Computer Forensics Information

Here are some great articles on computer forensics if you are interested in learning that field, or are just interested in the kinds of things that we do. From finding hidden data, to cracking bios passwords, some interesting reading is available. All of these articles that I have read contain some really good info and will definitely help you create a baseline in how and what you do in your computer forensics investigations.

Computer forensics: Finding hidden data If you don’t know anything about how computers store data, this might be an eye opener for you, and a clue on how some file recovery programs are actually able to recover data, mostly, because it’s never really deleted, just eventually overwritten. From finding stuff in slack space, swap space and hibernation files, there are MANY places to find incriminating evidence on a suspect’s computer.

Computer forensics: Cracking a protected BIOS and creating disks for analysis How to get into a system with a bios password, and the steps you need to take to ensure you get a forensic copy of a suspect’s hard drive, as well as tools to make sure you don’t do anything to it, i.e. write data to it, to compromise the image.

Protect endpoint devices from swap and hibernation file data leaks Suggests turning off hibernation and swap files to prevent people from finding sensitive data easily.

Computer forensics: Preparing for electronic evidence acquisition When to do a live or dead forensics analysis, when you do a dead analysis, always unplug the power from the computer, this article says unplug from the wall, one of the classes I took said to unplug from the back of the computer, but I don’t remember why off the top of my head.

Other articles, such as collecting physical evidence, access control and securing permission are covered, and there are many downloads available, mostly free chapters from books you have to buy, etc. Check out the forensics tag from Techrepublic here.

I am starting to play with FTK now and will be going to a training for it in a couple months, hopefully I will learn some new stuff, which I doubt, but learning the proper use of the software will be great all by itself.