The art and science of forensic examination of digital computing systems including but not limited to personal computers, web servers, portable devices and automotive computers.
4 posters
Digital Forensics
dangrsmind- Posts : 676
Join date : 2010-02-16
Location : San Francisco
- Post n°2
Re: Digital Forensics
Commercial disk wiping programs don't work in many cases. See: http://igneous.scis.ecu.edu.au/proceedings/2005/forensics/woodward.pdf
This is good news for the forensic examiner, not so good for privacy advocates.
This is good news for the forensic examiner, not so good for privacy advocates.
dangrsmind- Posts : 676
Join date : 2010-02-16
Location : San Francisco
- Post n°5
Re: Digital Forensics
Digital image forensics and image tamper detetion: http://www.cs.dartmouth.edu/farid/research/tampering.html
dangrsmind- Posts : 676
Join date : 2010-02-16
Location : San Francisco
- Post n°6
Re: Digital Forensics
Scanner identification: http://www.ecn.purdue.edu/~prints/public/papers/ei07-nitin2.pdf
I've built some software in this area and my algorithm was much faster and simpler than everything I have found in the literature.
I've built some software in this area and my algorithm was much faster and simpler than everything I have found in the literature.
dangrsmind- Posts : 676
Join date : 2010-02-16
Location : San Francisco
- Post n°7
Re: Digital Forensics
Printer tracking: http://w2.eff.org/Privacy/printers/docucolor/
Bet you didn't know these dots are very likely on your driver's license and almost every color print you've ever made.
Bet you didn't know these dots are very likely on your driver's license and almost every color print you've ever made.
dangrsmind- Posts : 676
Join date : 2010-02-16
Location : San Francisco
- Post n°8
Re: Digital Forensics
Recommended reading: http://books.google.com/books?id=Y7eKM3kl7DEC
dangrsmind- Posts : 676
Join date : 2010-02-16
Location : San Francisco
- Post n°9
Re: Digital Forensics
How to REALLY Erase a Hard Drive: http://blogs.zdnet.com/storage/?p=129
dangrsmind- Posts : 676
Join date : 2010-02-16
Location : San Francisco
- Post n°10
Re: Digital Forensics
Overwriting doesn't work. Can Intelligence Agencies Read Overwritten Data: http://www.nber.org/sys-admin/overwritten-data-guttman.html
dangrsmind- Posts : 676
Join date : 2010-02-16
Location : San Francisco
- Post n°11
Re: Digital Forensics
Facebook Forensics: http://blogs.sans.org/computer-forensics/2009/06/11/facebook-forensics/
dangrsmind- Posts : 676
Join date : 2010-02-16
Location : San Francisco
- Post n°12
Re: Digital Forensics
As of November 2007, the United States Department of Defense considers overwriting acceptable for clearing magnetic media within the same security area/zone, but not as a sanitization method. Only degaussing or physical destruction is acceptable for the latter.[4]
On the other hand, according to the 2006 NIST Special Publication 800-88 (p. 7): "Studies have shown that most of today’s media can be effectively cleared by one overwrite" and "for ATA disk drives manufactured after 2001 (over 15 GB) the terms clearing and purging have converged."[1] An analysis by Wright et al. of recovery techniques, including magnetic force microscopy, also concludes that a single wipe is all that is required for modern drives. They point out that the long time required for multiple wipes "has created a situation where many organisations ignore the issue all together – resulting in data leaks and loss. "[5]
http://en.wikipedia.org/wiki/Data_remanence
On the other hand, according to the 2006 NIST Special Publication 800-88 (p. 7): "Studies have shown that most of today’s media can be effectively cleared by one overwrite" and "for ATA disk drives manufactured after 2001 (over 15 GB) the terms clearing and purging have converged."[1] An analysis by Wright et al. of recovery techniques, including magnetic force microscopy, also concludes that a single wipe is all that is required for modern drives. They point out that the long time required for multiple wipes "has created a situation where many organisations ignore the issue all together – resulting in data leaks and loss. "[5]
http://en.wikipedia.org/wiki/Data_remanence
Percy- Moderator
- Posts : 1274
Join date : 2010-02-16
- Post n°13
Re: Digital Forensics
This is fantastic stuff, thanks very much for all these links, we really have a nice reference link library here now about many different things. I like how its coming along.
DoctorZ- Posts : 90
Join date : 2010-02-26
Location : Northern VA, aka Hell
- Post n°14
Re: Digital Forensics
I guess this article might fit in here:
http://www.eff.org/deeplinks/2010/03/eff-posts-documents-detailing-law-enforcement
http://www.eff.org/deeplinks/2010/03/eff-posts-documents-detailing-law-enforcement
dangrsmind- Posts : 676
Join date : 2010-02-16
Location : San Francisco
- Post n°15
Re: Digital Forensics
Yes, thanks for posting that. Here's the link to the master site: http://www.eff.org/foia/social-network-monitoring
Stay tuned, there will be some interesting revelations I expect.
Stay tuned, there will be some interesting revelations I expect.
claudicici- Posts : 1259
Join date : 2010-02-16
- Post n°16
Re: Digital Forensics
haha ,c'mon us x-websleuthers knew for a long time that's how you get the good stuff
dangrsmind- Posts : 676
Join date : 2010-02-16
Location : San Francisco
- Post n°17
Re: Digital Forensics
The way you get the good stuff is to capture everything and throw out most of it. See http://www.blackhat.com/presentations/bh-usa-09/TOPLETZ/BHUSA09-Topletz-GlobalSpying-PAPER.pdf
|
|