Here, here. While there may not yet be a generally recognized and accepted "CPA" equivalent certification standard or training process for 'computer ...
Ok here goes my politically incorrect statement as usual and realistic approach based on personal experience. Sometimes we get so caught up in a laboratory,...
... Avoiding the 'to cert or not to cert' question and focusing on what to get, I'd recommend SANS (www.sans.org) and their certs. They have a continued focus...
... Yeah, to me it is a said statement that there used to be only one version; do the practical + pass the test(s) or don't get the cert. Now there's an option...
... That is the way many people felt when they made the change. I learned more from the practical than anything else. K Murphy...
maillist
maillist@...
Nov 8, 2006 12:00 am
2375
My question is: if a suspect uses Linux and burns a .iso image to a CD-ROM using a utility such as k3b, is there any way to forensically trace the burned...
... It is sometimes possible to find remnants of the ISO creation process in deleted file space, including contents of the files that were included in the ISO...
Here is my two cents, This has always been a concern of mine, Which Cert. to invest your money into that is recognized by both corp. and LE and gov.. In the...
... I remember seeing a show on that. The military had done it I believe. It was a 5 1/4" floppy at the time. The guy cut it up in pieces as the military...
I have seen the same doco. From memory they used Anadisk http://www.forensics-intl.com/anadisk.html on the spliced disk. I am pretty sure it contained some...
I attended training for IACIS in 1994 and we dui the cut up diskette deal. We were each given a diskette that had been cut in large chunks. As I remember the...
... Hi Jesse, I tried it when I first heard about it on Cyberspeak. It seems to work well. I was anticipating that it would work its way into forensic...
Hi Jessie, I had previously used it and it seemed to work well. I just tested it tonight under Linux (FC5) by running it against a folder and piping to a...
You are exactly right that fuzzy hashing doesn't work well with small files. The limitation comes from the underlying math, so it's not something that can be...
... Thanks Jesse. That's good to know. Would you perhpaps be able to modify the application so that if a file is too small to properly fuzzy hash that it...
Hi All I have been tasked to examine a computer which was found to be running at the scene of an att murder. The machine is running Windows Vista RC1 beta and...
Stuart, Since W2k3 SP1, including Vista, M$ moved access to the object \\.\PhysicalMemory from user land to kernel land. Thus dd off the Helix disk will...
[I've renamed the subject line to be more descriptive.] ... [...] ... If you can successfully image the system (and process) memory, the question may still...
Hey Jesse, I kicked an email to George M. Garner Jr, the developer for this knttools/kntdd to see if he had an open source available for the public. He...
Hi list, I have taken an image of a small harddisk with using ddrescue. The disk has this layout: $#mmls image.dd DOS Partition Table Sector: 0 Units are in...
Emat
forensics@...
Nov 19, 2006 10:22 pm
2395
... you checked to see if there is a valid boot sector there? dd if=image.dd bs=512 skip=63 count=1 | xxd | less Look for a DOS signature (OEM string should be...
We recently acquired a firefly 800 IDE bridge, described here: http://www.ncjrs.gov/pdffiles1/nij/212957.pdf We plugged it into an Adaptec Fireconnect 8300 ...
Here ya go: http://www.linux1394.org/ ... ________________________________________________________________________ 1. Linux + firefly 800/IDE => working? ...
Stuart, I sincerely hope you capture and convict the guilty party. As a criminal defense attorney, though, I have to wonder if there is anything akin to the ...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
