Blog Archives

Discere Dev Update

Discere is approaching a usable alpha release. I just need to add support for zip/jar/tar/etc archives, and incorporate my prior PST handler from black friar, then add rudimentary document tagging. Spreadsheets are still a bane – I don’t know what

Posted in Computer Science, Digital Forensics, Law Tagged with: , , ,

AAFS 2010 – Changes in Approach to Scalability in Digital Forensic Analysis

This year I attended the American Academy of Forensic Sciences (“AAFS”) conference in Seattle and presented in the digital and multimedia section. The following post is a summary of the oral presentation along with my slide set. For those who

Posted in Digital Forensics Tagged with: , , ,

DC3 2009

The results for the 2009 challenge are due in 6 days. This year there were 1153 entries with 44 submissions, a slightly lower rate of return than last year. The challenge format was different this year. Last year’s format was a set of discrete problems at various levels of difficulty with some of the higher difficulty problems being more complex forms of the lower problems. This year the challenge was a simulation. We received a case file with information from the investigators and a type of work order for what we were to investigate. The challenge data was a single hard drive image from a system used by the suspect.

Evidence was located in a variety of places from simple chat logs to the windows registry. There were some red herrings along the way including files from previous years, but all in all it was a decent challenge. Some of the documents felt rushed, such as the case file still having track changes enabled, but given the difficulty in constructing believable simulations I cannot call the DoD to task overly much.

Below the fold is our primary report for the challenge we submitted earlier in the month. The full report including the registry report, the evidence files, and so forth will likely be released when the results are announced as they were last year. If DC3 does not release them, I will post a copy for download if anyone is interested.

Posted in Digital Forensics Tagged with: , , , , ,

DC3 – Digital Forensics Challenge 2009

Team NSSAL met Tuesday to digest the DC3 challenge packet for 2009. The 2008 challenge was a more structured series of well defined tasks split up into categories and difficulty levels; the 2009 challenge is set up to mimic a

Posted in Computer Science, Digital Forensics Tagged with: , , , ,

What is Black Friar?

It has been a while since I posted, but I’ve made some headway with my pet project that I wanted to post about. Most modern forensics tools have a single system or sequential paradigm when it comes to analysis. These

Posted in Digital Forensics Tagged with: ,