Cool stuff from Princeton researchers. They published a paper “Cold Boot Attacks on Encryption Keys” and showed that whole disk encryption can be defeated by relatively simple methods. They demonstrated their methods by using them to defeat three disk encryption products: BitLocker,
Archive for the 'Forensics' Category
frozen memory aquisition
«
22 February 2008 |
16:33 |
Forensics, Live Response, Security |
No Comments | 977 Views
»
Insider Threat Research
«
28 January 2008 |
18:25 |
Forensics, Security |
No Comments | 818 Views
»
CERT and the United States Sectret Service published an insider threat research that focuses on both technical and behavioral aspects of actual compromises. The key findings are Current and former employees carried out insider activities in nearly equal numbers. Sixty-three percent of the insiders held technical positions within the targeted organizations.
CERT and the United States Sectret Service published an insider threat research that focuses on both technical and behavioral aspects of actual compromises. The key findings are Current and former employees carried out insider activities in nearly equal numbers. Sixty-three percent of the insiders held technical positions within the targeted organizations.
Talk about Windows Vista Forensics
«
29 December 2007 |
11:52 |
Events, Forensics, Speeches |
2 Comments | 1,009 Views
»
I’m going to talk about Windows Vista Forensics at the DFN-CERT workshop. The workshop will be held on Februray 13 and 14, 2008 in Hamburg, Germany.
I’m going to talk about Windows Vista Forensics at the DFN-CERT workshop. The workshop will be held on Februray 13 and 14, 2008 in Hamburg, Germany.
The Sleuthkit 2.10
«
13 December 2007 |
9:37 |
Forensics, Tools |
1 Comment | 952 Views
»
A new version of The sleuthkit (TSK) is out now. There are some minor bug fixes included. Changelog
A new version of The sleuthkit (TSK) is out now. There are some minor bug fixes included. Changelog
WTF is Microsoft doing with the Last Access Timestamp on Vista?
«
20 November 2007 |
8:52 |
Forensics, Stories |
2 Comments | 1,512 Views
»
I recently discovered, that Microsoft destroyed a most valuable digital forensics evidence source on NTFS filesystems with Vista. The default registry key value for HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet \ Control\FileSystem\NtfsDisableLastAccessUpdate is now “1″, which means no last access timestamp will be written at all. On Windows XP and Windows 2000
I recently discovered, that Microsoft destroyed a most valuable digital forensics evidence source on NTFS filesystems with Vista. The default registry key value for HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet \ Control\FileSystem\NtfsDisableLastAccessUpdate is now “1″, which means no last access timestamp will be written at all. On Windows XP and Windows 2000
More on Windows Local Kernel-mode Backdoor Techniques
«
10 November 2007 |
13:44 |
Forensics, Live Response, Security |
1 Comment | 970 Views
»
On uninformed.org you can find a whitepaper which describes several ways to get your code covertly executed in the Windows kernel.
On uninformed.org you can find a whitepaper which describes several ways to get your code covertly executed in the Windows kernel.
computer forensics beginners course
«
26 August 2007 |
20:00 |
Events, Forensics |
No Comments | 1,250 Views
»
I’m giving computer forensics classes for beginners in Munich, Frankfurt and of course Berlin.
I’m giving computer forensics classes for beginners in Munich, Frankfurt and of course Berlin.
new theme on computer-forensik.org
«
18 August 2007 |
13:26 |
Admin, Forensics |
1 Comment | 1,528 Views
»
I remodeled my other digital forensics related german website http://computer-forensik.org. It has now a fancy brand new theme.
I remodeled my other digital forensics related german website http://computer-forensik.org. It has now a fancy brand new theme.
Oracle Database Forensics
«
14 August 2007 |
10:16 |
Forensics, Guidelines |
No Comments | 1,284 Views
»
David Litchfield from NGSSoftware published some new material about Oracle Database Forensics.
David Litchfield from NGSSoftware published some new material about Oracle Database Forensics.
Good Practice Guide for Computer-Based Electronic Evidence
«
31 July 2007 |
12:25 |
Forensics, Guidelines |
1 Comment | 1,569 Views
»
The english Association of Chief Police Officers (ACPO) has released a new guide to collecting electronic evidence. The Good Practice Guide for Computer-Based Electronic Evidence has been revised by experts.
The english Association of Chief Police Officers (ACPO) has released a new guide to collecting electronic evidence. The Good Practice Guide for Computer-Based Electronic Evidence has been revised by experts.
