Shadow Forensics
Shadow Copy (also called Volume Snapshot Service or VSS, or Previous Versions in Windows Vista) is a feature introduced with Windows XP with SP1, Windows Server 2003, and available in all releases of Microsoft Windows thereafter, that allows taking manual or automatic backup copies or snapshots of a file or folder on a specific volume [...]
Read Full Post | Make a Comment ( None so far )Chain of Custody (Begining of the End or End of the Begining)
I started off trying to write a GIAC/SANS Gold Paper on the Chain of Custody, but due to changing course and completing my CISSP I was unable to complete the paper in the time frame required. I have decided that I hate that the energy I spent on the research and document going to waste [...]
Read Full Post | Make a Comment ( None so far )Forensics for Free
Helix is already out on the market in the free world. This looks interesting though. I am hoping to take it for a spin this weekend.
Apparently some students at Edith Cowan University’s School of Computing and Information Sciences in Australia have developed a Linux-based tool to help collect cyber evidence without compromising its integrity. The [...]
Blog Focus
Through the course of the days, weeks and months of mucking through the security arena I have been thinking about all the neat tricks, shortcuts and tools that I have discovered or been introduced to. In an effort to share these and more importantly have a reference to go back to when I need [...]
Read Full Post | Make a Comment ( None so far )

