The Advantages of Open Source Forensic Tools

Open source forensic tools enjoy several advantages from being free and readily available. Open source tools gain benefits from their transparency. For example, since open source developers make their source code available to the user, other developers can peer review the original work, patch known issues, and publish changes. In the case of open source forensic […]

The Benefits of Programming in Digital Forensics

Though not a strict requirement, examination of the source code becomes an asset for agencies who use open source applications. Firstly, by understanding the code of their applications, code literate agencies gain the opportunity to create tools, packages, and scripts for their own purposes. For example, they can use languages like python, ruby, or perl […]

Investigating Linux Systems

Compared to Windows, Linux operating systems conform to a different structure, creating different implications for investigators who wish to examine systems like RedHat, Ubuntu, Android, or Kali.  Most Linux systems abide by a file system hierarchy (or FSH), which denotes how files are classified and how objects are stored.  For example, according to FSH, “/” […]

Guidelines to Become a Security Architect

As the use of technology expands, the need for security architects grows.  Security architects use an array of technological expertise to minimize security risks for their clients.  They focus on security domains such as physical security, risk management, application development, and network security.  Their goal is to remedy security breaches by formulating big-picture solutions and […]

Tools Used for Windows Registry Analysis

An assortment of third-party utilities come in handy when analyzing registry contents, many of which provide unique kinds of functionality. Reg Ripper, an open source tool developed in Perl, allows the FE to parse registry information at a granular level. For example, Reg Ripper’s plugins give the FE specific commands to invoke in the CLI, enabling […]

Command Line Arguments for Windows and Investigations

Investigators have a diverse number of command line arguments at their disposal when analyzing Windows operating systems.  The netstat command reveals an inventory of connections on the local machine. For example, it displays the default loopback address as 127.0.01. Though the output generated by this command alone can be too vague to have evidentiary value, […]

Paladin 7 – An OS for Forensics

Paladin 7 is a Linux-based operating system that consolidates a wide array of forensic tools for investigations.  For general demands, Paladin features a LUI terminal through which numerous applications and commands can be invoked.  It also offers a general Paladin toolkit that includes imaging utilities like DC3DD, DCFLDD, etc.  Additionally, Paladin furnishes Autopsy 4 as a […]