Analyzing Malware in Memory Webinar

On December 18th I will be leading a webinar on analyzing malware in memory with Volatility and memory forensics techniques. The following l...

Interview with Eddie Sheehy, CEO, Nuix

Eddie, can you tell us something about your background and your current role as CEO of Nuix ? I joined Nuix as CEO in 2006 after working fo...

Interview with Jonathan Krause, Managing Director, First Response

Jonathan, we last interviewed you back in 2008, what have you been doing since then? In early 2008 I started Forensic Control after four yea...

Android Forensics DFIROnline presentation

I was writing to say that I will be giving a DFIRonline presentation this Thursday on Android Forensics using Volatility and LiME: http://ww...

Windows Memory Forensics Training for Analysts by Volatility Developers

We are please to announced the public offering of our Windows Memory Forensics for Analysts training course delivered by Volatility develope...

Webinar (online now): Pitfalls of Interpreting Forensic Artifacts in the Windows Registry

The webinar "Pitfalls of Interpreting Forensic Artifacts in the Windows Registry" is now online here . If you encounter any diffic...

Guidance Software Releases EnCase® Forensic v7.05

Guidance Software Inc. has announced the release of EnCase® Forensic version 7.05 . This latest version of the industry-standard forensics ...

Webinar: Pitfalls of Interpreting Forensic Artifacts in the Windows Registry

In this webinar, Jacky Fox, student at UCD School of Computer Science and Informatics, presents the results of her dissertation on Windows ...

Week 4 of the Month of Volatility Plugins posted!

I was writing to announce the last week of the month of Volatility plugins is finished, and we now have five more in-depth blog posts cove...

Interview with Lindy Sheppard, F3 (First Forensic Forum) Secretary

Lindy, tell us something about the cases you have been involved in. I have been involved in quite a variety of cases, from counter terrorism...

Week 3 of the Month of Volatility Plugins posted!

I was writing to announce that week 3 of the month of Volatility plugins is finished, and we now have five more in-depth blog posts coverin...

Week 2 of the Month of Volatility Plugins posted!

I was writing to announce that week 2 of the month of Volatility plugins is finished, and we now have five more in-depth blog posts coveri...

Week 1 of the Month of Volatility Plugins posted!

I was writing to announce that week 1 of the month of Volatility plugins is finished, and we now have five in-depth blog posts covering Wind...

Interview with Philip Anderson, Senior Lecturer at Northumbria University

Philip, can you tell us something about your background and why you decided to teach digital forensics? I graduated from Northumbria Univers...

Windows 8 Forensics webinar - alternative URL

Sincere apologies to anyone having difficulty connecting to the Meetingburner service to view the Windows 8 Forensics presentation - pleas...

JADsoftware - The Company Behind IEF - Re-Launches As Magnet Forensics Inc.

JADsoftware, the company behind the industry-leading digital forensics product Internet Evidence Finder (IEF), announced on Monday that the...

Computer Analysts and Experts – Making the Most of GPS Evidence

by Professor David Last The many companies that sell software for computer forensics have developed products for analysing satellite naviga...

Generating computer forensic supertimelines under Linux: A comprehensive guide for Windows-based disk images

When the authors first published this paper, their intentions were to develop a comprehensive guide to digital forensic timelines in order ...

Webinar: Windows 8 Forensics - A First Look

Take a first look at Windows 8 forensics in a webinar presented by Josh Brunty, Assistant Professor of Digital Forensics at Marshall Univer...

Apple phones are AES-tough, says forensics expert

Monday's Technology Review carries a glowing tribute to Apple iPhone security according to its author, Simson Garfinkel, a contributin...

Researchers Show How to Crack Android Encryption

As forensic examiners, some of the last things we want to hear are "encryption" and "enabled" in the same sentence, how...

Recoving tmpfs from Memory with Volatility

In this blog post I will introduce a new Volatility Linux plugin, tmpfs , and discuss its uses and implementation. The purpose of this plugi...

Forensic Examination of FrostWire version 5

As digital forensic practitioners, we are faced regularly with users utilizing the internet to swop and download copyrighted and contraband...

Book Review: Mastering Windows Network Forensics & Investigations

by Chad Tilbury Mastering Windows Network Forensics and Investigations  fills an interesting niche not well addressed in the pantheon of di...

Introduction to Penetration Testing – Part 3a – Active Reconnaissance

by Si Biles, Thinking Security Apologies in advance, this is a bit of a connective blog entry – this is a big topic, and it needs some scen...

Authenticating Internet Web Pages as Evidence: a New Approach

By John Patzakis [1] and Brent Botta [2] Previously, in Forensic Focus, we addressed the issue of evidentiary authentication of social medi...

"Finding Evidence in an Online World" webinar recording and PDF now available

A recording of this week's webinar "Finding Evidence in an Online World - Trends and Challenges in Digital Forensics" is now ...

Retrieving Digital Evidence: Methods, Techniques and Issues

by Yuri Gubanov  yug@belkasoft.com Belkasoft Ltd.  http://belkasoft.com This article describes the various types of digital forensic eviden...

Parallels hard drive image converting for analysis

by zoltanszabodfw The other day, talking to one of the analysts in Dallas, a question emerged about analyzing Parallels’ virtual machine ha...

Introduction to Penetration Testing – Part 2 – The Discovery Phase – Passive Reconnaissance

by Si Biles ( @si_biles ), consultant for  Thinking Security PenTest, like forensics, is almost as much an art as it is a science – you ca...

Interview with John H. Riley, Bloomsburg University of Pennsylvania

John, can you tell us something about your background and why you decided to teach digital forensics? First, thanks for the opportunity to d...

Announcing Mac Support in Volatility

I am writing to announce that Volatility now supports captures from Mac systems! I gave a talk on the new capabilities at the recent SANS DF...

An Introduction to Penetration Testing – Part 1

by Si Biles In an earlier article, many moons ago (Sorry Jamie !), I stated my opinion that Forensics and Security were opposite sides of t...

SANS Summit Pre-Talk Teaser

A week from today I will be speaking at the SANS DFIR Summit about the research and development I performed to add Mac OS X support to Vola...

Interview with Professor Golden G. Richard III, University of New Orleans

Golden, can you tell us something about your background and why you decided to teach digital forensics? I studied computer science at the Un...

A New Blog!

Hello and welcome to my new blog where I will be posting about my research into memory and disk forensics as well as other related topics.  ...

Interview with John Patzakis, Founder and CEO of X1 Discovery

John, the last time you were interviewed at Forensic Focus you were the Vice Chairman and Chief Legal Officer at Guidance Software. Now yo...

Interview with Noreen Tehrani, Applied Trauma Psychologist, NTA

Can you tell us something about your background and why you decided to work in the field of applied trauma psychology? I have had a very mix...