Thoughts, musings, knowledge, etc. about digital forensics. As well as how computer science, IT (information technology) and IS (information security) relate.
It’s been quite some time (over a month) since I made a post (to here or the forensically sound yahoo group). I’ve had a whirlwind of client work, including teaching at a number of SANS conferences. I did get a bit of press coverage while at the San Jose SANS conference. The press came to [...]
So after the whirl of feedback I’ve received, we’ve moved discussions of this thread from Richard Bejtlich’s blog to a Yahoo! group. The url for the group is: http://groups.yahoo.com/group/forensically_sound/
We now return this blog to it’s regularly scheduled programming…
I was reading Craig Ball’s (excellent) presentations on computer forensics for lawyers at (http://www.craigball.com/articles.html). One of the articles mentions a definition for forensically sound duplicate as:
“A ‘forensically-sound’ duplicate of a drive is, first and foremost, one created by a method which does not, in any way, alter any data on the drive being duplicated. [...]
Up until now, this thread of posts has been rather theoretical, talking about Turing machines, etc. the only time there was some source code was for showing a program that can print out a description of itself (its source code).
Well, one problem with the self-replication method for getting a copy of a program’s description is [...]
In this post I’ll cover the proof of the Recusion theorem (see Self Replicating Software - Part 1 - The Recursion Theorem).
The proof for the Recursion theorem is a constructive proof, meaning that a Turing Machine (TM) that can reference its own description is constructed. This proof was taken from Michael Sipser’s “An Introduction to [...]
This is the first in a multi part post about computing theory and self replicating software. This post assumes you have knowledge and understanding of a Turing Machine (abbreviated TM). If you aren’t familiar with Turing Machines (TMs) then you may want to take a look at the Wikipedia entry on the topic at http://en.wikipedia.org/wiki/Turing_machine [...]
Was doing some research on the structure of the Windows Recycle Bin, and found an interesting article over at Microsoft. It talks about the naming structure of the files in the Recycle Bin directories. In essence, the structure is as follows:
D<drive letter from original path><order #>.<original extension>
The field is a number signifying when the [...]
So, there has been a lot of talk over the past few years about using MD5 hash sums in digital forensics, due to the fact that some collisions have been found for MD5.
First, a hash algorithm/function has the following properties:
1) The algorithm takes in a variable sized input data and transforms the data into a [...]
