Published Papers
Unix Logging
There are a wide variety of logging functions and services on UNIX. Some of these, such as the Solaris audit facility, are limited to a particular variety of UNIX. It is important that the digital...
Published on: 2010-03-10
Topic: Digital Forensics
Building a Unix/Linux Incident response / Forensic Disk
There are many Linux distributions readily available. This however should not stop you creating your own version of a UNIX forensic tools disc. Whether you are on Solaris, HP-UX or any other...
Published on: 2010-03-09
Topic: Digital Forensics
Testing Homogeneity of Variance
An introductory simulation study established that Anova is extremely susceptible to heterogeneity of the variances. This occurs both in normally distributed and non-normal datasets. Even small...
Published on: 2009-11-17
Topic: Data
Download PaperAn Analysis of SpyKing
In this post, I am going to touch on several methods of analysis used in discovering how a potentially malicious program functions. In this case, I have selected a covert surveillance program...
Published on: 2009-11-03
Topic: Digital Forensics
Reverse Engineering Java
You have just come across a site compromise. You believe that the client was impacted due to a malicious java .class file on a rogue website that they visited. The class file is compiled, what can...
Published on: 2009-09-28
Topic: Digital Forensics
System State Backup
The Windows system state backup is in effect a backup of the complete system. Everything that is present within the system will be copied as backup so that no data or information is lost whenever...
Published on: 2009-07-03
Topic: Information Security
Live Investigations
Ever need to get hold of a set of trusted tools to check processes on a live windows host and just don't have a disk with these on you?
Published on: 2009-06-22
Topic: Digital Forensics
Simple Anti-Forensic and Signature stamping techniques using Unicode
The introduction of Unicode characters (such as Persian, Cyrillic and Arabic characters) has introduced both a simple means of fingerprinting intellectual property (signature stamping) and a very...
Published on: 2009-05-20
Topic: Digital Forensics
A Step-by-Step Introduction to Using the AUTOPSY Forensic Browser
This is a brief tutorial on how to use the Autopsy Forensic Browser as a front end for the Sleuthkit. This tool is an essential for Linux forensics investigations and can be used to analyze...
Published on: 2009-05-11
Topic: Digital Forensics
How Math Can Help With Forensics
Data mining, text mining and network association are all statistical tools that have come into their own as the shear quantity of available computational power increases. True, you do not need to...
Published on: 2009-05-11
Topic: Digital Forensics