If Apple did computer forensics…

This is too funny…

“The writeblocker, iBlock, would only image at 1 mb/s and would have a non-replacable internal battery with a 12-month lifespan. When everyone who was going to buy one had done so, they’d release an iBlock ’s’ – this writes at a speed approaching the commercial standard but still has the battery problem. Apple dismiss this as a ‘false negativity point by uncreative people’ and sue anyone publicly criticising it.”

You can find the full post here.

Outlook PST (Personal Folder) File Format Now Available From Microsoft

Microsoft has decided to publish a copy of the Outlook Personal Folder File format (.PST file).  You can view the specification at: http://msdn.microsoft.com/en-us/library/ff385210.aspx … [Continue reading]

Site Updates

Recently I've been making some updates to this site.  Here is a brief list: New Theme If you're looking at the site right now, you've probably noticed that the theme has changed.  I had been using Andreas Viklund's 1024px for a few years, and … [Continue reading]

Microsoft to Release the .PST File Format

@MicrosoftPress tweet'd this earlier today: 'Paul Lorimer, Group Manager, MS Office Interoperability: "...we will be releasing documentation for the .pst file format." http://ow.ly/wHqE'. It looks like the specification for the Outlook Personal … [Continue reading]

Computer Forensic Exam of Najibullah Zazi’s Laptop

Earlier today, Jonathan Abolins tweeted about a US DOJ memorandum on detainee Najibullah Zazi.  The memorandum is about the motion the US government filed for a permanent order of detention for Zazi.  Part of the evidence that supports the order of … [Continue reading]

The Meaning of LEAK Records

I've been pretty quiet lately, largely due to spending time developing LibForensics.  Currently I'm adding support to read Microsoft Windows Internet cache containers (a.k.a. index.dat files).  If you've ever dealt with index.dat files before, you've … [Continue reading]

The Single Piece of Evidence (SPoE) Myth

Often a crime-drama television show will have a “single piece of evidence”, which explains the entire crime, and is used to get a guilty conviction. In real life very rarely does this situation arise. Instead typical investigations will uncover … [Continue reading]

Sometimes the answers are enough, sometimes they’re not

When you watch someone who is new to investigations work a case, one thing that often needs to be explained is the idea that the "smoking gun", by itself, often isn't enough. What do I mean by this? Well, Not only am I interested in what you found … [Continue reading]

The admissibility vs. weight of digital evidence

There is always a lot of conversation about when digital evidence is and is not admissible. Questions like "are proxy logs admissible?" and "what tools generate admissible evidence?" are focused on the concept of evidence admissibility. Some of the … [Continue reading]

CitySec meetup in Los Angeles

For those of you who haven't already seen CitySec, it's worth stopping by.  CitySec.org is a site created by Thomas Ptacek (from Matasano Chargen) to facilitate gatherings of information security professionals.  The tone of the meetings appears to be … [Continue reading]