Saturday, September 14, 2013

Daily Blog #83: Saturday Reading 9/14/13

Hello Reader,
        It's Saturday and I have my collection of links from the week ready to read.

1. We had another Forensic Lunch yesterday, with Joachim Metz, Kyle Maxwell and some of us in the G-C lab. You can watch it with the new Google+ Q&A feature here! https://plus.google.com/u/0/hangouts/onair/watch?hid=AP36tYeu7Y8bHZkP7bb8Bg2D77DjD6W0jyMmb9bquRnsdNvQrxBQ2kZV9LC9cPzkEnsCLvs&ytl=Pj5d6KFrRhw&hl=en&t=0

2. Corey Harrell has a new blog post up, http://journeyintoir.blogspot.com/2013/09/tools-to-grab-locked-files.html, talking about tools that can be used to grab locked files from live systems. Having new tools in your toolbox is always important and this post does a good survey of these.

3. If you are doing Windows 8 forensics you should read this blog post over at Digital Forensic Stream, http://dfstream.blogspot.com/2013/09/windows-8-and-81-search-charm-history.html, talking about how to recover searches made in the Windows 8 search charm. With the search charm being one the central ways of finding documents/app and executing programs in Windows 8 this is very important.

4. Linux Sleuthing updated their SQLite forensics article on recovering deleted records, http://linuxsleuthing.blogspot.com/2013/09/recovering-data-from-deleted-sqlite.html, with the prevalence of SQLite continuing to grow I use tools that recover deleted records on a regular basis. Check this out for a linux based FOSS approach.

5. If you've heard me talk before you know I always talk about differing perspectives in the DFIR spectrum but our unified reliance on the same artifacts. Harlan has a good post up on perspectives, http://windowsir.blogspot.com/2013/09/forensic-perspective.html and you should give it a read.

Short week on links but what I do have for you is the forensic image for tomorrows Sunday Funday!
Download it here!

Get ready for a full forensic challenge with the questions to answer to be put up tonight!