[RP]: Ripping Volume Shadow Copies

Corey Harrell started a series of posts about VSC at the “Journey Into Incident Response” blog:

[...]

[RP]: The WOW-Effect

A nice paper:

“A paper about how Microsoft’s WOW64 technology unintentionally fools IT-Security analysts. “

http://cert.at/downloads/papers/wow_effect_en.html

[...]

You’ve Got Mail! – The PFF File Format

Nice article on data gathering from MS Outlook files:

You’ve Got Mail! – The PFF File Format

[...]

Ultimate Windows Timelining

Nice post about timelining for Windows images:

http://computer-forensics.sans.org/blog/2011/08/01/ultimate-windows-timelining

[...]

Collection of Links to File System Information

[source: http://computer-forensics.sans.org/blog/2011/03/17/digital-forensics-case-leads-file-systems-memory-forensics-pedophile-takedown]

[...]

Basics on Problem Solving & Investigations

There’s a nice article at SpiderLabs (Sniper Forensics – Part 1: A Brief History Lesson) which summarizes three interesting thesis and adopts them to modern problem solving and investigations (e.g. forensics).

Occam’s Razor / Lex Parsimoniae

(by William of Occam / Ockham)


When selecting hypothesis, the one that makes the fewest number of new assumptions is more likely to be correct.

[...]