Tag: "Forensics"

WinPE 3.0 & Forensics

WinPE 3.0 & Forensics

It is a common task for an investigator to boot a machine using bootable media in the form of DVD or USB and there are countless options available. This tutorial is not intended to replace your favorite Helix CD or preferred method, but you may find this analysis interesting if you are a Windows expert performing a forensics analysis.

Reactivating DECAF in Two Minutes

Reactivating DECAF in Two Minutes

The misinformation on DECAF being shut down and a hoax is alarming and the quality of reporting on this security topic actually worse than usual. Earlier tonight we noticed this update from @slashdot on Twitter: “DECAF Was Just a Stunt, Now Over”, along with this: “Anti-COFEE tool taken down & d/l’ed copies disabled.”. Ok, fair enough, releasing DECAF was a stunt according to its two creators. But then we saw this train wreck of an article by Nick Eaton, the Microsoft Reporter over at the Seattle PI Blogs. So now we’re going to respond, because the incorrect DECAF as a big hoax story, a tool that supposedly never worked, is propagating through the Intertubes. DECAF was a working tool that can be easily re-enabled, because the shut down appears to only be a call back to decafme.org that is now disabled, but is easily spoofed, and we’ll demonstrate how.

Forensics: Beverages Aside, A Look at Incident Response Tools

Forensics: Beverages Aside, A Look at Incident Response Tools

In November, Microsoft’s forensics tool called COFEE (Computer Online Forensic Evidence Extractor) was leaked on torrents for download. The news coverage was much hype about nothing, as many free tools already out there exceed COFEE in features and functionality.

Regular or Decaf? Tool launched to combat COFEE

Regular or Decaf? Tool launched to combat COFEE

About a month ago, there was much news about the release of COFEE into the torrent wild. I even gave my two cents about the much hyped forensics toolkit which is provided to law enforcement for the purposes of easily capturing volatile data from personal computers during evidence collection. A tool to counter COFEE, aptly […]

The Perfect Crime, the perfect alibi: My Facebook Status

The Perfect Crime, the perfect alibi: My Facebook Status

The NY Times brings us the story of Rodney Bradford. He’s the 19 year old Brooklyn man whose lawyer, Robert Reuland, invoked one of the first known “Facebook alibis” in his defense of the 19 year old Bradford on what were a second set of robbery charges he was facing. Since the Facebook defense is […]

Taxonomy of Forensics Geeks

Have you met these types in the forensics forums, lurking in your blog comments, or anywhere else on the Intertubes: The Back-Door Man who knows that MSFT has stealth back doors in Windows, or the Man of Few Words with his pithy “One word: TrueCrypt” style comments? Happy as a Monkey breaks it all down […]

More COFEE Please, on Second Thought…

The forensics tool provided to law enforcement officials created by Microsoft called COFEE  (Computer Online Forensic Evidence Extractor) has been leaked on torrents last week, and this has caused quite a bit of excitement.  Let’s see if the big deal is warranted.