Digital Evidence Collection

Friday, June 19, 2009 11:17:54 AM (Pacific Daylight Time, UTC-07:00)
by Brennen Reynolds
Today it’s not if your organization will have an electronic incident it’s when will that incident occur. Regardless of the type of incident there is a high likelihood your organization will need to collect digital evidence and build some form of a case file. However, it is often in the first moments after an incident is detected that crucial mistakes are made by the organization.
Read more ...
Posted in Incident Reponse |     

The Hidden Data in MS Office Documents

Monday, February 09, 2009 12:41:11 PM (Pacific Standard Time, UTC-08:00)
by Brennen Reynolds
Most people are unaware that the documents they create and edit using Microsoft’s Office suite of products contain a large amount of data related to the documents life-cycle. While usually benign and not very interesting, this data can become quite valuable in a forensic investigation. It can help establish timetables of when a file was last accessed or modified. An examiner can even extract the last few users who edited the file and the previous locations the document was stored.
Read more ...
Posted in File Integrity | Incident Reponse |     

Splunk

Saturday, August 11, 2007 5:32:52 PM (Pacific Daylight Time, UTC-07:00)
by Ray Zadjmool
Log management is one thing, making use of them is another. A couple of years ago I was doing an investigation for a client on about 4 gigs of logfiles from 3 webservers, a router, and an IDS. After that I was on a mission to find something that I can use to aid in post event analysis and not over think the process for me
Read more ...
Posted in Incident Reponse |