Side notes
DFRWS 2007
The Digital Forensic Research Workshop 2007 (DFRWS 2007) will be held in Pittsburgh, PA, US from August 13 to 15, 2007. The workshop will be hosted by CERT/CC. The Call for Papers is now open and closes on April 9, 2007.
« September 2006 | Main | November 2006 »
Memory analysis
Searching in Pool Allocations
Harlan Carvey posted some comments and an article regarding the analysis of pool allocations. One of the remaining taks is to identify "interesting" pool tags. I already wrote about network activity to illustrate the top-down approach. Now here's a tool to aid in bottom-up.
Memory analysis
PoolFinder Version 1.0.0 Released
Today IMF 2006 starts - and I'm excited to announce the public release of a new tool named PoolFinder. PoolFinder accompanies my paper Pool Allocations as an Information Source in Windows Memory Forensics which I will present at IMF.
Memory analysis
A Frontend for PTFinder
Vista event log
Why is there a new Event Log Format?
Microsoft pushed out Release Candidate 2 of Vista. Among the host of new features in Vista there is a new file format for event logs. This article is the first in a series which shall help you to accustom yourself to the new format.
Multimedia
Reading the JPEG Quantization Table
In an earlier post I refered to a paper by Hany Farid which analyzes quantization tables found in JPEG file headers. As I'd like to introduce his method in my lab I'm taking a closer look.
Memory analysis
PTFinder Added to grml Live CD
I've just learned that PTFinder will be packaged in Debian format and added to the next release of grml Linux live CD shortly. Two other programs will be added, too: ssdeep by Jesse Kornblum and the library and tools for the Advanced Forensics File Format by Simson Garfinkel. Thanks to the grml project!
Library
Fingerprinting using JPEG Quantization Tables
The paper Digital Image Ballistics from JPEG Quantization by Hany Farid describes how digital stills can be attributed to camera makes due to certain differences in the implementation of JPEG compression.
Search
Deutsch
Deutschsprachige Ausgabe
Categories
- Lab (39)
- FTK 2 (5)
- Library (20)
- Side notes (47)
- Topics
- Carving (8)
- File Systems (1)
- Multimedia (7)
- Network forensics (2)
- Windows (1)
- Memory analysis (96)
- NT event log (8)
- Vista event log (20)
Archives
- December 2009
- November 2009
- October 2009
- May 2009
- April 2009
- March 2009
- February 2009
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- December 2005
- November 2005
- October 2005
Latest articles
Subscribe
Imprint
This blog is a project of
Andreas Schuster
Im Äuelchen 45
D-53177 Bonn
Germany
impressum@forensikblog.de
Copyright © 2005-2010 by
Andreas Schuster
All rights reserved.