[RP]: Ripping Volume Shadow Copies
Corey Harrell started a series of posts about VSC at the “Journey Into Incident Response” blog:
Corey Harrell started a series of posts about VSC at the “Journey Into Incident Response” blog:
A nice paper:
“A paper about how Microsoft’s WOW64 technology unintentionally fools IT-Security analysts. “
http://cert.at/downloads/papers/wow_effect_en.html
Nice article on data gathering from MS Outlook files:
Nice post about timelining for Windows images:
http://computer-forensics.sans.org/blog/2011/08/01/ultimate-windows-timelining
[source: http://computer-forensics.sans.org/blog/2011/03/17/digital-forensics-case-leads-file-systems-memory-forensics-pedophile-takedown]
There’s a nice article at SpiderLabs (Sniper Forensics – Part 1: A Brief History Lesson) which summarizes three interesting thesis and adopts them to modern problem solving and investigations (e.g. forensics).
(by William of Occam / Ockham)
When selecting hypothesis, the one that makes the fewest number of new assumptions is more likely to be correct.