Forensics

clojure community encryption excel forensics ftk games javascript jquery mac ocaml programming puzzles python rock-climbing solaris travel truecrypt unison videos windows zfs

    I was presented with a hard drive encrypted with TrueCrypt. TrueCrypt is unbreakable. Was there anything I could do? (tl;dr: yes)

    ... Read More
    Recently I had to do a forensic acquisition of an iMac hard drive, and it presented many obstacles. The three basic ways to do an acquisition are: 1) Remove the hard drive and use high speed dedicated imaging hardware such as a Logicube, or from a forensic workstation through a write-blocker. 2) Boot the computer using a forensically sound Linux distro, such as Helix, and acquire the internal hard drive using a software tool such as dcfldd or LinEn to an external hard drive or over the network to a server set up for this purpose. ... Read More