/dev/random

It was announced a few days ago: Microsoft COFEE has been leaked on the wild Internet! Microsoft COFEE stands for “Computer Online Forensic Evidence Extractor“. This “forensic swiss army knife” is available for free to police forces around the world to conduct official forensics investigations.
Note: It’s reportedly illegal for unauthorized people to download and use [...]

Back from a one-day trip to Amsterdam where I attended the “Secure Amsterdam Workshop 2009” meeting organized by ISC2. This year topic was forensics IT investigations.
The first speaker was Matthijs van der Wel from Verizon Business who reviewed the 2009 Data Breach Investigations Report. It was interesting to have “real” examples given by Maathijs [...]

Sometimes during forensics investigations, it can be useful to recover deleted or temporary files transferred by users and/or processes with protocols like FTP or HTTP. Let’s see how to achieve this using pcap files!
libpcap is an API which provides network packets capture facilities. Very common on Unix, there is also a version for Windows environments [...]