Harlan Carvey has posted a great summary article on Windows memory analysis. In fact it is a free sample chapter from his new book on Windows Forensic Analysis.
Continue reading Memory Analysis Summary.
Category "Library"
The Spring 2007 issue of the International Journal of Digital Evidence (IJDE) was just published.
Continue reading IJDE Spring 2007 Issue.
One of the few books that really helped me to get into Windows memory analysis is "Undocumented Windows 2000 Secrets" by Sven B. Schreiber. Unfortunately the book is out of print for some time. A few used copies are sold at Amazon and other internet marketplaces - at prices so high that I'm considering to invest in books instead of shares.
Fortunately Sven is so kind to provide an electronic edition of his work as a set of PDF files free of charge at his web site. Thank you very much, Sven!
Conducting a forensic analysis on a single computer sometimes can be a cumbersome work. Now imagine you'd have to do the same - on a pool of distributed computers collaborative working to solve a problem. Syed Naqvi, Philippe Massonet and Alvaro Arenas address this scenario in their paper Scope of Forensics in Grid Computing - Vision and Perspectives.
The paper Digital Image Ballistics from JPEG Quantization by Hany Farid describes how digital stills can be attributed to camera makes due to certain differences in the implementation of JPEG compression.
Continue reading Fingerprinting using JPEG Quantization Tables.
In his master thesis Jorge M. Urrea-Civilian examines data structures of the Linux 2.6 series kernel. He describes how the virtual address space of a process can be reconstructed from a swap file and the physical memory. The thesis might become the foundation of tools to analyze a Linux memory dump.
Continue reading Linux Memory Analysis.
In his presentation at the Techno Security 2006 conference Robert Botchek summarizes the basics of write blockers. The speaker is president of Tableau, LLC, a manufacturer of write blocking devices.
Continue reading All about Write Blockers.
There are a lot of books in print about digital forensics, but most of them are in English. Well, here's one in Portugese, entitled Perícia Forense Aplicada à Informática by Andrey Rodrigues de Freitas. I feel some of my dear readers might find this information useful.
Continue reading A Book in Portuguese.
I was quite surprised to actually see parts of the main memory survive a reboot for the first time. Well, Farmer and Venema were not the first to describe this. Here are two more interesting papers on that topic.
Continue reading Data Lifetime.
