Some time ago I talked about BitLocker forensics and the decryption of BitLocker encrypted volumes. As a result, I received a few questions and a request regarding TrueCrypt encrypted volumes. Encryption, in general, is quite the challenge…
Building wordlists from Forensic Images
Encryption has become widespread and it's common to encounter at least a few encrypted files during an investigation. Bruteforcing a password is always an option, however, depending on the type of encryption that has been…
TESTED: Forensic imaging tools
There are a few good imaging tools out here. When creating a forensic image you always try to pick the best tool for the job. In this post, I will compare six forensic imagers. This is…
How to secure your WordPress site
The security of your WordPress installation should be a top priority for every website owner. Websites running WordPress are attacked continuously. If you take your website seriously you need to protect your website against hackers.…
File deletion vs wiping (HDD vs SSD)
As you might know, there is a difference between deleting a file and wiping a file. For the user they seem to have the same outcome, the requested file has been removed. However, when you…
TESTED: Camera Ballistics 2
Last week Brett Shaver's had a good post on his blog about placing the suspect behind the camera (Link). Phill Moore named this post in his excellent weekly roundup This week in 4N6 and also…
Forensics 101: What is a forensic image?
A question I get asked a lot is "what is a forensic image?" and what is the difference between an image made with tools like FTK Imager and Acronis true Image. A simple answer would…
AccessData Live Online Training
When working in forensics you will have to keep yourself informed of the latest developments in the field, that's one of the reasons I started creating this blog. Recently I have been attending several Live…
Examining when a system was turned on and…
When you are analyzing a system you might want to document when the system was powered on. One of the best ways to do this is to analyze the windows event log. However, this can…