Posts tagged ‘simple’


August 9, 2012

I recently embarked on my first solo analysis. To say I was nervous was an understatement, but I was determined to get it right. The case involved determining whether files on a rewritable DVD had been tampered with (edited or cut after first recorded) and the files in question were MPEG and text files. Tools used were Encase v6.18 and CD/DVD Inspector. I spent a number of rookie hours (like lethal forensicator hours but longer. 10 Rookie hours = 2 Lethal Forensicator hours) dissecting the DVD in both tools, bookmarking pertinent data, determining file creation, modified and last accessed dates, figuring out where the files in question started and ended on the disc and if there was any indication they had been edited. I also spent a great deal of time researching the file format (UDF) to make sure I had a good understanding of how and when the disc could be written to. This went on for a couple days at which time my boss asked for an update to give to the client. I rattled off my surely impressive analysis and research and, after some consideration, my boss’s only question was:

“Did you watch the video?”


“Uh…no… I was saving that for last…”

“Ok, sounds good so far. So watch the video and let me know, and then I’ll update the client.”

Wait?!?! Did he say I was doing good? YES!

[Insert fist pump moment]

And then I watched the video…

[Insert plane crash noise]

And discovered the content was not what I was expecting at all. The client had sent us the wrong DVD.

What did I learn:

1) Validate your evidence to ensure you have what you think you have… especially when you weren’t responsible for the collection.
2) Plan your analysis before you start. Figure out what steps have the greatest value and how they will lead into other steps.
3) Keep it simple, Stupid! In my case, nervousness over wanting to do well made me overlook the obvious.


This week I received another DVD from the client and the first thing I did was verify the files on the disc by watching the videos. Despite my slight embarrassment from my first run at this case, it was actually a great way to get all my anxiety out of the way. This time I was able to focus more on the case and the tools, and less on wondering if I was doing a good job. In the end, I was able to gather enough evidence to give the client an answer my boss and I were both confident with.

My password is my kid’s name…what’s wrong with that?

December 14, 2011

Your bank, video subscription, webmail provider and classic car forums all require a password. However, not to worry, you have the perfect solution! You use the same password for each website – your favorite ice hockey team and your favorite player’s jersey number.

Your company makes your change your password every ninety days. They make you use eight characters including three of four choices of an upper case letter, a lower case letter, a number and a special character.  Again, no problem!  Your son’s name is Jayden and he was born in ’05 so you combine the two and voila! Jayden05 fulfils all the requirements and it’s easy to remember. And when you need to change it, you have three more kids, a spouse, yourself, your parents’ name, and birth year to use. Easy peasy!

This method seems foolproof except for a couple important things… Read more ►