JPEGsnoop by Calvin Hass provides a deep insight into the internals of JPEG files. Also the program identifies digital cameras and image editing software by their characteristic quantization tables.
Recently the new version of AcessData's Forensic Toolkit arrived in the mail. Of course I felt a strong urge to try it out. Here is what I experienced so far.
About two years ago I wrote about the Rich header which can be found in most executable files for the Microsoft Windows platform. Now Daniel Pistelli went on a thorough investigation into that matter.
When freezing RAM (the Princeton way) or rapidly powercycling a machine (The Guillotine) you will need a small tool to obtain the memory image, like msramdmp by Robert Wesley McGrew.
