Solving crimes with science!
24
votes
5answers
6k views
Detecting Steganography in images
I recently came across an odd JPEG file: Resolution 400x600 and a filesize of 2.9 MB. I got suspicious and suspected that there is some additional information hidden. I tried some straight forward ...
11
votes
2answers
762 views
What should be included in a jump bag and how often should it be reviewed?
What items should be included in a jump bag? How often do you review your jump bag?
6
votes
1answer
3k views
Why is it so hard to close onion domains (e.g. The Silkroad)?
A few months ago when I started to experiment with bitcoin I came across The Silkroad (only accessible via Tor)
For those who do not know what Tor is and who do not want to waste their time ...
13
votes
3answers
639 views
Techniques for ensuring verifiability of event log files
Bit of newbie at the whole forensics stuff - but I'm trying to find out what I should have in place before an attack. While there is no end of material on the internet about forensics from seizure ...
5
votes
3answers
390 views
Appropriate defense for 404s in my logs - persistent web scans from one region
This seems to be a fairly easy question to figure out, but I wanted to make sure. I've got about a thousand entries on one of my web servers with phpmyadmin in the connection criterion, but as I ...
3
votes
1answer
221 views
Distance Education Programs in Digital Forensics
I am looking for a distance education program with the end product being a Masters of Science in Digital Forensics. I looked through the site and did not find any results, and was hoping since most ...
8
votes
2answers
9k views
Can wiped SSD data be recovered?
I was reading another post on destroying IDE drives, and how you could remove data, wipe it, or just destroy the drive. The removed data would still be there in some state, although not easily ...
3
votes
2answers
386 views
How do I run a security check on my WordPress server?
I have a cloud-based server running with CentOS 6.0 and CSF installed. Today I got a message from my host that one of my WordPress installations is hacked and used for phishing.
But I don't know how ...
14
votes
2answers
679 views
Can it be proved that two CDs were burned by different computers?
A friend of mine made a personal data CD. Days later he found a copy elsewhere.
He wants to prove the copy didn't come from his computer, but that someone took the CD and copied it from another ...
8
votes
3answers
797 views
How to manually check for rootkits on a server
Does anyone have a general step by step list on how to try discover rootkits on a Linux or Solaris server?
I'm looking for to to manually find the rootkit, not by automated software.
For example:
...
8
votes
1answer
311 views
How can I secure my log files?
I have a cool tool that displays my syslog and kernellog on my mac's desktop. This has me concerned about what is written in them - I'm staring to feel like they are creating a hole in my privacy. I ...
4
votes
1answer
162 views
Data analyzer tools
I have to find information that can be located in files on a hard drive.
Are there good tools to search for specific keywords (even in the hard disk free space area ;-), detect encrypted files, detect ...
7
votes
3answers
832 views
How to recover securely deleted data
Since we all know files are recoverable with programs after being deleted from the recycling bin, everyone is told to do secure wipes by putting random data over the files you're deleting on the disk ...
4
votes
6answers
1k views
Retrieving OSx Keychain passwords
I have a computer forensics style osx login.keychain file that I am trying to find the passwords from.
I have a very weak mac which I used crowbarkc on to try and brute force but the horsepower is ...
3
votes
3answers
1k views
Is running an erase tool after an OS install sufficient to ensure no data from the old install is recoverable?
How secure do you consider this process?
A drive has data from a previous OS installation.
A new OS installation is made on the drive, and Heidi Eraser is run on free space.
What are the chances ...
