3rd Edition of “Computer-Forensik. Computerstraftaten erkennen, ermitteln, aufklären.”
The new revised edition of my book on computer forensics in German language is available.
For detailed information and the TOC check out computer-forensik.org or go directly to amazon.
3rd edition of my book
«
4 May 2008 |
8:47 |
Articles, Forensics |
No Comments | 133 Views
»
computer forensics workshops in Berlin and Frankfurt
«
4 April 2008 |
17:00 |
Events, Forensics, Speeches |
No Comments | 346 Views
»
In collaboration with the german IT journal iX I’m going to give again computer forensics lessons in Frankfurt and Berlin.
In collaboration with the german IT journal iX I’m going to give again computer forensics lessons in Frankfurt and Berlin.
Certified Wireless Analysis Professional Official Study Guide
«
14 January 2008 |
13:25 |
Security |
1 Comment | 749 Views
»
The Certified Wireless Analysis Professional Official Study Guide is now free available for download. Very useful if you have to analyse wireless captures. Please take a look at the content:
The Certified Wireless Analysis Professional Official Study Guide is now free available for download. Very useful if you have to analyse wireless captures. Please take a look at the content:
The Sleuthkit 2.10
«
13 December 2007 |
9:37 |
Forensics, Tools |
1 Comment | 818 Views
»
A new version of The sleuthkit (TSK) is out now. There are some minor bug fixes included. Changelog
A new version of The sleuthkit (TSK) is out now. There are some minor bug fixes included. Changelog
WTF is Microsoft doing with the Last Access Timestamp on Vista?
«
20 November 2007 |
8:52 |
Forensics, Stories |
2 Comments | 1,126 Views
»
I recently discovered, that Microsoft destroyed a most valuable digital forensics evidence source on NTFS filesystems with Vista. The default registry key value for HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet \ Control\FileSystem\NtfsDisableLastAccessUpdate is now “1″, which means no last access timestamp will be written at all. On Windows XP and Windows 2000
I recently discovered, that Microsoft destroyed a most valuable digital forensics evidence source on NTFS filesystems with Vista. The default registry key value for HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet \ Control\FileSystem\NtfsDisableLastAccessUpdate is now “1″, which means no last access timestamp will be written at all. On Windows XP and Windows 2000
More on Windows Local Kernel-mode Backdoor Techniques
«
10 November 2007 |
13:44 |
Forensics, Live Response, Security |
1 Comment | 826 Views
»
On uninformed.org you can find a whitepaper which describes several ways to get your code covertly executed in the Windows kernel.
On uninformed.org you can find a whitepaper which describes several ways to get your code covertly executed in the Windows kernel.
Booting EnCase Images
«
2 May 2007 |
19:48 |
Forensics, Live Response, Tools |
No Comments | 1,747 Views
»
GetData now bundles their forensics tool MountImage Pro v2 with Virtual Forensic Computing (VFC) from MD5 Ltd. You can now mount a forensic image
GetData now bundles their forensics tool MountImage Pro v2 with Virtual Forensic Computing (VFC) from MD5 Ltd. You can now mount a forensic image
Sector Inspector (SecInspect.exe)
«
9 April 2007 |
13:52 |
Forensics, Tools |
No Comments | 1,560 Views
»
Microsoft published a tool called Sector Inspector (SecInspect.exe) with the Windows 2003 Server Resource Kit. This is a command-line diagnostics tool that allows administrators to view the contents of master boot records, boot sectors, and IA64 GUID partition tables. Additional features
Microsoft published a tool called Sector Inspector (SecInspect.exe) with the Windows 2003 Server Resource Kit. This is a command-line diagnostics tool that allows administrators to view the contents of master boot records, boot sectors, and IA64 GUID partition tables. Additional features
