IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [forensics]

Computer forensics works to analyze information on computer systems in an attempt to find evidence regarding certain actions of a process, application, user or computer to determine the source of change within a host, network or device.

Often used within the Information Security field to specifically refer to Digital Forensics. This sub-specialty of forensics science came to being largely in the 1990s as technology began encroaching deeper into society at large. Much like other forensic sciences, the principle goal is to apply the scientific method to the collection and analysis of information stored in digital formats. While primarily used as part of legal investigations, the same tools and methods are frequently engaged as part of an incident response procedure when technical assets are involved.

501 questions
19
votes
6 answers

Defamatory post - obtaining evidence tracing perpetrator right to his laptop

A month ago, someone posted an ad with my personal details, including my home address, my phone number and my photo on an ad with very a very defamatory write up. What followed was a week of calls from strangers and friends calling me up asking me…
Anna
  • 191
  • 1
  • 4
18
votes
6 answers

What should I do when classified information stayed on a unauthorized laptop?

Has anyone ever had to deal with an unauthorized laptop accidentally getting Top Secret level data on it? How did you quarantine the system. Were you required to turn in the entire laptop or were you able to destroy/format the HDD? NISPOM says that…
Crash893
  • 351
  • 1
  • 10
18
votes
3 answers

Can law enforcement track a criminal through dynamic IP address?

I ask because a week ago my home was broken into and, among other things, my iMac computer was stolen. I am desperate to get it back because it has all the pictures of my daughters from the last several years (did not back up any where else). I…
Ruth Bravo
  • 181
  • 1
  • 1
  • 4
17
votes
3 answers

Is there a real-world example of SSD data recovery?

Secure data deletion is known to be more complicated and elusive on a solid-state drive than for a regular hard drive. For instance, the logical block mapping on the SSD's flash translation layer makes it impossible to reliably overwrite specific…
Arminius
  • 43,922
  • 13
  • 140
  • 136
17
votes
4 answers

Network Forensics - what is in your toolbox

In similar vein to this question on computer forensics, what tools would you have in your toolbox for infrastructure and network forensics. Typical example cases would be if you were called in either after an incident, or on suspicion of an…
Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
17
votes
7 answers

Is there a need to image the hard drive when using a write blocker?

Forensics books often recommend working on an image of the hard drive instead of the original drive. Should I take this precaution even if I use a write blocker? If so, why?
Othman
  • 587
  • 5
  • 16
16
votes
6 answers

How are attacks and APTs attributed?

It's increasingly common to see major attacks on governments and corporations attributed to a specific country or group. Typically we don't know for certain, but it's at least suspected. Given the general anonymity of the internet and the ability…
NotMyRealName
  • 161
  • 2
16
votes
1 answer

Did someone really plug an iphone in, or are these symptoms of an exploit attempt?

My syslog indicates that someone plugged an iPhone USB device into my desktop at 4am today, for about 10 minutes. I'm checking physical security logs to see if there was someone in the room, but in the meantime I'm trying to investigate whether…
Jeromy Evans
  • 263
  • 1
  • 5
15
votes
1 answer

What should be included in a jump bag and how often should it be reviewed?

What items should be included in a jump bag? How often do you review your jump bag?
sdanelson
  • 1,267
  • 10
  • 21
15
votes
2 answers

Are there any tell-tale signs of self-hacking?

After the Mt.Gox crash, and also keeping in mind recently published attacks on Target and Neiman Marcus, one is led to believe that sometimes so-called hacking is perpetrated by insiders. What are the tell-tale signs of an insider-led compromise as…
Deer Hunter
  • 5,297
  • 5
  • 33
  • 50
15
votes
2 answers

Can it be proved that two CDs were burned by different computers?

A friend of mine made a personal data CD. Days later he found a copy elsewhere. He wants to prove the copy didn't come from his computer, but that someone took the CD and copied it from another computer. Can it be done?
ASalazar
  • 261
  • 2
  • 5
14
votes
3 answers

How to recover securely deleted data

Since we all know files are recoverable with programs after being deleted from the recycling bin, everyone is told to do secure wipes by putting random data over the files you're deleting on the disk itself. From what I understand with Hard Drives…
Canadian Luke
  • 296
  • 3
  • 13
14
votes
5 answers

Is it possible to recover securely deleted data from a hard drive using forensics?

Is it possible to recover securely (or wiped out) deleted data from a hard drive using forensics? Imagine police have arrested a hacker, and that hacker, before getting caught, has removed all information that leads him/her to be found guilty on…
user41890
  • 157
  • 1
  • 1
  • 3
14
votes
1 answer

JPEG artifacts leaking information about redacted contents

It was mentioned that JPEG should not be used between image creation and redaction of sensitive contents, because compression artifacts around the redacted area may leak information. Given how this lossy format works, this makes sense. Is there any…
forest
  • 64,616
  • 20
  • 206
  • 257
14
votes
1 answer

Do burned DVDs contain trackable information?

I'd like to know if it's possible to burn a video DVD (not just a regular CDFS DVD with video files in it; I mean a DVD that you can play the video of using regular DVD players), without the possibility of people in possession of the DVD being able…
Privacy please
  • 143
  • 1
  • 5
1
2
3
33 34