Forensic Trends
7 views
Skip to first unread message
liusiguang
Feb 7, 2008, 11:17:54 PM2/7/08
to Forensic Ideas
I have been reading this forum for some time and it seems to be
winding down. In the interest of gathering momentum again, I would
like to start a thread on forensic trends.
What do you see as the 'next big thing' in forensics? There is
considerable movement in the direction of small scale digital device
forensics, for example.
Another question: what tools would you like to see developed?
What are your needs?
Regards,
Sam Norris
winding down. In the interest of gathering momentum again, I would
like to start a thread on forensic trends.
What do you see as the 'next big thing' in forensics? There is
considerable movement in the direction of small scale digital device
forensics, for example.
Another question: what tools would you like to see developed?
What are your needs?
Regards,
Sam Norris
Brett Shavers
Feb 7, 2008, 11:38:04 PM2/7/08
to Forens...@googlegroups.com
Live forensics (versus the 'pull the plug and image' forensics), for
several reasons;
-Protocols for live forensics are starting to gain headway in the court systems
-Procedures are becoming a bit more standardized
-Training in live forensics procedures are becoming more available
-Vista BitLocker and whole disk encryption is creating problems by
'pulling the plug'
-Mass numbers of computers involved in civil litigation negate the
ability to image everything to exam, computers on site need to be
triaged to determine relevance.
several reasons;
-Protocols for live forensics are starting to gain headway in the court systems
-Procedures are becoming a bit more standardized
-Training in live forensics procedures are becoming more available
-Vista BitLocker and whole disk encryption is creating problems by
'pulling the plug'
-Mass numbers of computers involved in civil litigation negate the
ability to image everything to exam, computers on site need to be
triaged to determine relevance.
Brett Shavers
Samuel Norris
Feb 8, 2008, 1:13:01 AM2/8/08
to Forens...@googlegroups.com
Brett,
All good points. BTW, I heard today that TrueCrypt V5 supports whole drive, pre-OS load encryption. Just another day in paradise...
Sam
>
dtabone
Feb 8, 2008, 4:14:45 AM2/8/08
to Forensic Ideas
Yes correct -- it also seems that they sped up development on v5.0 FDE
due to competition. I've been waiting for this update for a while :)
Experiences anybody?
due to competition. I've been waiting for this update for a while :)
Experiences anybody?
GavanS
Feb 8, 2008, 10:39:49 AM2/8/08
to Forensic Ideas
I am trying to gather information on Bitlocker and the problems it
creates for forensic analysis on encrypted drives. Based on my initial
research, it appears as though there is no backdoor solution.
Therefore, you either have the key or you don't. Does anyone have any
information on emerging trends, whether by law enforcement agencies or
underground groups? Thanks.
On Feb 7, 11:38 pm, "Brett Shavers" <bshav...@gmail.com> wrote:
[...]
> Brett Shavers
>
> - Show quoted text -
creates for forensic analysis on encrypted drives. Based on my initial
research, it appears as though there is no backdoor solution.
Therefore, you either have the key or you don't. Does anyone have any
information on emerging trends, whether by law enforcement agencies or
underground groups? Thanks.
On Feb 7, 11:38 pm, "Brett Shavers" <bshav...@gmail.com> wrote:
[...]
> -Vista BitLocker and whole disk encryption is creating problems by
> 'pulling the plug'
[...]
> 'pulling the plug'
> Brett Shavers
>
> On Feb 7, 2008 8:17 PM, liusiguang <liusigu...@gmail.com> wrote:
>
>
>
>
>
> > I have been reading this forum for some time and it seems to be
> > winding down. In the interest of gathering momentum again, I would
> > like to start a thread on forensic trends.
>
> > What do you see as the 'next big thing' in forensics? There is
> > considerable movement in the direction of small scale digital device
> > forensics, for example.
>
> > Another question: what tools would you like to see developed?
>
> > What are your needs?
>
> > Regards,
>
> > Sam Norris- Hide quoted text -
> On Feb 7, 2008 8:17 PM, liusiguang <liusigu...@gmail.com> wrote:
>
>
>
>
>
> > I have been reading this forum for some time and it seems to be
> > winding down. In the interest of gathering momentum again, I would
> > like to start a thread on forensic trends.
>
> > What do you see as the 'next big thing' in forensics? There is
> > considerable movement in the direction of small scale digital device
> > forensics, for example.
>
> > Another question: what tools would you like to see developed?
>
> > What are your needs?
>
> > Regards,
>
>
> - Show quoted text -
Brett Shavers
Feb 8, 2008, 12:06:18 PM2/8/08
to Forens...@googlegroups.com
Your initial research sums it up.
dtabone
Feb 27, 2008, 3:08:16 AM2/27/08
to Forensic Ideas
You might want to readup some latest news here:
http://www.eweek.com/c/a/Security/Researchers-Crack-BitLocker-FileVault/
"The issue is described as a design limitation that could allow
practical attacks against laptops in "sleep" or "hibernation" mode"
> > - Show quoted text -- Hide quoted text -
http://www.eweek.com/c/a/Security/Researchers-Crack-BitLocker-FileVault/
"The issue is described as a design limitation that could allow
practical attacks against laptops in "sleep" or "hibernation" mode"
Reply all
Reply to author
Forward
0 new messages