The basics of how programs are compiled and executed

Well, the post "The basics of how digital forensics tools work" seemed to be fairly popular, even getting a place on Digg. This post is focused on the basics of how a program gets compiled and loaded into memory when the program is executed. It's … [Continue reading]

Digital forensics in a comic

I saw this the other day. Hmmm... sifting through lots of data to find specific pieces of information, I think I see an interesting application for this... :) http://xkcd.com/c208.html … [Continue reading]

Self replicating software – Part 4 – The difference between worms and viruses

This is the fourth part of the installment on self replicating software. This post deals with worms (a subset of computer viruses). Briefly, a computer virus is a program that infects other programs with an optionally mutated copy of itself. This … [Continue reading]

Two tools to help debug shellcode

Here are two small tools to help debug/analyze shellcode. The goal of both tools is to provide an executable environment for the shellcode. Shellcode is usually intended to run in the context of a running process, and by itself doesn't provide the … [Continue reading]

Site move

Welcome to the new Forensic Computing blog (forensicblog.org). The old site (forensiccomputing.blogspot.com) is no longer active, although I will keep it up for archival purposes. I'm no longer on blogger, instead this is a self-hosted Wordpress … [Continue reading]

The basics of how digital forensics tools work

I've noticed there is a fair amount of confusion about how forensics tools work behind the scenes. If you've taken a course in digital forensics this will probably be "old hat" for you. If on the other hand, you're starting off in the digital … [Continue reading]

Digital Forensics Documentation

One aspect of digital forensics that is often overlooked by a number of folks is documentation. If you've ever taken an class in incident response or digital forensics, undoubtedly you've heard about the need to properly document your work. Really, … [Continue reading]

What CSI does right

I was at a training class last year and the instructor made a good point about the TV show CSI (Crime Scene Investigation). While the actual techniques/methods/etc. the show uses may not always be accurate with respect to real life (some are, some … [Continue reading]

Deductive and Inductive reasoning

One thing that I see on a fairly regular basis is confusion between deductive and inductive reasoning. Both types of reasoning play different roles in investigations/forensics/science/etc. The difference between the two is sometimes hard to define. … [Continue reading]

Information Context (a.k.a Code/Data Duality)

One concept that pervades digital forensics, reverse engineering, exploit analysis, even computing theory is that in order to fully understand information, you need to know the context the information is used in. For example, categorize the … [Continue reading]