Difference between revisions of "Joachim Metz"

From Forensics Wiki
Jump to: navigation, search
Line 14: Line 14:
 
(Ancient history alert!!!) For me breaking open file formats dates back to Might and Magic 3 save games and recovering deleted and corrupted files under DOS using PCTOOLS.
 
(Ancient history alert!!!) For me breaking open file formats dates back to Might and Magic 3 save games and recovering deleted and corrupted files under DOS using PCTOOLS.
  
(Marketing alert!!!) Some recent results are the file format libraries like: libewf, libmsiecf, libnk2, libpff and recently libesedb  
+
(Marketing alert!!!) Some recent results are the file format libraries like: [[libewf]], [[libmsiecf]], [[libnk2]], [[libpff]] and recently [[libesedb]]
and the proof-of-concept carving tool called ReviveIt (revit), that even seems to surprise me of it versatility (being able to support in recovering NTFS compressed files).
+
and the proof-of-concept carving tool called [[ReviveIt (revit)|revit]], that even seems to surprise me of it versatility (being able to support in recovering NTFS compressed files).
  
 
But that's the challenge I like about the field of digital forensics, there is a lot out there still to be discovered ;-)
 
But that's the challenge I like about the field of digital forensics, there is a lot out there still to be discovered ;-)
  
 
[[Category:People]]
 
[[Category:People]]

Revision as of 15:03, 16 January 2010

Talking about yourself in third person is always awkward, but here I go anyway ;-)

Joachim Metz is a digital forensic investigator currently working at Hoffmann Investigations. Hoffmann Investigations mainly performs digital forensic investigations for corporations (private law).

My background is Information Communication Technology (ICT) in multiple disciplines like: system and network administration, programming, deployment, etc. and also Information Security (IS). I have been working in the field of digital forensics for several years now.

(Philosophy warning!!!) In my opinion digital forensic investigators should be transparent in both their findings and methods. The statement "the tool provided me with the evidence" just does not cut it for me. I my experience have seen a lot of serious errors in 'digital forensic software' and corresponding human interpretation. Therefore I have put a lot of effort in providing alternatives and means to verify findings by breaking open file formats and improving file recovery methods.

(Ancient history alert!!!) For me breaking open file formats dates back to Might and Magic 3 save games and recovering deleted and corrupted files under DOS using PCTOOLS.

(Marketing alert!!!) Some recent results are the file format libraries like: libewf, libmsiecf, libnk2, libpff and recently libesedb and the proof-of-concept carving tool called revit, that even seems to surprise me of it versatility (being able to support in recovering NTFS compressed files).

But that's the challenge I like about the field of digital forensics, there is a lot out there still to be discovered ;-)