geschonneck.com

As you may have noticed I’m currently only blogging about computer forensics and cybercrime investigations at  digital-forensics.de / computer-forensik.org. So please come over there and read on my dear.

3rd Edition of “Computer-Forensik. Computerstraftaten erkennen, ermitteln, aufklären.” The new revised edition of my book on computer forensics in German language is available. For detailed information and the TOC check out computer-forensik.org or go directly to amazon.

In collaboration with the german IT journal iX I’m going to give again computer forensics lessons in Frankfurt and Berlin.

The Certified Wireless Analysis Professional Official Study Guide is now free available for download.  Very useful if you have to analyse  wireless captures. Please take a look at the content:

A new version of The sleuthkit (TSK) is out now. There are some minor bug fixes included. Changelog

I recently discovered, that Microsoft destroyed a most valuable digital forensics evidence source on NTFS filesystems with Vista. The default registry key value for HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet \ Control\FileSystem\NtfsDisableLastAccessUpdate is now “1″, which means no last access timestamp will be written at all. On Windows XP and Windows 2000

On uninformed.org you can find a whitepaper which describes several ways to get your code covertly executed in the Windows kernel. 

GetData now bundles their forensics tool MountImage Pro v2 with Virtual Forensic Computing (VFC) from MD5 Ltd. You can now mount a forensic image

Microsoft published a tool called Sector Inspector (SecInspect.exe) with the Windows 2003 Server Resource Kit.  This is a command-line diagnostics tool that allows administrators to view the contents of master boot records, boot sectors, and IA64 GUID partition tables. Additional features

The Sleuthkit (TSK) 2.08 is out now. The new version contains