As most investigators know, volatile memory contains valuable information about the runtime state of the system, registry keys, network connections in memory and much more. One of the most popular tools to handle memory analysis is Volatility, an open source tool created by Volatile Systems.
Volatility Reporting Plugin for EnCase Forensic v7
As most investigators know, volatile memory contains valuable information about the runtime state of the system, registry keys, network connections in memory and much more. One of the most popular tools to handle memory analysis is Volatility, an open source tool created by Volatile Systems.
- On: 8/07/2013
- No comments
-
- Categories: EnCase App Central , EnCase Forensic , Memory Analysis , Volatility
EnCase App Central - Destined To Be A Game Changer
We are all painfully aware that criminals share their secrets, exploits and even technology. Those investigating cybercrime, attempting to pre-empt dangerous criminals, or finding new ways to rapidly clear cases must be on equal footing.
Whether on the desktop, server, smart mobile device, cloud or on a network, investigating cybercrime requires a combination of exceptional tools along with expert knowledge. One of the unique elements of investigating cybercrime efficiently is that you need expertise in both computer science and social science. Unfortunately, there has not been a solid methodology to bring this cross domain expertise to fruition. It is vital that we close this gap and create a greater overlap between these domains.
- On: 8/02/2013
- No comments
-
- Categories: EnCase App Central
C-TAK by WetStone
Unveiling cyber threats that can impact investigations
Many cyber investigations require a comprehensive understanding of any cyber threats or malware infestation that may impact examinations. The impacts to criminal investigations, civil litigation, human resource actions and incident response engagements can be serious, depending upon the specific threats or malware discovered.
- On: 7/17/2013
- No comments
-
- Categories: C-TAK , EnCase App Central , Malware Analysis , WetStone
Examining Mac OS X User & System Keychains
Introduction
To forensic examiners with little or no knowledge of Mac OS X, the concept of a Mac OS X keychain may be an alien one. This article aims to provide an overview of the following with regards to Mac OS X keychains –- On: 7/08/2013
- No comments
-
- Categories: EnCase App Central , EnCase Forensic , Mac OS X
Safari Form Values Decryptor
As a forensic investigator, you are likely already familiar with the artifacts left in storage on a disk from the use of a web browser. The mainstream browsers all provide, for the most part, the same functionality of things like tabbed browsing, remembering history and exposing it in date ranges, storing bookmarks for later viewing, etc.
One of those features is the topic of this blog post: remembering data that a user typed into a form field so that same value doesn’t have to be typed into that same form next time. This is generally referred to as an autofill form values feature. Firefox, Chrome, Internet Explorer, Safari, they all offer this feature, but each of them store these values in a different way.
- On: 6/26/2013
- No comments
-
- Categories: EnCase App Central , EnCase Forensic , Mac OS X
