SANS Digital Forensics and Incident Response Blog: Author - robertjanm

Digital Forensic Sampling

Robert-Jan Mora and Bas Kloet have released an interesting paper called DigitalForensicSampling.pdf and it's about applying statistical sampling to digital forensics. Digital forensic practitioners are frequently faced with extremely large amounts of data to analyze, a situation that looks to get worse as storage capacities continue to increase. Mora and Kloet propose the use of random sampling for certain types of cases as a means of alleviating this problem.

Here's a quote from the paper's introduction:

In this paper we would like to address a few problems that we encounter in the digital forensic field,in general, which probably will get worse if our methods do not get smarter soon. A few problemsthat the digital forensic community has to deal with are:

  • The amount of data that needs to be investigated in cases increases every year;

Analysis of e-mail and appointment falsification on Microsoft Outlook/Exchange

Author: Joachim Metz

Summary

In digital forensic analysis it is sometimes required to be able to determine if an e-mail has or has
not been falsified. In this paper a review of certain Outlook Message Application Programming
Interface (MAPI)
is provided which can help in determining falsified e-mails or altered
appointments in an Microsoft Outlook/Exchange environment.

About the libpff project

In 2008 Joachim Metz a forensic investigator at Hoffmann Investigations started the libpff project.
At that time the best source about the Personal Folder File (PFF) format in the public domain was
the libpst project. The libpst project dated back to 2002 and had been contributed and

...


The Trojan solved it! Catching a fraudster with another criminal, 'myspacce.exe'

by Robert-Jan Mora

Introduction

I work as a forensic investigator at Hoffmann Investigations (en.hoffmannbv.nl) in the Netherlands. Besides doing a lot of investigations our department develops open source forensic software like:

...