Good discussion on "push button computer forensics" at http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=4906
Original blog post at http://integriography.wordpress.com/2009/11/17/the-value-of-push-button-forensics/
Some further comment at http://www.darkreading.com/blog/archives/2009/11/pushbutton_fore.html
Thursday, November 19, 2009
Thursday, November 12, 2009
Academic institutions - updated
I've updated the first post of this thread with everything we have so far (in something like alphabetical order). Thanks again to everyone who's contributed and please continue sending in details of anywhere not already listed.
Thanks,
Jamie
Thanks,
Jamie
Wednesday, November 11, 2009
Computer Forensics in the Geek Press – A Taxonomy
"So COFEE has finally been leaked onto the Internet. It was inevitable and it’s a wonder that it wasn’t released sooner, but nevertheless it marks a sad day for the Law Enforcement computer forensics community...So why the long face, as the horse said to the Easter Island monolith? It’s the lolz. It’s all about the lolz, and a decrease thereof. Every so often COFEE is mentioned on a geek-news site like The Register or Slashdot, and whenever this happens, the comments come alive with a thousand angry, confused, wounded monkeys, all in an uproar about the existence of this pernicious tool..."
More (Happy as a Monkey)
More (Happy as a Monkey)
Friday, November 06, 2009
Academic institutions - who are we missing?
Hi everyone,
As many of you know I've recently made a start on building the new education section at Forensic Focus (hopefully bringing it online later this month) with the aim of listing every computer forensics university and college course worldwide.
I'd like to ask for your help in making sure I don't miss out any relevant institutions. The following is a list of the places currently on my master list - if you know of any place not listed below (and I'm sure there are many of them) I'd be grateful if you could either post a reply to this thread or email me with the details on admin @ forensicfocus.com. If you're able to provide a contact email address for a member of the teaching staff that would be great too (obviously if you yourself are a member of staff please don't hesitate to get in touch!)
OK, here's what I have so far:
UK
University of Bedfordshire
Birmingham City University (contact person details required)
University of Bradford
Coventry University
Cranfield University
De Montfort University (contact person details required)
University of Derby
University of East London (contact person details required)
Edinburgh Napier University
University of Glamorgan
University of Greenwich (contact person details required)
University of Huddersfield
Kingston University (contact person details required)
University of Central Lancashire
Leeds Metropolitan University
Lincolns College London (contact person details required)
Liverpool John Moores University (contact person details required)
London Metropolitan University
Middlesex University
Northumbria University
The Open University
University of Portsmouth
Royal Holloway, University of London
Staffordshire University
University of Strathclyde
University of Sunderland
Teesside University (contact person details required)
University of the West of England
University of Westminster
Ireland
University College Dublin
Dublin City University
Waterford Institute of Technology
US & Canada
Anne Arundel Community College
BCIT Centre for Forensics and Security Technology Studies
Bloomsburg University of Pennsylvania
Butler County Community College
California State University, Fullerton
Champlain College
DeVry University (contact person details required)
Edmonds Community College
University of Central Florida (contact person details required)
The George Washington University
Highline Community College (contact person details required)
Johns Hopkins University
John Jay College of Criminal Justice
Kaplan University - Hagerstown Campus (contact person details required)
Kennesaw State University
College of Lake County
Missouri Southern State University
Central Piedmont Community College
Pittsburgh Technical Institute
Purdue University Cyber Forensics Lab
University of Rhode Island (USA)
Rich Mountain Community College
Sam Houston State University
Stark State College of Technology
Stevenson University (contact person details required)
University of Texas at San Antonio
Tompkins Cortland Community College (contact person details required)
Walsh College
Washtenaw Community College (contact person details required)
Wilmington University (contact person details required)
Other
University of Cape Town (UCT)
University of Madras
University of Milan
Asian School of Cyber Laws (contact person details required)
If you can help by adding to this list or providing contact details I'd be very grateful - many thanks in advance!
Kind regards,
Jamie
As many of you know I've recently made a start on building the new education section at Forensic Focus (hopefully bringing it online later this month) with the aim of listing every computer forensics university and college course worldwide.
I'd like to ask for your help in making sure I don't miss out any relevant institutions. The following is a list of the places currently on my master list - if you know of any place not listed below (and I'm sure there are many of them) I'd be grateful if you could either post a reply to this thread or email me with the details on admin @ forensicfocus.com. If you're able to provide a contact email address for a member of the teaching staff that would be great too (obviously if you yourself are a member of staff please don't hesitate to get in touch!)
OK, here's what I have so far:
UK
University of Bedfordshire
Birmingham City University (contact person details required)
University of Bradford
Coventry University
Cranfield University
De Montfort University (contact person details required)
University of Derby
University of East London (contact person details required)
Edinburgh Napier University
University of Glamorgan
University of Greenwich (contact person details required)
University of Huddersfield
Kingston University (contact person details required)
University of Central Lancashire
Leeds Metropolitan University
Lincolns College London (contact person details required)
Liverpool John Moores University (contact person details required)
London Metropolitan University
Middlesex University
Northumbria University
The Open University
University of Portsmouth
Royal Holloway, University of London
Staffordshire University
University of Strathclyde
University of Sunderland
Teesside University (contact person details required)
University of the West of England
University of Westminster
Ireland
University College Dublin
Dublin City University
Waterford Institute of Technology
US & Canada
Anne Arundel Community College
BCIT Centre for Forensics and Security Technology Studies
Bloomsburg University of Pennsylvania
Butler County Community College
California State University, Fullerton
Champlain College
DeVry University (contact person details required)
Edmonds Community College
University of Central Florida (contact person details required)
The George Washington University
Highline Community College (contact person details required)
Johns Hopkins University
John Jay College of Criminal Justice
Kaplan University - Hagerstown Campus (contact person details required)
Kennesaw State University
College of Lake County
Missouri Southern State University
Central Piedmont Community College
Pittsburgh Technical Institute
Purdue University Cyber Forensics Lab
University of Rhode Island (USA)
Rich Mountain Community College
Sam Houston State University
Stark State College of Technology
Stevenson University (contact person details required)
University of Texas at San Antonio
Tompkins Cortland Community College (contact person details required)
Walsh College
Washtenaw Community College (contact person details required)
Wilmington University (contact person details required)
Other
University of Cape Town (UCT)
University of Madras
University of Milan
Asian School of Cyber Laws (contact person details required)
If you can help by adding to this list or providing contact details I'd be very grateful - many thanks in advance!
Kind regards,
Jamie
Thursday, November 05, 2009
Academic contacts - can you help?
I'm in the middle of compiling the new education section for the site and am trying to contact as many academic institutions as possible. However, I'm having some difficulty contacting staff members at the following universities and colleges:
UK
Birmingham City University
De Montfort University
University of Greenwich
University of East London
Leeds Metropolitan University
Lincolns College London
Royal Holloway, University of London
Kingston University
Liverpool John Moores University
Teesside University
Ireland
Waterford Institute of Technology
Dublin City University
US
University of Central Florida
DeVry University
Highline Community College
Kaplan University - Hagerstown Campus
Stevenson University
Tompkins Cortland Community College
Walsh College
Washtenaw Community College
Wilmington University
Italy
University of Milan
India
University of Madras
If you have an email address for a member of the computer forensics teaching staff - preferably the course leader - at any of the above I'd be grateful if you could mail me with it (if you're comfortable doing so) or alternatively ask the staff member to contact me directly on admin @ forensicfocus.com if you think they might want their institution to appear in the new section (there's no fee for inclusion, I just want to make sure the details are accurate.)
Many thanks in advance!
Jamie
UK
Birmingham City University
De Montfort University
University of Greenwich
University of East London
Leeds Metropolitan University
Lincolns College London
Royal Holloway, University of London
Kingston University
Liverpool John Moores University
Teesside University
Ireland
Waterford Institute of Technology
Dublin City University
US
University of Central Florida
DeVry University
Highline Community College
Kaplan University - Hagerstown Campus
Stevenson University
Tompkins Cortland Community College
Walsh College
Washtenaw Community College
Wilmington University
Italy
University of Milan
India
University of Madras
If you have an email address for a member of the computer forensics teaching staff - preferably the course leader - at any of the above I'd be grateful if you could mail me with it (if you're comfortable doing so) or alternatively ask the staff member to contact me directly on admin @ forensicfocus.com if you think they might want their institution to appear in the new section (there's no fee for inclusion, I just want to make sure the details are accurate.)
Many thanks in advance!
Jamie
Wednesday, October 14, 2009
Certifications are Evil
Thought-provoking post from John McCash over at Mark McKinnon's blog:
"Folks, this is an opinion piece, and it's going to be a controversial one. Some of you started composing a scathing rebuttal to it as soon as you read the title. Normally I restrict myself to what I hope are useful technical tidbits, but like most of you out there, I'm a forensic practitioner, and I have little patience for time sinks which provide no benefit (no I'm not including the training in that category, save your flames for the end). I've always begrudged the time commitment (over and above what's required to actually take the training and learn the included material) required to attain certifications, despite which I'm in possession of five, soon to be six, not counting my master's degree, so I like to think I speak from some degree of experience..."
Read more, and the ensuing discussion, here.
"Folks, this is an opinion piece, and it's going to be a controversial one. Some of you started composing a scathing rebuttal to it as soon as you read the title. Normally I restrict myself to what I hope are useful technical tidbits, but like most of you out there, I'm a forensic practitioner, and I have little patience for time sinks which provide no benefit (no I'm not including the training in that category, save your flames for the end). I've always begrudged the time commitment (over and above what's required to actually take the training and learn the included material) required to attain certifications, despite which I'm in possession of five, soon to be six, not counting my master's degree, so I like to think I speak from some degree of experience..."
Read more, and the ensuing discussion, here.
Tuesday, October 13, 2009
Shrinking the gap: carving NTFS-compressed files
A new paper from Joachim Metz of Hoffmann Investigations titled "Shrinking the gap: carving NTFS-compressed files" is now available here. Readers may be interested to note that carving NTFS-compressed data will also be part of the advanced carving topic of the Hoffmann Forensic Sessions in November.
My thanks to Joachim for another excellent paper!
My thanks to Joachim for another excellent paper!
Thursday, September 24, 2009
Interview with Jim Gordon, West Mercia Police
Forensic Focus: Jim, can you tell us something about your background?
Jim Gordon: I left school in Dundee, Scotland when I was 17 years old and joined the Royal Air Force Police. I served in the RAF Police for just over 15 years, the majority of which was spent in the Special Investigation Service. Like most service personnel I served all over the place including three years in Cyprus, also visiting Belize in Central America, the Falkland Islands and finishing off with three years at the Joint Headquarters at Rheindahlen near Monchengladbach in Germany.
On leaving the RAF I joined Merseyside Police where I served in Liverpool city centre. I ended up on a Pro Active vehicle crime unit. After three great years I transferred to West Mercia Police where I was initially stationed at Kidderminster to the South West of Birmingham.
West Mercia is the fourth largest geographic police area in England and Wales. It covers the Welsh border counties of Herefordshire, Worcestershire and Shropshire. While West Mercia is predominantly rural, it also contains some densely populated urban areas and many market towns. As you can imagine it was quite a culture shock compared to Liverpool City centre.
After a short period in uniform I spent a number of years on the Pro Active CID, mainly employed in drug investigations at a local level, before successfully applying to become a Detective in the Criminal Investigation Department. In 2001 I successfully applied to join the Hi Tech Crime Unit. As they say the rest is history.
Forensic Focus: Why did you decide to work in the field of computer crime investigation?
Jim Gordon: I was always interested in computers from my days of being the proud owner of a ZX Spectrum and later when I seriously upgraded to an Olivetti 486. Whilst in the CID at Kidderminster I successfully completed a project management course and later during 2000 had the opportunity of going on an attachment to help the Force introduce the National Intelligence Model. Whilst part of the project team I first came into contact with the Hi Tech Crime Unit that at that time consisted of one member of staff. During 2001 the Hi Tech Crime Unit expanded and I successfully applied for one of the roles within the unit. As you can see from my background I’ve always worked in an investigatory role which is something that I enjoy and so computer forensics allows me to continue this, learn new things everyday and support the investigation teams...
Read more at http://www.forensicfocus.com/jim-gordon-interview-150909
Wednesday, September 23, 2009
Forensic Focus Graduate Recruitment
I'm delighted to announce the introduction of the Forensic Focus Graduate Recruitment program. Headed by respected computer forensics recruitment specialist David Sullivan and supported by technical experts in the fields of both computer and mobile forensics, this program aims to match graduates with suitable employers throughout the US, Canada and the UK.
Further details can be found at http://www.forensicfocus.com/graduates. Enquiries and resumes/CVs may be sent to graduates@forensicfocus.com
Further details can be found at http://www.forensicfocus.com/graduates. Enquiries and resumes/CVs may be sent to graduates@forensicfocus.com
Helix 3 Enterprise review
A review of Helix 3 Enterprise written by Jonathan Krause of Forensic Control can be read here with discussion here.
"Helix 3 Enterprise (H3E) is e-fense’s flagship investigation suite pitched at a similar level as EnCase Enterprise or Access Data Enterprise. It’s aimed at organisations which need to be able to carry out incident response, forensics and e-discovery functions over networks. H3E facilitates centralised incident response, imaging of drives and volatile data and also enables scans and searches of a user’s internet history and documents on any computer which has had the H3E Agent pre-installed on it..."
Read more...
"Helix 3 Enterprise (H3E) is e-fense’s flagship investigation suite pitched at a similar level as EnCase Enterprise or Access Data Enterprise. It’s aimed at organisations which need to be able to carry out incident response, forensics and e-discovery functions over networks. H3E facilitates centralised incident response, imaging of drives and volatile data and also enables scans and searches of a user’s internet history and documents on any computer which has had the H3E Agent pre-installed on it..."
Read more...
Subscribe to:
Posts (Atom)
Join Forensic Focus LinkedIn Group
