Difference between revisions of "Main Page"

From Forensics Wiki
Jump to: navigation, search
m
(archived Linux article)
Line 14: Line 14:
 
;'''[http://blogs.sans.org/computer-forensics/2009/02/04/what-happens-when-you-overwrite-data/ What happens when you overwrite data?]'''.
 
;'''[http://blogs.sans.org/computer-forensics/2009/02/04/what-happens-when-you-overwrite-data/ What happens when you overwrite data?]'''.
 
Data recovery Craig S. Wright explores what happens when you try to cover overwritten data using high-quality scientific equipment. His conclusion: "The values do not tell you what existed on the drive prior to the wipe; they just allow you to make a guess, bit by bit. Each time you guess, you compound the error. As recovering a single bit value has little if any forensic value, you soon find that the cumulative errors render any recovered data worthless."
 
Data recovery Craig S. Wright explores what happens when you try to cover overwritten data using high-quality scientific equipment. His conclusion: "The values do not tell you what existed on the drive prior to the wipe; they just allow you to make a guess, bit by bit. Each time you guess, you compound the error. As recovering a single bit value has little if any forensic value, you soon find that the cumulative errors render any recovered data worthless."
 
 
<small>November-2009</small>
 
;'''[http://www.computer-forensics-lab.org/pdf/Linux_for_computer_forensic_investigators.pdf Linux for computer forensic investigators: «pitfalls» of mounting file systems] [http://computer-forensics-lab.org/lib/?cid=174 (Russian version)], Suhanov Maxim, 2009'''
 
 
The paper opens discussion about building forensically sound Live CD distributions based on Linux. Problems described:
 
* Common misconceptions about "-o ro" mount option (is it forensically sound?);
 
* Bugs in many forensic Live CDs that alter the data on evidentiary media.
 
 
Denis Frati ([[CAINE Live CD|CAINE]] developer) wrote an [http://www.denisfrati.it/pdf/Suhanov_Maxim_bug.pdf excellent review (Italian)] of the bug found in Casper scripts.
 
 
<!--END OF ARTICLE-->
 
<!--END OF ARTICLE-->
  

Revision as of 11:18, 18 December 2009

This is the Forensics Wiki, a Creative Commons-licensed wiki devoted to information about digital forensics (also known as computer forensics). We currently list a total of 686 pages.

Much of computer forensics is focused on the tools and techniques used by investigators, but there are also a number of important papers, people, and organizations involved. Many of those organizations sponsor conferences throughout the year and around the world. You may also wish to examine the popular journals and some special reports.


Selected Forensics Research

December-2009

What happens when you overwrite data?.

Data recovery Craig S. Wright explores what happens when you try to cover overwritten data using high-quality scientific equipment. His conclusion: "The values do not tell you what existed on the drive prior to the wipe; they just allow you to make a guess, bit by bit. Each time you guess, you compound the error. As recovering a single bit value has little if any forensic value, you soon find that the cumulative errors render any recovered data worthless."


(Past selected articles are archived here.)


Topics



You can help! We have a list of articles that need to be expanded. If you know anything about any of these topics, please feel free to chip in.