I recently saw a post on the Visual Business Intelligence blog about representing 360 data points. The discussion in the forum was interesting as people demonstrated ways to represent these data points on a single image. I wanted to see what I could come up with. Representing information in effective ways is a good skill for the forensic analyst. I also wanted to try out the conditional formatting feature of Excel 2007 to see what it was capable of. First step was to download the data. Here is what the spreadsheet looks like: Looking at some of the other...

Vista is the first Windows consumer-oriented operating system to come with a versioning file system. This versioning is called Shadow Copy, although it is exposed to the user as Previous Versions. Shadow Copy is available in the Ultimate, Business and Enterprise versions of Vista, and is enabled by default on the primary volume. You need to enable it explicitly for external volumes. External volumes include other partitions as well as other hard drives. Shadow Copy will make a copy of an entire volume, called a Restore Point. You cannot create a Shadow Copy of an individual file. You can though...

The Forensic Discovery book by Dan Farmer and Wietse Venema is now available online. It is a good read and the physical manifestation sits proudly on my desk. I really liked Chapter 7 on The Persistence of Deleted File Information as well as Appendix B on Data Gathering and the Order of Volatility. Highly recommended. The link to the book is here.