Computer Forensics Miscellany

Computer Forensics Miscellany

In 2009 when I set up this site the aim was to keep it simple and provide a few resources which might assist other computer forensic practitioners to carry out an investigation. As of 2016 I haven't done many updates so some of the papers provide only a historical perspective but are still of value in some investiagtions. 

What you will find here -

  • Messenger Artefacts - How to recover conversations from MSN Messenger and Windows Live Messenger.
  • Triage - Some suggestions on computer forensic case prioritisation and computer forensic triage to reduce examination backlogs.
  • Link Files - Useful information that can be recovered from Windows Shortcut Files.
  • TimeLord - A comprehensive forensic time utility from Paul Tew.
  • Browser Forensics - Web Browser Session Restore forensics, plus some miscellaneous items - What people use as passwords & Lycos Chat Recovery.
  • Windows Thumbnails - Revisiting these well known artefacts (thumbs.db and thumbcache) and discovering something new.

My Favourite Blog

A good staring point for anyone wanting to learn about computer forensics or keep up to date is to follow Harlan Carvey's blog . Harlan is probably the most prolific forensic blogger and if you look at his blog list and follow those links you will gather a collection of material for keeping up to date. I use Update Scanner add-on in Firefox to monitor about 60 blogs in order to keep up to date.