|
Forensic Focus
|
Forensic Focus - Computer Forensics News, Information and Community
|
|
-
Classifieds: WTB - EnCase 6 dongle
Andrew, I PM'ed back with my answer.
-
General Discussion: What software do "you" use for Computer Forensics?
Nathan_84 wrote:
Thank you all for your responses. It's a learning curve, one which can be very frustrating but even more satisfying when you get it! <img src="/images/smiles/icon_smile.gif" alt="Smile" title="Smile" border="0" />
When I started learning digital evidence acquisition back in the day, it was easier than it is today. We live in a time of some very exciting advances in technology especially in the mobile device space. This means that there is more complexity for digital forensic examiners to deal with when it comes to obtaining evidence.
It's an great time to be in digital forensics, but it's not for the faint hearted or unmotivated.
-
Services needed: File Time Stamps
Hi
Just a quick question.
When you produce a schedule of files do you as a matter of course include the full time stamp i.e including the seconds. I am in receipt of such a schedule and the seconds part of the time stamp is mising on file create, last accessed and last modified.
I really need to go down to the granularity of seconds.
Many thanks
R
-
Education and Training: Help Please: Computer Science and Forensics
Is this the program you are thinking of doing?
-
Methodology: Video game device forensics?
I've just completed my MSc dissertation on the forensic analysis of the Nintendo Wii (Using homebrew software to dump the filesystem). Only one previous paper that I could find there!
I included an overview of Xbox/Xbox360 and PS3 forensics in my report and found a few papers that don't seem to be on your website. I don't have them all to hand right now, but I'll try to take another look over the weekend and post them up here.
Off the top of my head, I recall that the PS3 was the subject of the 2009 DFRWS challenge, and there was a paper on the Xbox 360 filesystem in a recent issue of Digital Investigation. Another approach I found helpful was treating the console as an embedded system (the Wii uses soldered NAND flash instead of a hard drive) - things like JTAG looked promising but weren't really feasible in my case.
As I said, I don't have my report to hand right now but I'll try to get my references posted up here over the net couple of days.
EDIT: Just to add, my favourite paper involved using a saved game buffer overflow exploit to grab a copy of virtual memory on the original Xbox. It was relatively similar to what I wanted to do. If I remember correctly, it was by Rabaiotti & Hargreaves and may well have been in the same issue of Digital Investigation. It could well be available elsewhere online though.
Hope that helps,
Peter
|
Forensics News 