Thursday, April 24, 2008

Reporting (again) and interviews

Some very interesting opinions have been raised in the "Reporting - time for standardization?" thread and I'd like to give people some more time to add their own thoughts before moving the discussion on. It's a somewhat more emotive topic than I might have expected but that's no bad thing, I suppose!

On another matter entirely, I've got a couple of good interviews lined up for publication shortly but again I'd like to encourage more suggestions for interviewees. Input from experienced professionals is always welcome but I also think it's useful to talk to those new to the profession -
and yes, you can suggest yourself.

Well, it's lunchtime and a beautiful day outside so time to drag myself away from the computer. Bye for now!

Tuesday, April 22, 2008

Reporting - time for standardization?

[This is a repost of my forum post here. Comments welcome but perhaps most usefully posted as replies in the forum. Also, a tip of the hat to forum members BitHead and kovar for providing the impetus.]

I'd like to pick up on one or two comments from an earlier thread and bring the subject of report standardization into the spotlight.

This is a subject area which has cropped up before (in these forums and elsewhere) and also one which has given me pause for thought in practice - in common with most of us here, I imagine. I think the time is right to give some serious consideration as to whether the standard of reporting delivered by computer forensics practitioners is all that it could be and, more specifically, is the introduction of a suitably structured and widely accepted model a worthwhile goal to aim for.

A number of benefits have already been suggested for such a model, some of these being increased efficiency, increased accuracy, improvements in communicating with other parties and an increase in professional credibility. In addition, two paths have been suggested for achieving this goal - one, get the major computer forensic groups and organisations to agree on such a model and push it out to their members, the other, develop a model at a grass roots level and grow support and acceptance for it amongst members of the various computer forensics forums.

I'd like to request further comments from all of us here. Do you think there's anything wrong in principle with a standardized reporting model? If not, could such a model be developed which serves to provide the benefits mentioned above without undue restriction being placed on the report writer? What would be the best way of creating such a model? Would the time and effort spent developing a suitable model be worthwhile?

All thoughts welcome!

Friday, April 18, 2008

Posts from the blogoshpere

Not much time today, just enough to link to a few interesting blog posts elsewhere (some old, some new):

Reflections of a computer forensics blogger

FTK 2.0 performance

Ghost as a forensic tool

Admissibility vs weight of digital evidence

OK, gotta run. Have a great weekend everyone!

Monday, April 14, 2008

Site stats

One of the things I forget to do for long periods (the last time I did it was over a year ago!) is to update the stats page to show how many people are visiting Forensic Focus. The figures for last month break down like this:

Unique visitors 20995
Number of visits 74665
Pages 218510

The full list of stats for each month since January 2004 can be viewed here. Although I do a little bit in the way of advertising and many pages have been picked up by Google, I'm convinced that a lot of the site's continued growth is due to word of mouth. Many of those who sign up for new accounts tell me that Forensic Focus was mentioned by someone they work with or by a teacher on a training course.

So, a big thank you is due to all those who have helped the site grow and I hope it continues to be a source worthy of recommendation. Like the old saying goes, if you're happy with it - tell someone else. If you're not - tell me!

Tuesday, April 08, 2008

Why the hell is everything so expensive?

I don't usually rant, possibly because I'm not sure I'd be able to stop, but one thing I've noticed is just how incredibly expensive everything is in the world of computer forensics. Not just the usual wallet-draining culprits like high end hardware but other stuff too - software, training, books, software, training... (sorry, I'm starting to repeat myself, I knew this would happen).

I once tried to explain computer forensics to a good friend of mine with little knowledge of technical matters. They said something rather insightful: "So, it's basically just copying stuff and looking at it?" Now, we all know there's more to it than that, but there's a kernel of truth in that statement which leads me to wonder about at least some of the pricing structures out there.

OK, rant over, and to some degree this is an "Aunt Sally". But not entirely...

Monday, April 07, 2008

The problem with power

Perhaps unusually for someone with an interest in computing, my knowledge of electricity - the driving power behind computers the world over - is sketchy to say the least. Beyond remembering which way to twist a light bulb and avoiding the temptation to stick a fork in the toaster, I'm something of a novice in understanding how this mysterious force actually works.

As a result, I was mightily impressed by Wiebetech's HotPlug device which Paul Mah recently blogged about at TechRepublic. Here's the YouTube video where James Wiebe explains how the system works:

Clever, huh? The downside is it's yet another box to drag along with you but, hey, us IT guys have got to get our exercise somewhere.

And for anyone else struggling to replace a light bulb (I'm sure there's a joke here somewhere) just remember: "lefty loosy, righty tighty". It even works with the Northern Hemisphere anyway :-)

Thursday, April 03, 2008


Ah, back in the blogging seat at long last!

Keen forumites will have noticed my recent post in the Legal forum asking for a little help in putting together some resources on licensing issues for computer forensics practitioners (tip of the hat to David for the suggestion).

There have already been a few very useful suggestions, in particular the map at would seem to be a very handy reference for investigators in the US. I want to stress that I'd like to include as many other countries as possible though, so if you're familiar with the relevant licensing procedures in your neck of the woods please reply to the forum post or PM me (note: I'm also including formal vetting procedures and the like under the heading of "licensing" where these are required in order to carry out forensic work - in other words the end result may not necessarily be termed a license in your local lingo).

On the subject of licensing, I have the impression it's (perhaps unsurprisingly) about as popular as a root canal in some places. Got a strong feeling about it? Post a comment and get it off your chest :-)