Mozilla Firefox Forensics: Part 4
Firefox (version 16.0.2) typically includes twelve SQLite databases, each of which performs a different function such as to store bookmarks, cookies, places visited, searches, and so forth.
Mozilla Firefox Forensics: Part 3
The majority of potential forensic information from Firefox does not reside in the Windows Registry, but rather in two directories located in the individual User account(s).
Mozilla Firefox Forensics: Part 2
The most prevalent software applications in use today are probably Web browsers. Although browsers are complex software applications, they have common functionality regarding their main components.
Windows 7 Registry Forensics: Part 7
Security Identifiers (SIDs) are unique alphanumeric character strings of variable length that are assigned during the log-on-process to each user on a stand-alone system or to each user, group, and computer on a domain-controlled network.
Windows 7 Registry Forensics: Part 6
Registry Keys track each mounted volume and assigned drive letter used by the NTFS file system. Information concerning any external devices that had previously been attached to the system will be recorded in certain Registry Keys.
Windows 7 Registry Forensics: Part 5
Artifacts are items of data or information left behind after a specific activity occurs on a system. Any USB device attached to a system will leave artifacts in several locations.
Windows 7 Registry Forensics: Part 4
There are several techniques that can be used to examine the Registry, each of which has its own merits.
Windows 7 Registry Forensics: Part 3
A typical Windows 7 Registry consists of at least five Hives, each of which performs a different function.
Windows 7 Registry Forensics: Part 2
Many forensic examiners are not familiar with the Registry or its forensic importance. One way to gain first-hand knowledge is to explore the Registry on a live, non-forensic computer.
Windows 7 Registry Forensics: Part 1
While the Windows Registry is forensically important, frequently it is not captured during the triage of a live system. Similarly, it is often overlooked during post-mortem examinations.
Analyzing a SIM card can provide the geographical location(s) where the SIM card, the phone, and the owner of the phone (suspect) may have been.
Although a thorough discussion of all the potential evidence that could be on a SIM card is beyond the scope of this column, some of that information will be discussed in this and a future column.
SIMs are found in GSM, iDEN, and Blackberry handsets. Under the GSM framework, a cell phone is termed a Mobile Station, consisting of a SIM card and a handset. From an investigative perspective, one useful feature of a SIM card is that it can be moved from one GSM compatible phone to another.
Understanding The World of Cellular Telephones: Part 3
Cell phones can and do store data or information that the user may not be aware of. It should come as no surprise that this can provide a tremendous amount of potential probative information (evidence) to investigators.
Understanding the World of Cellular Telephones: Part 2
Familiarity with the five main cell phone operating systems can aid your investigation.
Understanding the World of Cellular Telephones: Part 1
Telephone technology has evolved by leaps and bounds. It is important to understand some of the key terminology used when discussing cellular phones and other mobile devices.
Parameters For Selecting A Triage Tool
Triage tools vary greatly in their technical and operational performance capabilities.
Triaging a computer allows investigators to gather volatile data that would be lost by pulling the plug on a live system.
The Digital Forensic Sub-Disciplines: Part 2
The confusion concerning the Digital and Multimedia Evidence Sub-Disciplines suggests the Discipline should be revised.
The Digital Forensic Sub-Disciplines: Part 1
Can we clearly differentiate whether an examination falls under Computer Forensics, Forensic Audio, Image Analysis, or Video Analysis?
Cloud Computing: Another Digital Forensic Challenge
Cloud computing raises some unique law enforcement concerns regarding the location of potential digital evidence, its preservation, and its subsequent forensic analysis.
To Search or Not to Search…the Search Continues
The examination of a computer’s hard drive without an additional warrant may become problematic.
Pertaining to the seizure of digital devices, there is some misunderstanding concerning what “executing the warrant within ten days” actually means.
Anti-Digital Forensics, The Next Challenge: Part 2
This issue, we take a look at the general categories of anti-digital forensics.
