As a security pro, it's important to periodically stop, take a break, and refuel your brain. Once per month, Core Security Technologies does the same thing and invites industry thought leaders to share their insights through educational webcasts offering security testing tips, tricks and strategies.

[ more ]  [ reply ]

Hi all!

Champlain College, in partnership with the International Society of Forensic Computer Examiners (ISFCE), is going to be offering two Certified Computer Examiner (CCE) Bootcamp courses in June:

o June 9-13 in Burlington, Vermont
o June 23-27 at Bunker Hill Community College in Boston

[ more ]  [ reply ]

Call for Papers Hack.lu 2008

The purpose of the hack.lu convention is to give an open and free
playground where people can discuss the implication of new technologies
in society.

hack.lu is a balanced mix convention where technical and non-technical
people can meet each others and share freely

[ more ]  [ reply ]

Unless you have a MD5 or SHA value of the original it is a pretty daunting task. I came across this article from wired while doing a research paper. Here is the link. http://www.wired.com/gadgets/digitalcameras/news/2007/03/72883

-----------------------------------------------------------------
Unc

[ more ]  [ reply ]

Interesting news from New Zeland, I wonder how to get a copy. ;o)
-Aron-

-------- Original Message --------

http://www.stuff.co.nz/4507443a28.html

NZ cops get 'COFEE' to capture PC evidence
NZPA | Saturday, 03 May 2008

New Zealand police have been given a small plug-in device that
investigators

[ more ]  [ reply ]

Hi List,

A case of digital photos circulated on the Internet formus, I need your
helps in find out answers for 2 answers:

1. Are there any tools that we could used to verify if a digital photo
has been altered?

2. As those photos are posted on various formus, how to trace back the
origin

[ more ]  [ reply ]

Folks,

one of my cases has been going on for almost half a year
now. Unfortunately, I now do have the need to transfer
the forensic dd image to another target disk which will
then become the case disk.

Is there anything other than the usual stuff (securely
erase the 'new' disk, create checksums be

[ more ]  [ reply ]

Hi all!

My apologies for any duplicate posts!

Attached is a Call for Papers for the next issue of the Journal of Digital Forensics Practice. We are specifically seeking practitioner articles for this peer-reviewed, high-quality publication.

Feel free to contact me or editor-in-chief Marc Rogers

[ more ]  [ reply ]

On Apr 12, 4:47am, Terry Roebuck wrote:
}
} A*nix mount with DD would be my option of choice, but for windows, I
} hesitatingly ask could you not modify an IDE cable to make any connected
} drive 'read-only' (might require a resistor - not sure if you can just
} clip a wire? - maybe some one wit

[ more ]  [ reply ]

Well this is a little one sided.

When you are preserving a hard disk you want a snapshot in the moment
it was seized. This would mean that you should not do any alteration
after that point and I'll ask you to consider two cases that will show
you where I come from.

1. The journal replay may overwr

[ more ]  [ reply ]

> you can mount the storage as read-only - any unix filesystem will
> support read-only mount, and provided your root account isnt
> compromised, no one can remount it as write. Root cant write to
> read-only mounted filesystems without remount either.
>
> mount -r /dev/da2 /readonly in BSD land..

[ more ]  [ reply ]

We have used ePreserver Forensic for pfc files.

http://www.connectedsw.com/Overview/36400.

Greg Kelley, EnCE
Vestige, Ltd

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] on behalf of James G. McIntyre
Sent: Fri 11/16/2007 12:01 PM
To: forensics (at) securityfocus (dot) com [email concealed]
Cc:
Subject:

[ more ]  [ reply ]

If it is a USB enclosure and you have Windows XP service Pack 2 use

the USB write Protect.

http://www.m2cfg.com/usb_writeblock.htm

Turn write block on before plugging in the drive.

Thanks

Mike

[ more ]  [ reply ]

On Apr 5, 3:35pm, Tom Yarrish wrote:
}
} I wanted to find out if there was a method to convert an external
} hard drive enclosure into a "cheap" write blocker device? I'm not

The only difference between read and write is the command issued.
You would need an intelligent adapter that sit

[ more ]  [ reply ]

Matt and Kelly,

> I guess there is one point here that leads to

> possible issues a cd to forensically collect

> evidence for law enforcement would require that

> you collect the data with a device that could

> not write to the hard disk,

What if you could collect the data you needed, b

[ more ]  [ reply ]

Anyone know of any docs or utilities for analyzing AOL files, for example
pfc and feedbag etc. ?

Any assistance would be appreciated.

Jim Mc....

--

--
James G. McIntyre
Senior Consultant
SANS/GIAC - GCIA Certified Intrusion Analyst
- GCFW Certified Firewall Analyst
- GAWN

[ more ]  [ reply ]

The new 2.0.6pl2 release of the open computer forensics architecture
(ocfa) has been put on sourceforge. The most important patches are:

* More strict configure scripts.
Fixes in configure for 64 bit (suse) platforms.
* Aditional rulelist for SLES 9, to work around the
problem that unzip is com

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey all,
I wanted to find out if there was a method to convert an external
hard drive enclosure into a "cheap" write blocker device? I'm not
looking for something to use from a forensic standpoint. Basically
if I want to put a hard drive into an

[ more ]  [ reply ]

It's probably compressed so in that case you probably wont find any header information.

Mike Theriault
Security Enginer

[ more ]  [ reply ]