NIST has released the test results for version 2.0 of DCCIdd. According to the report DCCIdd did not acquire sectors that were hidden by a Device Configuration Overlay (DCO). Following a faulty sector the tool filled up to 7 additional sectors with null bytes.
January 2008 Archives
Every year the Digital Forensics Research Workshop challenges the digital forensics community to work on a special assignment in order to stimulate focused research and the development of new tools. This year the challenge is to analyse the memory dump of a Linux host. The assignment and some details were just posted to the DFRWS web site. Submissions are due July 20, 2008.
The US National Institute of Justice has published a short white paper titled Increasing Efficiency in Crime
Laboratories.
Continue reading Increasing Lab Efficiency.
Is it possible to recover data from a hard disk drive that has been overwritten with zeros? This is the question behind the The Great Zero Challenge that starts today.
Continue reading Data Recovery Challenge.
Continue reading CRU-DataPort Acquires WiebeTech.
NIST just released the test reports for two software write blockers by Booz, Allen, Hamilton. They tested version 5.02.00 for Microsoft Windows 2000 and version 6.10.00 for Microsoft Windows XP. The tests identified anomalies in both versions.
Continue reading NIST tests Software Write Blockers.
Microsoft Windows supports a suspend to disk mode. Whenever the system is sent to sleep, it saves all of the system's state in a file called hiberfil.sys. Nicolas Ruff and Matthieu Suiche developed a library, called Sandman, that allows to read and write the hibernation file. They recently presented their results at PacSec 07.
Continue reading Acquisition (4): hiberfil.sys.
