IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [forensics]

Computer forensics works to analyze information on computer systems in an attempt to find evidence regarding certain actions of a process, application, user or computer to determine the source of change within a host, network or device.

Often used within the Information Security field to specifically refer to Digital Forensics. This sub-specialty of forensics science came to being largely in the 1990s as technology began encroaching deeper into society at large. Much like other forensic sciences, the principle goal is to apply the scientific method to the collection and analysis of information stored in digital formats. While primarily used as part of legal investigations, the same tools and methods are frequently engaged as part of an incident response procedure when technical assets are involved.

501 questions
205
votes
6 answers

How secure is 'blacking out' sensitive information using MS Paint?

I'm wondering if it's safe to black out sensitive information from a picture just by using Microsoft Paint? Let's take in this scenario that EXIF data are stripped and there is no thumbnail picture, so that no data can be leaked in such a way. But…
Mirsad
  • 10,005
  • 8
  • 33
  • 53
143
votes
8 answers

Secure way of masking out sensitive information in screenshots?

As a guy working in security/pentest, I regularly take screenshots of exposed passwords/sensitive information. Whenever I report these, I mask parts or complete info as in the sample given below I often wonder, is it possible for someone to…
xandfury
  • 1,351
  • 3
  • 10
  • 19
102
votes
4 answers

Why is this 435 × 652 pixel JPEG over 6 MB?

This was, before someone helpfully fixed it after seeing this question, a relatively unassuming and tiny photo of a ̶f̶i̶s̶h̶ nudibranch, with 283,620 pixels. It has some metadata: text Exif tags as well as 8.6kB of Color Profile information, and a…
David
  • 782
  • 2
  • 5
  • 9
75
votes
5 answers

Detecting steganography in images

I recently came across an odd JPEG file: Resolution 400x600 and a filesize of 2.9 MB. I got suspicious and suspected that there is some additional information hidden. I tried some straight forward things: open the file with some archive tools; tried…
Chris
  • 905
  • 1
  • 6
  • 8
66
votes
3 answers

Are the sticks of RAM in my desktop computer volatile? Is it safe to sell them?

I have two sticks of RAM in my computer that I would like to sell or donate. From what I understand some RAM is volatile, losing all its contents when power is gone for a few minutes, and some is non-volatile, retaining that information after power…
user250432
58
votes
6 answers

Can wiped SSD data be recovered?

I was reading another post on destroying IDE drives, and how you could remove data, wipe it, or just destroy the drive. The removed data would still be there in some state, although not easily reachable without software. Wiped data is just removed…
cutrightjm
  • 1,714
  • 4
  • 18
  • 31
43
votes
9 answers

What to do when I found a spyware that my spouse has installed?

Today I was trying to uninstall some application and I was very surprised to see this entry in my applications list Then I try to find what is this and I finally found it in "Program Files". After I opened the application and explored it a little…
Green Fly
  • 1,957
  • 1
  • 16
  • 21
42
votes
3 answers

Can you recover original data from a screenshot that has been 'blacked out'?

Is there a threat from screenshots with blacked out info? That is can someone take out that aftermarket addition so to speak? For instance I take a screenshot (using MS snipper) Then I 'blur/blackout' some info Is the picture above vulnerable to…
Matthew Peters
  • 3,592
  • 4
  • 21
  • 39
39
votes
7 answers

At what point is deleted data irrecoverable?

From reading around on the internet I get the impression that barring physical damage, deleted data can be always be recovered using sophisticated digital forensics. For this reason the advice is that you should encrypt your data. So at what point…
Yoshi
  • 407
  • 4
  • 3
28
votes
4 answers

Can anonymizing techniques make you less anonymous?

There's a recent report in the news of a Harvard student who emailed in a bomb threat so as to postpone year-end exams. According to the report, he carefully covered his tracks using the best technology he knew about: he used a throw-away email…
tylerl
  • 82,225
  • 25
  • 148
  • 226
28
votes
5 answers

Is a password-protected stolen laptop safe?

Let's assume I have a Windows 10 computer and my login password has an entropy of infinity. If I did not encrypt my entire hard-drive, does it matter how secure my password is? Is it possible for someone to plug the hard-drive into another computer…
EML
  • 809
  • 5
  • 11
26
votes
3 answers

Techniques for ensuring verifiability of event log files

Bit of newbie at the whole forensics stuff - but I'm trying to find out what I should have in place before an attack. While there is no end of material on the internet about forensics from seizure onwards, I'm trying to find out more about how I can…
symcbean
  • 18,278
  • 39
  • 73
22
votes
7 answers

Computer Forensics: what is in your toolbox?

What tools do you use for collecting evidence, making disk images, inspecting live memory and so on?
gbr
  • 2,000
  • 1
  • 16
  • 22
22
votes
2 answers

Is NTFS encrypted by default?

Can an NTFS volume be read by forensics without having to log into the windows user or provide any passwords? aka can data be read straight from the sectors in clear text?
ZedPython
  • 339
  • 2
  • 5
21
votes
3 answers

What access does UK Police currently have to ISP logs, and what information can said logs provide?

I'm currently researching a novel that has a crime element that centres around Internet-exclusive relationships and I would appreciate any help you might be able to offer regarding how much access the UK police have to ISP logs (and any other…
Gary William Murning
  • 213
  • 1
  • 2
  • 5
1
2 3
33 34