Tag Archive

dfir

What is an AD1?

Many people come across AD1 files during digital investigations and have trouble extracting the data they contain. See how to process an AD1 file with Access...

Magnet CTF Week 6 - Riddle ELFs

Magnet Forensics is running a weekly forensic CTF. More information can be found on their blog. It is a fun way to practice, so let’s get to it!

Magnet CTF Week 4 - GUIDSWAP and drop

Magnet Forensics is running a weekly forensic CTF. More information can be found on their blog. It is a fun way to practice, so let’s get to it!

Custom artifact creation

Last Wednesday, I woke up to the news that my custom (Magnet) artifact submission for Solid Explorer 2 was accepted. It’s exciting because I’d never created ...

HFS+ Header trivia

In the wee hours of Friday night, just as I was tucked in and toasty, Magnet Weekly CTF dropped a 10 point trivia question. I jumped to answer it like a kid ...

Magnet CTF Week 1 - Timestamps of doom

Magnet Forensics is running a weekly forensic CTF. More information can be found on their blog. It is a fun way to practice, so let’s get to it!

Hex editors and data structures

A student sent a question about hex editors. Hex editors are often used in forensics to view and analyze data. Viewing data in hexadecimal (hex) instead of r...

Learn Python Programming

Programming is a useful skill for digital investigators. Not only does programming let you automate your investigation process, but it also helps build a bet...

General overview of investigation process

Many people that begin learning digital investigation, especially formally, seem to learn technical issues before the criminal investigation procedure. The p...

ICDF2C 2020 @Boston Call for Papers

ICDF2C brings together researchers and practitioners in order to scientifically address the numerous challenges due to the rapid increase in the amount and v...

Getting started in Digital Forensics

A lot of people have asked how to get started with digital forensics. It’s great that so many people from so many different places are interested. There are ...

Changing Domain to DFIR.Science

CybercrimeTech started as a dfir notes blog during my Masters at University College Dublin. I wasn’t sure what it would turn into, and thought the name was g...

Password Cracking Test Data

Here are some files to test your password cracking skills. All of them can be done in less than a few hours with CPU-based cracking. You can download the fil...

Using Autopsy 4 to export file metadata

Autopsy 4 is a very powerful digital forensic investigation tool. Today, we are going to extract file and meta-data from a disk image (mobile phone) to use i...

ICDF2C Revised Draft Program Released

7th International Conference on Digital Forensics and Cyber Crime (ICDF2C) updated program is now available here: http://bit.ly/1LsJpvM<div class="separat...

[CFP] ICDF2C 2015

Call for papers for the 7th International Conference on Digital Forensics and Cyber Crime (ICDF2C) Conferece Dates: October 6 - 8, 2015 Location: Seoul, Sou...

Indicators of Anti-Forensics

Project: Indicators of Anti-Forensics (IoAF)Purpose: Digital forensic triage for anti-forensic activitiesStatus: ActiveLicense: GNU GPLv3Developer(s): KITRI’...

Convert EnCase hash sets to md5sum

I managed to get a hold of a list of known-bad hashes to use in an experiment. The hashes, however, were in EnCase “.hash” format.<div></div><...

Back to top ↑

HowTo

[How to] GPG and Signing Data

GNU Privacy Guard (GPG) uses public and private keys to secure communications (public-key cryptography). Many people use it to encrypt their email or other d...

[How-To] Installing thc Hydra in Ubuntu

The steps below are how to easily install thc Hydra in Ubuntu with the majority of required libraries for common tasks. Hydra is a pretty well-known remote a...

[How To] Easy Install TexStudio on Ubuntu

I mess around with the internals of my operating systems a lot. This means that every few months I need to re-install my operating system, which, lately, is ...

Installing Cinnamon 2.0 on Linux Mint 14

With only a few weeks (hopefully) until Linux Mint 16 is released, I have been installing different software that I may want to start using. With all my data...

[How to] Install pHash on Ubuntu

pHash is an open source software library released under the GPLv3 license that implements several perceptual hashing algorithms, and provides a C-like API to...

Another SDHASH Test with Picture Files

After the last SDHASH test showed that fuzzy hashing on multiple sizes of the same picture files did not appear to work well. I decided to try...

Installing Log2Timeline on Ubuntu 12.04

The maintainers of log2timeline have yet to set up a repository for Ubuntu Precise (12.04). Here are the required packages needed to get most of the function...

ZFS and NFS for Forensic Storage Servers

We’ve been looking at different storage solutions to act as storage servers for forensic images, and some extracted data. Essentially we have a server with e...

Installing OCFA 2.3.X with FIVES

In this single we will be installing OCFA 2.3.0 rc4 on Debian Squeeze (6)I will be following the documentation from: http://sourceforge.net/apps/trac/ocfa/wi...

Building FIVES Porndetect Image and Video

Installation of FIVES Porndetect was relatively painless on Debian Squeeze (Lenny is a bit of a pain).First get the F_PORNDETECT.doc from the FIVES portal. T...

Converting Parallels Disks to Raw on OS X

Update: See the forensic focus article: http://articles.forensicfocus.com/2012/07/05/parallels-hard-drive-image-converting-for-analysis/Update: I have had pr...

CarvFS on Mac OSx

A while ago I briefly used CarvFS on a linux system for testing. It was nice. Zero-storage carving can come in handy, especially when you are dealing with li...

RE: Read-Only Loopback to Physical Disk

A reader sent a very informative email in reply to this single about Read-Only Loopback Devices.http://www.denisfrati.it/pdf/Linux_for_computer_forensic_inve...

How to detect when OCFA is done processing

As emailed to be by Jochen:I think it is possible to detect completion of the process, even if it is not that simple, due to the distributed nature of OCFA. ...

REAPER SVN Access

Instructions for using SVN to get the newest version of the REAPER Project:These instructions are for SVN from a Linux command line, and specifically Debian....

Read-Only Loopback to Physical Disk

I have been testing file carving to try to preview the contents of a drive before imaging. File carving takes a long, long time. A faster solution (I think) ...

PostgreSql Problems on Debian

In Debian 5 when installing PostgreSQL - if /var/singlegresql/8.3/main is not created, and the conf files are not available - use the following command:pg_cr...

Even more Random links: psql

PSQL on Machttp://www.entropy.ch/software/macosx/singlegresql/Enable psql remote access over tcp/iphttp://www.cyberciti.biz/tips/singlegres-allow-remote-acce...

Creating and Modifying a User in PSQL

When installing OcfaArch on Debain 5, the installer failed to create the ‘ocfa’ user in singlegresql (psql). The error I get is “Warning: no local database f...

OCFA Installation - Creating the Hash Sets

Maybe I am just a novice, but I had a hard time figuring out the inputs for the creation of the hash database for the OCFA digest module. This step can be fo...

pt.1 OCFA Installation - Introduction/OS

The installation document for the Open Computer Forensic Architecture was mostly accurate. However, I ran into some issues. Posts labeled OCFAInstall are sup...

Back to top ↑

infosec

What is an AD1?

Many people come across AD1 files during digital investigations and have trouble extracting the data they contain. See how to process an AD1 file with Access...

Is Protonmail Broken?

Security-focused email provider ProtonMail was found to provide the IP address of a French activist to Swiss authorities. This is despite the fact that Proto...

Magnet CTF Week 6 - Riddle ELFs

Magnet Forensics is running a weekly forensic CTF. More information can be found on their blog. It is a fun way to practice, so let’s get to it!

Magnet CTF Week 4 - GUIDSWAP and drop

Magnet Forensics is running a weekly forensic CTF. More information can be found on their blog. It is a fun way to practice, so let’s get to it!

Custom artifact creation

Last Wednesday, I woke up to the news that my custom (Magnet) artifact submission for Solid Explorer 2 was accepted. It’s exciting because I’d never created ...

HFS+ Header trivia

In the wee hours of Friday night, just as I was tucked in and toasty, Magnet Weekly CTF dropped a 10 point trivia question. I jumped to answer it like a kid ...

Magnet CTF Week 1 - Timestamps of doom

Magnet Forensics is running a weekly forensic CTF. More information can be found on their blog. It is a fun way to practice, so let’s get to it!

Hex editors and data structures

A student sent a question about hex editors. Hex editors are often used in forensics to view and analyze data. Viewing data in hexadecimal (hex) instead of r...

Learn Python Programming

Programming is a useful skill for digital investigators. Not only does programming let you automate your investigation process, but it also helps build a bet...

General overview of investigation process

Many people that begin learning digital investigation, especially formally, seem to learn technical issues before the criminal investigation procedure. The p...

ICDF2C 2020 @Boston Call for Papers

ICDF2C brings together researchers and practitioners in order to scientifically address the numerous challenges due to the rapid increase in the amount and v...

Getting started in Digital Forensics

A lot of people have asked how to get started with digital forensics. It’s great that so many people from so many different places are interested. There are ...

Password Cracking Test Data

Here are some files to test your password cracking skills. All of them can be done in less than a few hours with CPU-based cracking. You can download the fil...

Using Autopsy 4 to export file metadata

Autopsy 4 is a very powerful digital forensic investigation tool. Today, we are going to extract file and meta-data from a disk image (mobile phone) to use i...

Back to top ↑

Digital Forensics

[CFP] ICDF2C 2015

Call for papers for the 7th International Conference on Digital Forensics and Cyber Crime (ICDF2C) Conferece Dates: October 6 - 8, 2015 Location: Seoul, Sou...

Indicators of Anti-Forensics

Project: Indicators of Anti-Forensics (IoAF)Purpose: Digital forensic triage for anti-forensic activitiesStatus: ActiveLicense: GNU GPLv3Developer(s): KITRI’...

Convert EnCase hash sets to md5sum

I managed to get a hold of a list of known-bad hashes to use in an experiment. The hashes, however, were in EnCase “.hash” format.<div></div><...

Back to top ↑

Discussion

[How to] GPG and Signing Data

GNU Privacy Guard (GPG) uses public and private keys to secure communications (public-key cryptography). Many people use it to encrypt their email or other d...

Ashley Madison Data and Ethical Use

On August 19th, the Impact Team released data of millions of alleged Ashley Madison users. Ashley Madison is a type of social networking website that promote...

What is your password?

Jimmy Kimmel, a U.S. talk show host, commented on U.S. cyber security after the 2014 Sony attacks. To humorously demonstrate the problem, they employed a bit...

Cybersecurity and Challenges to Democracy

South Korea’s democracy can only be described as… developing. In the late 1970s, after the assassination of Military Dictator Park Chung-hee (who Koreans oft...

What is Cybersecurity?

Last week, a number of Korean organizations fell victim to cyber attacks. This has prompted discussions about cybersecurity in Korea, and while following ...

Social Media and Intelligence Gathering

As seen on DigitalFIREOnline social media has changed the way many people, businesses and even governments interact with each other. Because of Twitter’s pop...

Future Crimes Ted Talk

[Update] See Bruce Schneier’s responseOur friends at FutureCrimes.com recently had a good Ted talk about technology, crime and a potential way to fight crime...

Predictive Policing and Online Crime

FutureCrimes.com just passed on the single Sci-fi policing: predicting crime before it occurs. Crime modeling used by the LAPD appears to have contributed t...

Back to top ↑

Research

Ashley Madison Data and Ethical Use

On August 19th, the Impact Team released data of millions of alleged Ashley Madison users. Ashley Madison is a type of social networking website that promote...

Back to top ↑

Infosec

[How to] GPG and Signing Data

GNU Privacy Guard (GPG) uses public and private keys to secure communications (public-key cryptography). Many people use it to encrypt their email or other d...

Honeypot Fun

At the Legal Informatics and Forensic Science Institute, we are preparing to do some research on IoT smart homes. Part of that is setting up a slightly-less-...

ICDF2C Revised Draft Program Released

7th International Conference on Digital Forensics and Cyber Crime (ICDF2C) updated program is now available here: http://bit.ly/1LsJpvM<div class="separat...

Ashley Madison Data and Ethical Use

On August 19th, the Impact Team released data of millions of alleged Ashley Madison users. Ashley Madison is a type of social networking website that promote...

Back to top ↑

Conferences 2012

InfoSecurity Russia 2012

Last week, Pavel and I gave an invited talk at InfoSecurity Russia 2012. From Digital FIRE:<blockquote class="tr_bq">Our talk explored the issues of di...

LawTech Europe Congress 2012

LawTech Europe Congress 201212 November, 2012Prague, Czech Republic“Over the past few years there have been huge advances in Electronic Evidence support and ...

CFP: IRISSCERT Cyber Crime Conference

The IRISSCERT Cyber Crime Conference will be held November 22, 2012 in Dublin, Ireland. More information can be found here.They are currently running a call ...

ICTTF - Cyber Threat Summit 2012

The ICTTF Cyber Threat Summit will be held in Dublin on September 20-21, 2012. Have a look at this years agenda. You can get a 10% registratio...

ICDF2C 2012

The 4th International Conference on Digital Forensics and Cyber Crime (ICDF2C), hosted at Purdue University, will be held from October 24-26, 2012.Website: h...

DFRWS 2009 - Montreal

Our group in the Centre for Cybercrime Investigation gave a presentation at the Digital Forensic Workshop 2009. The submitted paper can be found here. Also a...

Back to top ↑

CFP 2015

[CFP] DFRWS EU 2016

The DFRWS EU 2016 conference will be held in Lausanne, Switzerland from March 30th to April 1st, 2016.<div class="separator" style="clear: both; text-alig...

[CFP] ICDF2C Submission Deadline Extended

Hello everyone! The ICDF2C Call for Papers has been extended to April 13, 2015. Hurry an submit! See you in Seoul!http://d-forensics.org/2015/show/cf-papers

[CFP] ICDF2C Submissions Due 30 March

Just a reminder that submissions for ICDF2C are due on the 30th of March, 2015 (next week).<div class="separator" style="clear: both; text-align: center;"...

[CFP] SADFE-2015

Call for Papers SADFE-2015Tenth International Conference on Systematic Approaches to Digital Forensics Engineering September 30 – October 2, 2015, Malaga, S...

2015 デジタル・フォレンジックとサイバー犯罪に係る国際会議・韓国デジタル・フォレンジック学会年次大会 論文募集

2015 デジタル・フォレンジックとサイバー犯罪に係る国際会議・韓国デジタル・フォレンジック学会年次大会 論文募集 Please note: all submissions and presentations must be in English. デジタル・フォレンジックとサイバー犯罪に係る国際会議(The I...

ICDF2C, KDFS 2015 论文征文公告

ICDF2C, KDFS 2015 论文征文公告 Please note: all submissions and presentations must be in English. 国际数字取证、网络犯罪会议(ICDF2C)是旨在促进数字取证及网络犯罪侦查的发展,推动全世界的优秀研究人员、实务人员、教...

[CFP] DFRWS US 2015

Just a quick reminder that the DFRWS US 2015 is coming up soon!From DFRWS.org:DFRWS 2015 will be held on  August 9-13, 2015 at the Hyatt Regency Philadelphia...

[CFP] ICDF2C 2015

Call for papers for the 7th International Conference on Digital Forensics and Cyber Crime (ICDF2C) Conferece Dates: October 6 - 8, 2015 Location: Seoul, Sou...

Back to top ↑

Conferences 2015

[CFP] ICDF2C Submission Deadline Extended

Hello everyone! The ICDF2C Call for Papers has been extended to April 13, 2015. Hurry an submit! See you in Seoul!http://d-forensics.org/2015/show/cf-papers

[CFP] ICDF2C Submissions Due 30 March

Just a reminder that submissions for ICDF2C are due on the 30th of March, 2015 (next week).<div class="separator" style="clear: both; text-align: center;"...

[CFP] SADFE-2015

Call for Papers SADFE-2015Tenth International Conference on Systematic Approaches to Digital Forensics Engineering September 30 – October 2, 2015, Malaga, S...

2015 デジタル・フォレンジックとサイバー犯罪に係る国際会議・韓国デジタル・フォレンジック学会年次大会 論文募集

2015 デジタル・フォレンジックとサイバー犯罪に係る国際会議・韓国デジタル・フォレンジック学会年次大会 論文募集 Please note: all submissions and presentations must be in English. デジタル・フォレンジックとサイバー犯罪に係る国際会議(The I...

ICDF2C, KDFS 2015 论文征文公告

ICDF2C, KDFS 2015 论文征文公告 Please note: all submissions and presentations must be in English. 国际数字取证、网络犯罪会议(ICDF2C)是旨在促进数字取证及网络犯罪侦查的发展,推动全世界的优秀研究人员、实务人员、教...

[CFP] DFRWS US 2015

Just a quick reminder that the DFRWS US 2015 is coming up soon!From DFRWS.org:DFRWS 2015 will be held on  August 9-13, 2015 at the Hyatt Regency Philadelphia...

[CFP] ICDF2C 2015

Call for papers for the 7th International Conference on Digital Forensics and Cyber Crime (ICDF2C) Conferece Dates: October 6 - 8, 2015 Location: Seoul, Sou...

Back to top ↑

CTF

Magnet CTF Week 6 - Riddle ELFs

Magnet Forensics is running a weekly forensic CTF. More information can be found on their blog. It is a fun way to practice, so let’s get to it!

Magnet CTF Week 4 - GUIDSWAP and drop

Magnet Forensics is running a weekly forensic CTF. More information can be found on their blog. It is a fun way to practice, so let’s get to it!

HFS+ Header trivia

In the wee hours of Friday night, just as I was tucked in and toasty, Magnet Weekly CTF dropped a 10 point trivia question. I jumped to answer it like a kid ...

Back to top ↑

Education

Getting started in Digital Forensics

A lot of people have asked how to get started with digital forensics. It’s great that so many people from so many different places are interested. There are ...

Cybersecurity Tips for Business Travelers

I recently received an email from someone claiming to be from CNN, wanting to do a segment on cyber security for business travelers. They asked for some bul...

What is Cybersecurity?

Last week, a number of Korean organizations fell victim to cyber attacks. This has prompted discussions about cybersecurity in Korea, and while following ...

Digital Forensics Summer School

The UCD Centre for Cybersecurity and Cybercrime Investigation will be hosting a Digital Forensic Summer School for two weeks at the end of August 2012. ...

Back to top ↑

Conferences 2013

[CFP] ICDF2C 2013 Note of Change of Date

Please note, the dates for the ICDF2C 2013 have slightly changed.Fifth International Conference on Digital Forensics and Cyber Crime - ICDF2C 201325-27 Septe...

Conference: SANS DFIR Summit 2013

SANS DFIR Summit 2013 - Call For Speakers - Now Open<div class="summary" style="border: 0px; font-family: Arial, Helvetica, 'Nimbus Sans L', sans-serif; f...

Back to top ↑

Linux

Slimbook Pro X Review

This post is a review of the Slimbook Pro X. I’ve been using the Slimbook for about a month. There isn’t much info available in English, so I thought I would...

Back to top ↑

REAPERPreview

REAPER Preview

Project: Rapid Evidence Acquisition Project for Event Reconstruction (REAPER) Preview<div class="p1">Purpose: A forensic boot CD that quickly and autom...

Debian Live X Only

Looking for a lighter way to run REAPER Preview, we are looking into an X only kiosk-type implementation, al la:http://jadoba.net/kiosks/firefox/Also looking...

Profile Based Digital Forensic Preview

The newest build of REAPER Preview (officially Alpha 2) includes quite a few changes, but one that I am especially excited about is Profile Based Preivew. Fi...

REAPER Preview Alpha 2 changelog

Gearing up for the official Alpha 2 release of REAPER Preview here is the change log and feature list:Back-end:<ul><li>REAPER Preview no longer l...

REAPER Preview POC Mentioned

The REAPER Preview Proof of Concept was mentioned on nukeitdotorg!Also an updated version of REAPERlive that can be imaged directly to any USB hard drive (wi...

REAPER SVN Access

Instructions for using SVN to get the newest version of the REAPER Project:These instructions are for SVN from a Linux command line, and specifically Debian....

REAPER Preview Setup and Configuration

(Command line instructions)6 Nov. 2010REAPERlive Preview:Extracting a working directoryOnce you have downloaded the REAPERlivePreview build pa...

REAPERlive Preview POC Released

REAPERlive Preview has been released as a proof of concept. The ISO is available for download at sorceforge. Currently only images are displayed, but lists o...

REAPER Preview

Throughout the time I have been developing REAPER, many people in more developed countries have expressed a need for a type of forensic preview ability. Mayb...

REAPER Logo

Logo design by Laura Small and Joshua James.Digital artwork by Laura Small.The REAPER logo by Joshua James is licensed under a Creative Commons Attribution-...

Back to top ↑

Magnet

Magnet CTF Week 6 - Riddle ELFs

Magnet Forensics is running a weekly forensic CTF. More information can be found on their blog. It is a fun way to practice, so let’s get to it!

Magnet CTF Week 4 - GUIDSWAP and drop

Magnet Forensics is running a weekly forensic CTF. More information can be found on their blog. It is a fun way to practice, so let’s get to it!

Back to top ↑

Conferences 2014

[CFP] ICDF2C 2014 Submissions Due

Just a quick reminder that submissions for the 6th International Conference on Digital Forensics & Cyber Crime are due THIS FRIDAY (May 16, 2014). See su...

[CFP] World Forensic Festival 2014

World Forensic Festival, Oct. 12 - 18, 2014 in Seoul, South Korea.Abstract submission due: May 31, 2014Program site: http://wff2014korea.org/<img alt=”Wor...

[CFP] ICDF2C 2014

Don’t forget about the 6th International Conference on Digital Forensics & Cyber Crime, September 18–20, 2014 in New Haven, Connecticut, United States.Th...

[CFP] DFRWS EU 2014

From http://dfrws.org/2014eu/cfp.shtmlThe DFRWS-EU Conference that will be held in Amsterdam on the 7-9 May 2014.Important DatesSubmission deadline: December...

Back to top ↑

REAPER

REAPER Preview

Project: Rapid Evidence Acquisition Project for Event Reconstruction (REAPER) Preview<div class="p1">Purpose: A forensic boot CD that quickly and autom...

REAPERlive Change Log - 7 Jan 2010

Change Log - 7 Jan 2010REAPERliveMajor Revision-Remove need for 2 drives.-Temp remove OCFA processing. -Add Ability to partition REAPERlive storage drive aut...

REAPERlive Major Revision in Progress

REAPERlive is being revamped. An effort to clean up and standardize a lot of the code is going on. This first part of the project will allow REAPERlive to:1)...

REAPER SVN Access

Instructions for using SVN to get the newest version of the REAPER Project:These instructions are for SVN from a Linux command line, and specifically Debian....

REAPER Preview

Throughout the time I have been developing REAPER, many people in more developed countries have expressed a need for a type of forensic preview ability. Mayb...

REAPER Logo

Logo design by Laura Small and Joshua James.Digital artwork by Laura Small.The REAPER logo by Joshua James is licensed under a Creative Commons Attribution-...

Back to top ↑

Encryption

[How to] GPG and Signing Data

GNU Privacy Guard (GPG) uses public and private keys to secure communications (public-key cryptography). Many people use it to encrypt their email or other d...

Seoul Tech Society Crypto Event

On June 24th, Seoul Tech Society held an ‘introduction to cryptography’ event. First, Artem Lenskiy gave an overview of how symmetric and asymmetric encrypti...

GPG Key Signing Party in Seoul 2015/06/24

Seoul Tech Society is having an introduction to Public Key Infrastructure (PKI) Wednesday, June 24th at D.CAMP in Seoul. We will give an introduction to PKI...

Back to top ↑

Memory Forensics

Goldfish

Project: Goldfish<div class="p1" style="background-color: white; color: #333333; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue...

Back to top ↑

CFP 2016

[CFP] ICDF2C Submission date extended!

ICDF2C 2016 in New York has extended its call for papers until April 25th! Call for papers for the 8th International Conference on Digital Forensics and Cyb...

[CFP] Call for Papers ICDF2C 2016

8th International Conference on Digital Forensics and Cyber Crime<div class="separator" style="clear: both; text-align: center;"></div>Location: ...

Back to top ↑

Projects

Indicators of Anti-Forensics

Project: Indicators of Anti-Forensics (IoAF)Purpose: Digital forensic triage for anti-forensic activitiesStatus: ActiveLicense: GNU GPLv3Developer(s): KITRI’...

Project ATOM

Project: ATOM<div class="p1" style="background-color: white; color: #333333; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', H...

Automated Network Triage (ANT) / Profiler

Project: Automated Network Triage (ANT) / Profiler<div class="p1" style="background-color: white; color: #333333; font-family: 'Helvetica Neue Light', Hel...

Goldfish

Project: Goldfish<div class="p1" style="background-color: white; color: #333333; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue...

REAPER Preview

Project: Rapid Evidence Acquisition Project for Event Reconstruction (REAPER) Preview<div class="p1">Purpose: A forensic boot CD that quickly and autom...

Back to top ↑

CFP 2013

[CFP] DFRWS EU 2014

From http://dfrws.org/2014eu/cfp.shtmlThe DFRWS-EU Conference that will be held in Amsterdam on the 7-9 May 2014.Important DatesSubmission deadline: December...

[CFP] ICDF2C 2013 Note of Change of Date

Please note, the dates for the ICDF2C 2013 have slightly changed.Fifth International Conference on Digital Forensics and Cyber Crime - ICDF2C 201325-27 Septe...

Back to top ↑

programming

Learn Python Programming

Programming is a useful skill for digital investigators. Not only does programming let you automate your investigation process, but it also helps build a bet...

Back to top ↑

CFP 2012

CFP: Africomm 2012

<div class="p1">Call for Papers</div><div class="p1">——————–</div><div class="p1">Fourth International IEEE EAI Conference on e...

CFP: IRISSCERT Cyber Crime Conference

The IRISSCERT Cyber Crime Conference will be held November 22, 2012 in Dublin, Ireland. More information can be found here.They are currently running a call ...

ICDF2C 2012

The 4th International Conference on Digital Forensics and Cyber Crime (ICDF2C), hosted at Purdue University, will be held from October 24-26, 2012.Website: h...

Back to top ↑

Hashing

Convert EnCase hash sets to md5sum

I managed to get a hold of a list of known-bad hashes to use in an experiment. The hashes, however, were in EnCase “.hash” format.<div></div><...

Back to top ↑

anti-forensics

Indicators of Anti-Forensics

Project: Indicators of Anti-Forensics (IoAF)Purpose: Digital forensic triage for anti-forensic activitiesStatus: ActiveLicense: GNU GPLv3Developer(s): KITRI’...

Back to top ↑

CFP 2014

[CFP] ICDF2C 2014 Submissions Due

Just a quick reminder that submissions for the 6th International Conference on Digital Forensics & Cyber Crime are due THIS FRIDAY (May 16, 2014). See su...

[CFP] World Forensic Festival 2014

World Forensic Festival, Oct. 12 - 18, 2014 in Seoul, South Korea.Abstract submission due: May 31, 2014Program site: http://wff2014korea.org/<img alt=”Wor...

[CFP] ICDF2C 2014

Don’t forget about the 6th International Conference on Digital Forensics & Cyber Crime, September 18–20, 2014 in New Haven, Connecticut, United States.Th...

Back to top ↑

DFRWS

[CFP] DFRWS EU 2016

The DFRWS EU 2016 conference will be held in Lausanne, Switzerland from March 30th to April 1st, 2016.<div class="separator" style="clear: both; text-alig...

Back to top ↑

Password Cracking

[How-To] Installing thc Hydra in Ubuntu

The steps below are how to easily install thc Hydra in Ubuntu with the majority of required libraries for common tasks. Hydra is a pretty well-known remote a...

PRNewsWire Quotes CybercrimeTech

PRNewsWire, when writing about Passware’s new LUKS GPU-assisted brute force cracker, referenced our work on LUKS password cracking with John the Ripper.<d...

Back to top ↑

Forensic Acquisition

Back to top ↑

tutorial

Back to top ↑

Threats

[How-To] Installing thc Hydra in Ubuntu

The steps below are how to easily install thc Hydra in Ubuntu with the majority of required libraries for common tasks. Hydra is a pretty well-known remote a...

Back to top ↑

Survey

Back to top ↑

Law

Cybersecurity and Challenges to Democracy

South Korea’s democracy can only be described as… developing. In the late 1970s, after the assassination of Military Dictator Park Chung-hee (who Koreans oft...

Back to top ↑

ICDF2C

[CFP] Call for Papers ICDF2C 2016

8th International Conference on Digital Forensics and Cyber Crime<div class="separator" style="clear: both; text-align: center;"></div>Location: ...

ICDF2C Revised Draft Program Released

7th International Conference on Digital Forensics and Cyber Crime (ICDF2C) updated program is now available here: http://bit.ly/1LsJpvM<div class="separat...

A Proposal for Cyber Peacekeeping (CPK)

After a year of collaborative effort we submitted a paper about Cyber Peacekeeping (CPK) to ICDF2C 2015 (http://d-forensics.org/) and have just learned about...

Back to top ↑

CFP

ICDF2C 2020 @Boston Call for Papers

ICDF2C brings together researchers and practitioners in order to scientifically address the numerous challenges due to the rapid increase in the amount and v...

Back to top ↑

golang

Back to top ↑

course

Back to top ↑

Digital Crime

Back to top ↑

Crime

Predictive Policing and Online Crime

FutureCrimes.com just passed on the single Sci-fi policing: predicting crime before it occurs. Crime modeling used by the LAPD appears to have contributed t...

Back to top ↑

Fuzzy Hashing

Another SDHASH Test with Picture Files

After the last SDHASH test showed that fuzzy hashing on multiple sizes of the same picture files did not appear to work well. I decided to try...

Back to top ↑

Intelligence

[How to] GPG and Signing Data

GNU Privacy Guard (GPG) uses public and private keys to secure communications (public-key cryptography). Many people use it to encrypt their email or other d...

Cybersecurity and Challenges to Democracy

South Korea’s democracy can only be described as… developing. In the late 1970s, after the assassination of Military Dictator Park Chung-hee (who Koreans oft...

Social Media and Intelligence Gathering

As seen on DigitalFIREOnline social media has changed the way many people, businesses and even governments interact with each other. Because of Twitter’s pop...

Back to top ↑

Webinar

Back to top ↑

Thanks!

PRNewsWire Quotes CybercrimeTech

PRNewsWire, when writing about Passware’s new LUKS GPU-assisted brute force cracker, referenced our work on LUKS password cracking with John the Ripper.<d...

Convert EnCase hash sets to md5sum

I managed to get a hold of a list of known-bad hashes to use in an experiment. The hashes, however, were in EnCase “.hash” format.<div></div><...

Back to top ↑

JDFSL

Back to top ↑

Cybersecurity

A Proposal for Cyber Peacekeeping (CPK)

After a year of collaborative effort we submitted a paper about Cyber Peacekeeping (CPK) to ICDF2C 2015 (http://d-forensics.org/) and have just learned about...

Cybersecurity Tips for Business Travelers

I recently received an email from someone claiming to be from CNN, wanting to do a segment on cyber security for business travelers. They asked for some bul...

Back to top ↑

GPG

[How to] GPG and Signing Data

GNU Privacy Guard (GPG) uses public and private keys to secure communications (public-key cryptography). Many people use it to encrypt their email or other d...

GPG Key Signing Party in Seoul 2015/06/24

Seoul Tech Society is having an introduction to Public Key Infrastructure (PKI) Wednesday, June 24th at D.CAMP in Seoul. We will give an introduction to PKI...

Back to top ↑

Conferences 2016

[CFP] ICDF2C Submission date extended!

ICDF2C 2016 in New York has extended its call for papers until April 25th! Call for papers for the 8th International Conference on Digital Forensics and Cyb...

[CFP] DFRWS EU 2016

The DFRWS EU 2016 conference will be held in Lausanne, Switzerland from March 30th to April 1st, 2016.<div class="separator" style="clear: both; text-alig...

Back to top ↑

research

Back to top ↑

Goldfish

Goldfish

Project: Goldfish<div class="p1" style="background-color: white; color: #333333; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue...

Back to top ↑

Cybercrime Technologies

About Cybercrime Technologies

Welcome to Cybercrime Technologies. This blog is devoted to research and development in the area of Cybercrime and Digital Forensic Investigations. It will b...

Cybercrime Technologies Philosophy

Cybercrime Technologies was founded on the principal that the level of competent, quality digital investigations should not be based on the budget of the pra...

Back to top ↑

Categorization

Back to top ↑

Malware

Back to top ↑

Live Data Forensics

Back to top ↑

Cloud Computing

InfoSecurity Russia 2012

Last week, Pavel and I gave an invited talk at InfoSecurity Russia 2012. From Digital FIRE:<blockquote class="tr_bq">Our talk explored the issues of di...

Back to top ↑

International Communication

Cybersecurity and Challenges to Democracy

South Korea’s democracy can only be described as… developing. In the late 1970s, after the assassination of Military Dictator Park Chung-hee (who Koreans oft...

Future Crimes Ted Talk

[Update] See Bruce Schneier’s responseOur friends at FutureCrimes.com recently had a good Ted talk about technology, crime and a potential way to fight crime...

Back to top ↑

Storage

ZFS and NFS for Forensic Storage Servers

We’ve been looking at different storage solutions to act as storage servers for forensic images, and some extracted data. Essentially we have a server with e...

Back to top ↑

Digital Forensic and Forensic Sciences

Back to top ↑

Standards

Back to top ↑

Human Exploitation

Back to top ↑

Cybercrime

Cybersecurity Tips for Business Travelers

I recently received an email from someone claiming to be from CNN, wanting to do a segment on cyber security for business travelers. They asked for some bul...

Back to top ↑

Meetup

Seoul Tech Society Crypto Event

On June 24th, Seoul Tech Society held an ‘introduction to cryptography’ event. First, Artem Lenskiy gave an overview of how symmetric and asymmetric encrypti...

GPG Key Signing Party in Seoul 2015/06/24

Seoul Tech Society is having an introduction to Public Key Infrastructure (PKI) Wednesday, June 24th at D.CAMP in Seoul. We will give an introduction to PKI...

Back to top ↑

SeoulTechSoc

Seoul Tech Society Crypto Event

On June 24th, Seoul Tech Society held an ‘introduction to cryptography’ event. First, Artem Lenskiy gave an overview of how symmetric and asymmetric encrypti...

Back to top ↑

python

Learn Python Programming

Programming is a useful skill for digital investigators. Not only does programming let you automate your investigation process, but it also helps build a bet...

Back to top ↑

cyberlaw

Back to top ↑

Data Recovery

Back to top ↑

ransomware

Back to top ↑

Digital Investigation

Back to top ↑

digital forensics

Back to top ↑

Autopsy

Using Autopsy 4 to export file metadata

Autopsy 4 is a very powerful digital forensic investigation tool. Today, we are going to extract file and meta-data from a disk image (mobile phone) to use i...

Back to top ↑

OCR

Back to top ↑

android

Magnet CTF Week 1 - Timestamps of doom

Magnet Forensics is running a weekly forensic CTF. More information can be found on their blog. It is a fun way to practice, so let’s get to it!

Back to top ↑

linux

Back to top ↑

public awareness

Back to top ↑

National Security

Back to top ↑

cybersecurity

Back to top ↑

conferences 2018

Back to top ↑

analysis

Back to top ↑

Q&A

Hex editors and data structures

A student sent a question about hex editors. Hex editors are often used in forensics to view and analyze data. Viewing data in hexadecimal (hex) instead of r...

Back to top ↑

privacy policy

DFIR.Science Privacy Policy

Privacy is very important to us, and while some information is collected so we can attempt to improve you experience, we want to you know your privacy option...

Back to top ↑

OS X

Goldfish

Project: Goldfish<div class="p1" style="background-color: white; color: #333333; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue...

Back to top ↑

ANT

Automated Network Triage (ANT) / Profiler

Project: Automated Network Triage (ANT) / Profiler<div class="p1" style="background-color: white; color: #333333; font-family: 'Helvetica Neue Light', Hel...

Back to top ↑

I18N/L10N

Project ATOM

Project: ATOM<div class="p1" style="background-color: white; color: #333333; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', H...

Back to top ↑

ATOM

Project ATOM

Project: ATOM<div class="p1" style="background-color: white; color: #333333; font-family: 'Helvetica Neue Light', HelveticaNeue-Light, 'Helvetica Neue', H...

Back to top ↑

Policing

Predictive Policing and Online Crime

FutureCrimes.com just passed on the single Sci-fi policing: predicting crime before it occurs. Crime modeling used by the LAPD appears to have contributed t...

Back to top ↑

Critical Systems

Back to top ↑

Formal Methods

Back to top ↑

Social Media

Social Media and Intelligence Gathering

As seen on DigitalFIREOnline social media has changed the way many people, businesses and even governments interact with each other. Because of Twitter’s pop...

Back to top ↑

Perceptual hashing

[How to] Install pHash on Ubuntu

pHash is an open source software library released under the GPLv3 license that implements several perceptual hashing algorithms, and provides a C-like API to...

Back to top ↑

Computer Vision

Back to top ↑

BigData

Back to top ↑

Forensic Challenge 2014

Back to top ↑

News

Back to top ↑

Social Engineering

What is your password?

Jimmy Kimmel, a U.S. talk show host, commented on U.S. cyber security after the 2014 Sony attacks. To humorously demonstrate the problem, they employed a bit...

Back to top ↑

Authentication

Back to top ↑

javascript

Back to top ↑

Cyber Warfare

A Proposal for Cyber Peacekeeping (CPK)

After a year of collaborative effort we submitted a paper about Cyber Peacekeeping (CPK) to ICDF2C 2015 (http://d-forensics.org/) and have just learned about...

Back to top ↑

Cyber Conflict

A Proposal for Cyber Peacekeeping (CPK)

After a year of collaborative effort we submitted a paper about Cyber Peacekeeping (CPK) to ICDF2C 2015 (http://d-forensics.org/) and have just learned about...

Back to top ↑

Cyber Safety

A Proposal for Cyber Peacekeeping (CPK)

After a year of collaborative effort we submitted a paper about Cyber Peacekeeping (CPK) to ICDF2C 2015 (http://d-forensics.org/) and have just learned about...

Back to top ↑

PKI

GPG Key Signing Party in Seoul 2015/06/24

Seoul Tech Society is having an introduction to Public Key Infrastructure (PKI) Wednesday, June 24th at D.CAMP in Seoul. We will give an introduction to PKI...

Back to top ↑

Cryptography

Seoul Tech Society Crypto Event

On June 24th, Seoul Tech Society held an ‘introduction to cryptography’ event. First, Artem Lenskiy gave an overview of how symmetric and asymmetric encrypti...

Back to top ↑

Investigation

Back to top ↑

Conference 2016

[CFP] Call for Papers ICDF2C 2016

8th International Conference on Digital Forensics and Cyber Crime<div class="separator" style="clear: both; text-align: center;"></div>Location: ...

Back to top ↑

LIFS

Back to top ↑

honeypot

Honeypot Fun

At the Legal Informatics and Forensic Science Institute, we are preparing to do some research on IoT smart homes. Part of that is setting up a slightly-less-...

Back to top ↑

Network Forensics

Back to top ↑

dfi

Back to top ↑

jekyll

Switching to Jekyll

I’ve been on Blogger since 2008. It is very easy to use. Since 2008, nothing has really changed about it, save for an exciting -slight- editor UI change a fe...

Back to top ↑

blogging

Switching to Jekyll

I’ve been on Blogger since 2008. It is very easy to use. Since 2008, nothing has really changed about it, save for an exciting -slight- editor UI change a fe...

Back to top ↑

Autopsy 4

Back to top ↑

The Sleuth Kit

Back to top ↑

How to

Back to top ↑

Conferences

Back to top ↑

Conferences 2017

Back to top ↑

Optical character recognition

Back to top ↑

howto

Back to top ↑

mobile acquisition

Back to top ↑

Metadata

Using Autopsy 4 to export file metadata

Autopsy 4 is a very powerful digital forensic investigation tool. Today, we are going to extract file and meta-data from a disk image (mobile phone) to use i...

Back to top ↑

Bodyfile

Using Autopsy 4 to export file metadata

Autopsy 4 is a very powerful digital forensic investigation tool. Today, we are going to extract file and meta-data from a disk image (mobile phone) to use i...

Back to top ↑

timeline

Using Autopsy 4 to export file metadata

Autopsy 4 is a very powerful digital forensic investigation tool. Today, we are going to extract file and meta-data from a disk image (mobile phone) to use i...

Back to top ↑

editorial

Back to top ↑

Public security

Back to top ↑

Awareness

Back to top ↑

WannaCry

Back to top ↑

Ransomware

Back to top ↑

Opinion

Back to top ↑

National security

Back to top ↑

South Korea

Back to top ↑

Planning

Back to top ↑

Volatility

Back to top ↑

How To

Back to top ↑

Memory analysis

Back to top ↑

LiME

Back to top ↑

emergency messaging

Back to top ↑

emergency response

Back to top ↑

incident response

Back to top ↑

SMS spam

Back to top ↑

SMS alerts

Back to top ↑

Don't do this

Back to top ↑

ssdeep

Back to top ↑

fuzzy hashing

Back to top ↑

File formats

Back to top ↑

hacking

Back to top ↑

commentary

Back to top ↑

Disk Acquisition

Back to top ↑

Windows

Back to top ↑

Sleuthkit

Back to top ↑

disk imaging

Back to top ↑

file system

Back to top ↑

optimization

Back to top ↑

zeltser

Back to top ↑

knowledge

Back to top ↑

how to

Back to top ↑

online course

Back to top ↑

digital forensic science

Back to top ↑

automation

Back to top ↑

telegram

Back to top ↑

bot

Back to top ↑

contest

Back to top ↑

text analysis

Back to top ↑

image analysis

Back to top ↑

gImageReader

Back to top ↑

tesseract ocr

Back to top ↑

imagemagick

Back to top ↑

tsurugi

Back to top ↑

attribution

Back to top ↑

false flag

Back to top ↑

review

Slimbook Pro X Review

This post is a review of the Slimbook Pro X. I’ve been using the Slimbook for about a month. There isn’t much info available in English, so I thought I would...

Back to top ↑

UNODC

Back to top ↑

investigation

General overview of investigation process

Many people that begin learning digital investigation, especially formally, seem to learn technical issues before the criminal investigation procedure. The p...

Back to top ↑

security

Using your computer to fight COVID-19

You’re stuck at home, maybe going a little crazy (here are some tips to help with that). Maybe you are starting to feel frustrated. I know I am.

Back to top ↑

computing

Using your computer to fight COVID-19

You’re stuck at home, maybe going a little crazy (here are some tips to help with that). Maybe you are starting to feel frustrated. I know I am.

Back to top ↑

boinc

Using your computer to fight COVID-19

You’re stuck at home, maybe going a little crazy (here are some tips to help with that). Maybe you are starting to feel frustrated. I know I am.

Back to top ↑

autopsy

Back to top ↑

hex

Hex editors and data structures

A student sent a question about hex editors. Hex editors are often used in forensics to view and analyze data. Viewing data in hexadecimal (hex) instead of r...

Back to top ↑

ctf

Magnet CTF Week 1 - Timestamps of doom

Magnet Forensics is running a weekly forensic CTF. More information can be found on their blog. It is a fun way to practice, so let’s get to it!

Back to top ↑

timestamps

Magnet CTF Week 1 - Timestamps of doom

Magnet Forensics is running a weekly forensic CTF. More information can be found on their blog. It is a fun way to practice, so let’s get to it!

Back to top ↑

twitter

Back to top ↑

OSINT

Back to top ↑

community

Back to top ↑

privacy

Is Protonmail Broken?

Security-focused email provider ProtonMail was found to provide the IP address of a French activist to Swiss authorities. This is despite the fact that Proto...

Back to top ↑

tools

Back to top ↑