware-and-helix/ jaclaz
View ArticleEducation and Training: CCE Self Study Course
Hello, Has anyone completed the CCE self course? I am thinking of taking this course and would like some feedback on how the course was.
View ArticleForensic Software: [Tool] Autopsy 3.1 Released - Parallel Pipelines and Android
Honestly, its been hanging around in develop for so long, it was an oversight that it wasn't mentioned on actual release. Our website has been updated now
View ArticleGeneral Discussion: Mailbox Collection from Office 365
Does any one have a recommended strategy for conducting a forensic copy of data maintained in an office 365 exchange environment. We have the admin user name and password, but ideally, would not like...
View ArticleDigital Forensics Job Vacancies: Digital Forensic Technician - Philadelphia, PA
Department: Digital Forensics Summary: TransPerfect Legal Solutions (TLS) is the industry leader in multilingual legal support services. Since 1992, we have been providing a comprehensive suite of...
View ArticleMobile Phone Forensics: Sony Ericsson T630 - Recover deleted SMS?
Hi All, I have been asked by a potential client to recover deleted SMS data from a Sony Ericsson T630. I do not have the phone yet and I have been informed a UFED and Oxygen Forensics will not be able...
View Article