Computer Forensics Miscellany

Computer Forensics Miscellany

In 2009 when I set up this site the aim was to keep it simple and provide a few resources which might assist other computer forensic practitioners to carry out an investigation. As of 2016 I haven't done many updates so some of the papers provide only a historical perspective but are still of value in some investiagtions. 

What you will find here -

  • Messenger Artefacts - How to recover conversations from MSN Messenger and Windows Live Messenger.
  • Triage - Some suggestions on computer forensic case prioritisation and computer forensic triage to reduce examination backlogs.
  • Link Files - Useful information that can be recovered from Windows Shortcut Files.
  • TimeLord - A comprehensive forensic time utility from Paul Tew.
  • Browser Forensics - Web Browser Session Restore forensics, plus some miscellaneous items - What people use as passwords & Lycos Chat Recovery.
  • Windows Thumbnails - Revisiting these well known artefacts (thumbs.db and thumbcache) and discovering something new.

My Favourite Blog

There are so many forensic blogs out there that just regurgitate other blogs so it is refreshing to find one that has original content from a hands-on practitioner -

Richard's blog has lots of detailed explanations of the interesting finds he has come across when examining computers, also with some good reports on a wide variety of sat-nav examinations.

A good staring point for anyone wanting to learn about computer forensics or keep up to date is to follow Harlan Carvey's blog . Harlan is probably the most prolific forensic blogger and if you look at his blog list and follow those links you will gather a collection of material for keeping up to date. I use Update Scanner add-on in Firefox to monitor about 60 blogs in order to keep up to date.