Difference between revisions of "Joachim Metz"

From ForensicsWiki
Jump to: navigation, search
(6 intermediate revisions by the same user not shown)
Line 1: Line 1:
Talking about yourself in third person is always awkward, but here I go anyway ;-)
+
[[File:Joachim Metz.jpeg|right|Digital Chalk Outline]]
  
Joachim Metz is a digital forensic investigator currently working at Hoffmann Investigations.
+
Joachim Metz is a Digital researcher, IT/IS specialist.
Hoffmann Investigations mainly performs digital forensic investigations for corporations (private law).
+
  
My background is Information Communication Technology (ICT) in multiple disciplines like: system and network administration, programming, deployment, etc. and also Information Security (IS).
+
In 2006 he started working in the field of computer forensics as a digital forensic investigator at Hoffmann Investigations.
I have been working in the field of digital forensics for several years now.
+
At that time Hoffmann Investigations carried out digital forensic investigations for organisations (private law).
  
(Philosophy warning!!!) In my opinion digital forensic investigators should be transparent in both their findings and methods.
+
Before that he worked in multiple Information Communication Technology (ICT) disciplines like: system and network administration, programming, deployment, etc. and also Information Security (IS).
The statement "the tool provided me with the evidence" just does not cut it for me.
+
He has been working in the field of digital forensics for several years now.
I my experience have seen a lot of serious errors in 'digital forensic software' and corresponding human interpretation.
+
Therefore I have put a lot of effort in providing alternatives and means to verify findings by breaking open file formats and improving file recovery methods.
+
  
(Ancient history alert!!!) For me breaking open file formats dates back to Might and Magic 3 save games and recovering deleted and corrupted files under DOS using PCTOOLS.
+
''Philosophy warning''
  
(Marketing alert!!!) Some recent results are the file format libraries like: [[libewf]], [[libmsiecf]], [[libnk2]], [[libpff]] and recently [[libesedb]]
+
In his opinion digital forensic investigators should be transparent in both their findings and methods.
and the proof-of-concept carving tool called [[ReviveIt (revit)|revit]], that even seems to surprise me of it versatility (being able to support in recovering NTFS compressed files).
+
The statement "the tool provided me with the evidence" just does not cut it.
 +
In his work he experienced a lot of serious errors in 'digital forensic software' and corresponding human interpretation, e.g. tools that represent the FAT access date as a date and time value and is interpreted as such. He has put a lot of effort in providing alternatives and means to verify findings by breaking open file formats and improving file recovery methods.
  
But that's the challenge I like about the field of digital forensics, there is a lot out there still to be discovered ;-)
+
''Ancient history alert''
 +
 
 +
For him breaking open file formats dates back to Might and Magic 3 save games and recovering deleted and corrupted files under DOS using PCTOOLS.
 +
 
 +
''Marketing alert''
 +
 
 +
Some of his recent work are file format libraries like: [[libewf]], [[liblnk]], [[libmsiecf]], [[libnk2]], [[libpff]] and [[libesedb]]
 +
and the proof-of-concept carving tool called [[ReviveIt (revit)|revit]], which keeps surprising him because of its versatile application even in recovering NTFS-compressed files.
 +
 
 +
More info can be found on [http://code.google.com/p/libyal/ libyal].
 +
 
 +
The challenge he likes about the field of digital forensics is that there is a lot out there still to be discovered ;-)
  
 
[[Category:People]]
 
[[Category:People]]

Revision as of 09:25, 26 August 2012

Digital Chalk Outline

Joachim Metz is a Digital researcher, IT/IS specialist.

In 2006 he started working in the field of computer forensics as a digital forensic investigator at Hoffmann Investigations. At that time Hoffmann Investigations carried out digital forensic investigations for organisations (private law).

Before that he worked in multiple Information Communication Technology (ICT) disciplines like: system and network administration, programming, deployment, etc. and also Information Security (IS). He has been working in the field of digital forensics for several years now.

Philosophy warning

In his opinion digital forensic investigators should be transparent in both their findings and methods. The statement "the tool provided me with the evidence" just does not cut it. In his work he experienced a lot of serious errors in 'digital forensic software' and corresponding human interpretation, e.g. tools that represent the FAT access date as a date and time value and is interpreted as such. He has put a lot of effort in providing alternatives and means to verify findings by breaking open file formats and improving file recovery methods.

Ancient history alert

For him breaking open file formats dates back to Might and Magic 3 save games and recovering deleted and corrupted files under DOS using PCTOOLS.

Marketing alert

Some of his recent work are file format libraries like: libewf, liblnk, libmsiecf, libnk2, libpff and libesedb and the proof-of-concept carving tool called revit, which keeps surprising him because of its versatile application even in recovering NTFS-compressed files.

More info can be found on libyal.

The challenge he likes about the field of digital forensics is that there is a lot out there still to be discovered ;-)