geschonneck.com

The new DFRWS File Carving Challenge for the year 2007 has been released. The say: “The goal of this challenge is to design and develop AUTOMATED file carving algorithms that have high true positive and low false positive rates.”

Microsoft published their “Fundamental Computer Investigation Guide For Windows”. The paper discusses processes and tools for use in internal computer investigations for windows systems.

In collaboration with the german IT journal iX I’m going to give some computer forensics lessons in Frankfurt, Munich, Zurich and Vienna this year. 19. – 20.April 2007, Frankfurt/M. (Innside Premium Hotel) 24. – 25.April 2007, München (NH München/Dornach)

“Phishing sites are easy to locate once the bad boys start spamming out thousands of mails linking to their site. But how can such sites be found before that?”

Brian Carrierr released version 2.07 of his file system analysis tool The Sleuthkit: There are a lot of updates and bug fixes. The summarized list is below. The executive summary is that there are new flags for ils to find orphan files and new flags for dls to specify allocation status.There were a lot of [...]

I’d like to comment on PEiD. If you have to analyse an unknown binary and you like to know some details about packers, compilers and crypto features, you should give PEiD a try.

There is a new Helix (Incident Response & Computer Forensics Live CD based on Knoppix) version released. Version 1.8 has a now Andreas Schuster’s PTFinder included an will no longer change JFS information. You can donwload Helix here. All new features at a glance:

Andreas Schuster wrote in his blog about the new event log format in Vista. He also has a good

Harlan Carvey just released the FSP/FRU File Copy Client on SourceForge. The FCli is a GUI client that the investigator can use to select files to be copied from the suspect system, over to the FSP server.