2013: Year of the Forensic Books

2012 was a great year for me, I started my first career job, moved to Washington, D.C., made a ton of new friends, traveled around the US, and learned a lot about forensics.2013 However, I didn’t learn enough and I’m going to fix that with a set reading list.

  1. Hello World! Computer Programming for Kids and Other Beginners by Warren Sande
  2. The Mark of Athena (Heroes of Olympus, Book 3) by Rick Riordan
  3. Windows Forensic Analysis DVD Toolkit, Second Edition by Harlan Carvey
  4. Incident Response and Computer Forensics, Second Edition by Chris Prosise, Kevin Mandia, and Matt Pepe
  5. Windows Forensic Analysis Toolkit, Third Edition: Advanced Analysis Techniques for Windows 7 by Harlan Carvey
  6. Artemis Fowl: The Last Guardian by Eoin Colfer
  7. Real Digital Forensics: Computer Security and Incident Response by Keith J. Jones, Richard Bejtlich, and Curtis W. Rose
  8. File System Forensic Analysis by Brian Carrier

    9. Read more

2013
01/01
POSTED BY
CATEGORY
Random
TAGS



Write comment

How to Find the Serial Number and Model of any Windows Machine

I recently went on a collection where I was showing the ropes to a new analyst on how to perform on-scene collections, how to interact with clients, etc, etc. Some custodians have their laptops docked and more often than not, seem to have multiple USB devices, and sometimes monitors plugged into these docks. When imaging the device live in the custodian’s office, I prefer not to remove the laptop from this dock.

While my counterpart was fidgeting with the laptop, trying to remove the laptop or see the bottom of it, only to find the serial number not on the bottom of the dock, I asked what he was trying to do. “I’m trying to find the serial number for the computer of course!” he responds. All that finagling in unnecessary, because the serial number and model can be obtained from a Windows Command Prompt.

Open the Command Prompt by going to Start > All Programs > Accessories > Command Prompt or using the shortcut Windows Key + R, typing cmd, and depressing the Enter key. Read more

2012
10/09
POSTED BY
CATEGORY
Windows
TAGS

Write comment

Book Review: The Official EnCE: EnCase Study Guide by Steve Bunting

The Official EnCE: EnCase Certified Examiner Study Guide by Steve Bunting is a well written and informative text with the goal of preparing a computer forensic examiner for Guidance Software’s EnCE certification. The book’s author, Steve Bunting, writes that the book will give you more knowledge than you need to pass the exam, rather than merely covering the basics to pass the certification process. Before you read any further, a quick disclaimer: I am not EnCE certified and thus cannot truly testify to the preparedness that reading this book provides.EnCE Official Study Guide by Steve Bunting 2nd Edition

I do believe this book provides solid information and will help someone new to EnCase get a better understanding of the program, its capabilities, and the process EnCase takes to retrieve the data. As a forensic analyst without much EnCase training, I know how to perform some key functions, such as using the Case Processor to perform LNK file analysis, how to mount a file to view the file structure, etc. However, I knew EnCase was a powerful program and that there was much for me to learn about this wonderful piece of software. This EnCE study guide by Steve Bunting is great for fellow examiners similar to myself, looking to further their knowledge of EnCase. I wanted to learn about EnCase, how to use it, and understand what this application is truly capable of. This book is great for that purpose, but not entirely great at the other goals the text sets out to accomplish.

The Review
Before you start out to read this book, you’ll need to ask yourself a few questions:
What are you looking to get out of this book, an EnCE certification, knowledge on how EnCase does what it does?
How well do you know EnCase?
Are you hoping to learn more about the forensic process than the capabilities and how to use EnCase? Read more

2012
06/24
POSTED BY
CATEGORY
Education
In Review
TAGS



Write comment

Book Review: Virtualization and Forensics by Dianne Barrett and Gregory Kipper

Virtualization and Forensics: A Digital Forensic Investigator’s Guide to Virtual Environments by Dianne Barrett and Gregory Kipper is a book packed with information. Unlike my last Syngress book review on Digital Triage Forensics by Stephen Pearson, this book is entirely relevant to computer forensic analysts and I vaguely recommend it.

In the field of digital forensics, there are some books that you have on your shelf and hope to reread every year, (File System and Forensic Analysis by Brian Carrier), and there are books you keep for reference. Virtualization and Forensics is packed with information about virtual machines, the environments they run in, the vendors making the applications, and how they apply to forensic investigations, but it’s more of a reference book as it provides artifacts of virtual machine and evidence that one was run.Virtualization and Forensics by Diane Barrett and Gregory Kipper

Virtualization and Forensics (VAF) covers the details of many virtualization applications, including VMware Workstation (and Fusion for Macs), Parallels, Microsoft Virtual PC MojoPac, MokaFive, and probably some others I had never heard of. VAF covers the artifacts left behind for each of these program installations, as well as their server versions. At this point you may be asking yourself ‘If it’s such a great book, why did he put ‘vaguely’ in the recommendation sentence?” That’s a good question!

VAF leaves out some critical information that I fault it for not including because of it’s title. This book is short for something covering such a massive (and popular) topic; virtualization was identified as the #1 Strategic Technology for 2009 by Gartner, the IT industry’s largest and most-strategic conference. The title of VAF includes “Investigator’s Guide”, but I have to disagree as there is just a surface being scratched here. The authors ran some tests and provided us the results of those tests, but didn’t offer anymore thought than that. The authors have a thorough understanding of virtualization and appear involved in researching the topic as they know all the white papers and research to reference. Read more

2012
05/19
POSTED BY
CATEGORY
Education
In Review
TAGS
Write comment

Nike+ not Tracking My Distance: Fixed!

When I wrote my original Nike Plus (Nike+) article about the device not syncing my runs, I never thought that it would become so popular and help scores of people. With that in mind, here is another how-to fix your Nike+ sensor guide for runners that are ending runs with 0.00 miles.

I’ve used Nike+ for a few years (at least) now and love using it; Dan's Nike+ Runseeing the progress I’m making and the stats I’m putting up are motivation enough, not to mention the competitions you can compete in, friends you can race against, etc. I love the device, but it isn’t without flaw. The Nike+ support team has always been very pleasant, but not the most helpful. Luckily, I have kept notes about how to solve some of the issues I’ve encountered with it so I can follow the same steps the next time the problem arises or teach you how to solve it yourself.

Most recently, Nike+ was not tracking my distance. This issue has occurred multiple times, in some cases it was tracking my history fine just the day before, and then stopped recording how many miles I covered. It kept note of the pace I was running and the time I ran, but not the mileage, which means it’s not tracking the calories either. Workout completed: Total Distance: 0 miles. Yay me, I ran nowhere! Just a heads up before we get started, one method may not work, but I’ve fixed it with different solutions, so be sure to try each one until your Nike+ app shows the miles or kilometers you’ve run.

Method 1: Soft Resetting Your Apple iPod Touch and Nike+ Sensor.

  1. Push and hold down both the Top Power Button and the Middle Home Button for about ten seconds until the Apple symbol appears. Once the Apple appears, you can let go, and your iPod will reboot itself (like a computer).

    2. Read more

2012
05/02
POSTED BY
CATEGORY
Running
TAGS
18 comments