Forensics / Anti-Forensics -- Great Blog

[LockBox]

I have subscribed to this blog in my reader for a long time and thought I would share this if some of you are interested.

http: - computer-forensics.sans.org/blog/feed/

I subscribed especially to get the "Digital Forensic Case Leads" posts which are once or twice a week. These cobble together the best news, tools, etc. of the week. The last few posts - as examples:

Digital Forensic Case Leads - May 04 2012

Digital Forensic Case Leads - May 10 2012

Digital Forensic Case Leads - May 18 2012

It's a fascinating blog to follow. Good information on new tools, the latest in digital forensics, etc.

[CloneRanger]

Hi, yes indeed it is ! Thanks for posting

"Sic" quote from one of the links Digital Forensic Case Leads - May 04 2012

Quote:

Actaully rewriting does not work. As proven recently by Homeland security a harddrive that was encrypted and low level formated with all 1/0?s on all tracks was recovered. that is why these guys came up with this so that no data reconstruction can possibly happen.

http://www.geekosystem.com/data-killer

If true ? = The person gave NO link of proof though !

[Cudni]

Quote:

Originally Posted by CloneRanger

If true ?

Sure, with with magical wand

[chronomatic]

Quote:

Originally Posted by CloneRanger

Hi, yes indeed it is ! Thanks for posting

"Sic" quote from one of the links Digital Forensic Case Leads - May 04 2012



If true ? = The person gave NO link of proof though !

Guy has no idea what he's talking about.

[LockBox]

Quote:

Originally Posted by chronomatic

Guy has no idea what he's talking about.

I agree. It was just a comment from a user or interested party in the DataKiller product comments. He clearly knows nothing about forensics or anti-forensics. The DataKiller product they linked to is pretty interesting. Here is more:

http://www.diginfo.tv/v/12-0074-n-en.php

I bet they sell some of these to gambling operators, big-time bookies, etc. so they can "zap-on-raid." Interesting concept.

I didn't see a price - did anyone else who followed that link?

By the way, another fascinating article linked in that May 4th edition of the DFCL, is all about "VSC Toolset."

"VSC toolset A.K.A Volume Shadow Copies toolset updated, and one of the biggest change incorporates the ability to browse shadow copies using an Explorer-like interface! That's a great feature to ease forensicators tasks..."

I don't use any imaging program that uses Volume Shadow Copy and most imaging programs do now. Paragon, when run in original Paragon mode, works great for me and doesn't use Volume Shadow Copy. That tool above - I hope you noticed that the new version actually views WVSC with an "Explorer-like interface." Creepy.


Edited to add thing about Shadow Copy.
-

[redcell]

Quote:

Originally Posted by LockBox

I agree. It was just a comment from a user or interested party in the DataKiller product comments. He clearly knows nothing about forensics or anti-forensics. The DataKiller product they linked to is pretty interesting. Here is more:

http://www.diginfo.tv/v/12-0074-n-en.php

I bet they sell some of these to gambling operators, big-time bookies, etc. so they can "zap-on-raid." Interesting concept.

I didn't see a price - did anyone else who followed that link?

By the way, another fascinating article linked in that May 4th edition of the DFCL, is all about "VSC Toolset."

"VSC toolset A.K.A Volume Shadow Copies toolset updated, and one of the biggest change incorporates the ability to browse shadow copies using an Explorer-like interface! That's a great feature to ease forensicators tasks..."

I don't use any imaging program that uses Volume Shadow Copy and most imaging programs do now. Paragon, when run in original Paragon mode, works great for me and doesn't use Volume Shadow Copy. That tool above - I hope you noticed that the new version actually views WVSC with an "Explorer-like interface." Creepy.


Edited to add thing about Shadow Copy.
-

I thought the Data Killer is also known as customized microwave oven?