E-Mail Isn't as Ethereal as You Might Think - At first blush, message headers seem esoteric. Why should a lawyer care about the alphanumeric ID assigned to a message, the message's offset from Greenwich Mean Time or the names of the servers it traversed before delivery? The answer lies in how you plan to use the information in discovery... More (LTN)
Computer Forensics Experts, Who's Your Daddy? - As computer forensics has become increasingly important to civil and criminal trials, certification for computer experts has been a growing business. Today there are a handful of nonprofit and for-profit organizations that offer computer forensic certification programs. However, no one program or authority has appeared to define what a computer forensic certification should entail, which means these programs can vary wildly in terms of quality... More (LTN)
CSI SQL Server - Methods for collecting digital evidence - Forensic analysis of database systems is very specific and demanding task, and it was the main inspiration for writing this article. In this article you will find information about what digital forensic is and what kind of methods you can use for collecting digital evidence on SQL Server... More (SQL Server Magazine)
Intro to Report Writing for Digital Forensics - So you’ve just completed your forensic examination and found that forensic gem or smoking gun in your case, so how do you proceed? Depending on where you fall as a forensicator (e.g., law enforcement, intelligence, criminal defense work, incident response, e-discovery) you will have to report your findings. Foremost, find out what type of work product you are going to be required to produce to the client, attorney, etc. This will be your guide for completing your report... More (SANS Blogs)
Insiders Doubt 2008 Pentagon Hack Was Foreign Spy Attack - In the fall of 2008, a variant of a three year-old, relatively-benign worm began winding its way through the U.S. military’s networks, spread by troops using thumb drives and other removable storage media..."Some guys wanted to reach out and touch someone. But months later, we were still doing forensics..." More (Wired.com)
High tech crime fighters in Garfield County Sheriff's Office - When a detective with the Garfield County Sheriff's Office collects a computer, cell phone, digital camera, thumb drive, or any other technological device that potentially holds evidence pertaining to a case, they take it to one person — Detective Cpl. Eric Ashworth. He's the one that sorts through the hundreds of gigabytes worth of files on a hard drive to uncover possible evidence to present to the investigator who's reviewing the case... More (The Citizen Telegram)
F-Response and Passware - Bitlocker Access in Real-Time - Matt Shannon in collaboration with Passware present an interesting method of discovering BitLocker recovery keys from a live session in this short video.
