Recently in Forensics Category

I've been reading quite a few posts about Microsofts COFEE toolkit which seems to be designed to help forensics investigators get evidence from (presumably windows based) PCs.

It's amazing to see how many sources on the Internet took the original article here from the Seattle times and came to the conclusion that this was some magical box of tricks that would instantly bypass windows security, as opposed to just being a useful collection of forensics tools, examples of this response are here, here, here and here

Luckily someone at the Seattle Times did some follow-up with Microsoft to confirm that it's actually just a collection of forensics tools and doesn't bypass windows security here

Mark's Sysinternals Blog: Sony, Rootkits and Digital Rights Management Gone Too Far

A great example of how to track down a rootkit on a windows system. Also very interesting to see that the rootkit in question came from a Sony Audio CD!!

Important to watch out for this kind of protection on audio CD's and avoid buying them!.

I came across an interesting site called Linux-Forensics.com. It's a good resource dedicated to the use of Linux in computer forensics

Whilst in general I like the idea of using Linux in alot of places, it'll have a uphill struggle in this area, I think, up against the likes of Encase . One reason for this is that, at least in the UK, Encase is recognised by the police and the courts as being a reliable forensic tool, the evidence from which can be admissable in court. So it would be a brave forensic investigator who used something else, which he would doubtless have more trouble justifying in court.

That said not every forensic analysis ends up in court and encase is a tad on the pricy side.....