computer forensics, computer forensics expert, mobile phone forensics, expert witness

Category: Computer Forensics

Was the firewall blocking traffic? Identifying active firewall rules using registry analysis.

I came across this question recently in relation to claims that access to a Windows 8 host via Windows Remote Desktop Protocol was blocked by the firewall configuration. This post describes my research into the registry artefacts related to answering the question, and provides a patch to RegRipper to assist in analysis. Theory of operation Windows 8 uses the same firewall configuration entries used by Windows 7. Windows ships with a number of firewall rules enabled, and these may be added to or modified by the user, for example using the windows firewall control panel applet.

Read more...

OzCar email faked by producer

In late June I wrote about the forged email that had been at the heart of a political scandal. Mr Godwin Grech at the time claimed he had received an email from the office of the Prime Minister of Australia pushing for preferential treatment of a friend of the PM. The Australian Federal Police raided Mr. Grech’s home and found the email in question, deleted, on his home computer. They pronounced it a fake.

Read more...

Presentation: Digital Evidence and the Information Security Manager

I had the pleasure of addressing a seminar related to forensic readiness yesterday to a co-located meeting of three Brisbane professional groups: The Australian Information Security Association (AISA) The Chartered Practicing Accountants (CPA) IT Discussion Group The Information Systems Audit and Control Association (ISACA) Thanks to the attendees for their high degree of participation – it always makes for a lively and engaging time when the audience share their experiences and questions.

Read more...

Fraudulent email: lessons learned from the OzCar scandal

By now, all but the most naïve of us are immune to the promises of Nigerian riches and the disquieting urges to action from banks which find their way into our email inboxes. Fraudulent emails barely rate any action or consideration beyond that needed to delete them from our inbox. Why is it then that the leader of the Australian opposition, and one of Australia’s most senior lawyers besides, has been tripped up by a fake email?

Read more...

Schatz Forensic launched

Since March I have returned to practicing under my own banner. I have taken this opportunity to change the name of my company to Schatz Forensic, to better reflect the focus of the business and the personal nature of the services that I offer. Schatz Forensic is now operating out of premesis in the Brisbane CBD, and continues to offer the same computer forensics and electronic discovery services that I have provided in the past.

Read more...

Ph.D. Thesis Published

My Ph.D. thesis was accepted by my university a while ago. A result of this is that my thesis is now publically available at the Australian Digital Thesis project. The citation for the thesis is reproduced below. This thesis addresses problems related to the complexity and volume of evidence drawn from computers and other digital devices (so-called digital evidence) in policing and legal matters. The research identifies methods for increasing the efficiency and reliability of investigations employing digital evidence, by proposing automated methods of processing and documenting such information.

Read more...

E-Forensics 2008

The 1st International Conference on Forensic Applications and Techniques in Telecommunications, Information and Multimedia (e-Forensics 2008) is being held in Adelaide, Australia from 21st - 24th January, 2008. The second call for papers is still open. (via Andrew Clark)

5th Australian Digital Forensics Conference

The 5th Australian Digital Forensics Conference will be held from 3rd-4th December 2007 at Edith Cowan University, Perth, Western Australia. The call for papers is open until 1st September.

ACM SIGOPS Operating Systems Review Special Issue on Computer Forensics

I haven't seen this announced widely. A special issue of the ACM SIGOPS Operating Systems Review, focusing on computer forensics, is currently accepting papers. More details are here