Dark Data Discovery
In January, I wrote about Slack Space on a hard drive/thumb drive/mobile device, and today I am writing about other areas where data is hiding on a hard drive. I intentionally left Device Configuration Overlay (DCO), Disk Firmware Area (DFA)
Before you can do anything with an unstructured file, you first need to identify its file type. Our products start with the following steps: Calculate hashes (MD5, SHA-1, etc.) for the entire file, and match them to known good and/or
In 2008, I wrote a blog entry, Simple Techniques That Fool Forensic Tools, that included an introduction to Alternate Data Streams. Now, I’d like to go into more detail, so that you can better understand the use and danger of
If Dark Data is hidden, how can it be dangerous? How much of a threat can it possibly be? Dark Data is everywhere. It’s hidden in the firmware of the smallest devices, like survelance cameras, printers, TV streaming devices, your
What does Dark Data mean? We use this term on our website, as if it is obvious. In the most basic terms, Dark Data is information that is difficult to find. So, in effect it is sitting in the dark.
Recently, I’ve given some presentations on Dark Data. Back in May, I talked about “Dark Data in Live Forensics“, for the TechPoint – New Economy New Rules breakfast. Last month, I covered the topic in more detail with a presentation called, “Dark
The best approach to a Digital Forensics (aka Computer Forensics or Cyber Forensics) investigation has been to perform a “Dead” analysis of the data storage devices. This requires the imaging (or copying) of hard drives, flash drives, discs, etc. for
Why do people encrypt their data? Well, to protect their information from getting into the wrong hands, of course. But, what if the “wrong hands” is law enforcement, the court system or even your boss? Should they have the right
