Published Papers

Code in a Flash

Recently I have been involved with the analysis of a number of rogue web sites linked to a fast flux network. Tracking websites is hard enough, but the process to analyse the flash code and other...

Published on: 2009-05-11

Topic: Developer

System Scanner

System scanner (available from CodeProject) is designed as a replacement to the Task manager. For the forensic or incident handling professional, this tool allows for the dumping of virtual memory...

Published on: 2009-04-28

Topic: Digital Forensics

Using HELIX Live for Windows

The Helix Live function is used to collect volatile data (evidence) and in cases where the system cannot be shutdown. Whenever you work on a live system, you need to ensure that you take care to...

Published on: 2009-04-27

Topic: Digital Forensics

Code Skills Make Better Forensic Analysts

I know I am pushing something up a hill here in suggesting this, but .Net coding in a Windows environment and general coding skills for Linux should be a goal for all Forensic Analysts to learn....

Published on: 2009-04-24

Topic: Digital Forensics

SQL Rootkits

The traditional means of recovering a compromised system has been to rebuild the server and to reload the data. Rarely is the data validated to any extent in this process. In fact, many...

Published on: 2009-03-27

Topic: Information Security

SQL, Databases and Forensics

For the most part, databases have become an integral part of any organization. More importantly, they have become mission-critical. On top of this, many enterprise-level databases are far larger...

Published on: 2009-03-11

Topic: Digital Forensics

Forensics and Data Access Auditing

Data access auditing is a surveillance control that intersects with forensics and incident handling. In all events, the same level of care needs to be taken as any event can lead to a forensic engagement.

Published on: 2009-03-09

Topic: Digital Forensics

Starting a Drive Repair/Recovery Lab

I have been writing about drive wiping and recovery for a while now. So I thought it about time that I started to go over the basic tools. There are a large number of tools that should be held at...

Published on: 2009-02-23

Topic: Digital Forensics

Free Windows Drive Tools

In this post I am going to talk about three free tools that are essential for diagnosing problems with failing drives. These are HDDscan, the USBASPI V2.20 MS-DOS Driver and Partition Find and Mount.

Published on: 2009-02-18

Topic: Information Security

Overwriting Can Occur Anytime, As Long As it is Done Once After

In recent posts, I have reported on some of the findings published in a paper I published with Dave Kleiman and Sundhar S. R. S [1]. We are working on a series of follow-up papers on the topic...

Published on: 2009-02-11

Topic: Information Security