Go one level top
Train and Certify
Get Started in Cyber
Courses & Certifications
Search For Training
College Degrees & Certificates
Manage Your Team
Security Awareness Training
Tip of The Day
Top 25 Programming Errors
The Critical Security Controls
Security Policy Project
Critical Vulnerability Recaps
Blue Team Operations
Digital Forensics & Incident Response
Industrial Control Systems
Cybersecurity Innovation Awards
Frequently Asked Questions
GIAC Security Certifications
Internet Storm Center
SANS Technology Institute
Security Awareness Training
October 15, 2017
Data Sanitization In The Virtual Realm and Cloud
In virtual realm data storage, while there are several solutions for sanitizing entire hard drives there are limited ways to properly sanitize the files for an individual virtual machine. If you take a virtual machine out of service it does not make sense to literally have to wipe the entire...
May 1, 2017
Digital Forensics - Automotive Infotainment and Telematics Systems
Powerful Features There is a huge range of features now controlled / enabled by current generation automotive infotainment and telematics systems (Figure 1 — Source), including but not limited to: Digital radioSatellite (GPS) navigationBluetooth connectivity (the vehicle has its own phone number...
February 2, 2011
How To: Forensically Sound Mac Acquisition In Target Mode
Can a Mac hard drive be easily removed for imaging with a forensic hardware imager? It is really a matter of personal opinion, Mac's are an engineering marvel just ask anyone that has had to remove a hard drive from a Mac for forensic imaging and then try to put it back together properly. Depending...
October 4, 2010
How To - Digital Forensic Imaging In VMware ESXi
Paul A. Henry Forensics and Recovery.com Follow me on Twitter As a follow up to my recent SANS Forensic Blog post "How To — Digital Forensics Copying A VMware VMDK" that provided insight in to making a "GUI tool" based copy of a VMware VMDK, I have put together a How To that addresses creating a...
September 28, 2010
How To - Digital Forensics Copying A VMware VMDK
Having recently seen a number of requests on the security and forensic list servers that I participate in requesting recommendations / procedures for copying the disk (VMDK) for a specific Virtual Machine (VM) within a VMware environment for analysis in an incident response, I put together a quick...
September 22, 2010
Quick Look - Cellebrite UFED Using Extract Phone Data & File System Dump
It is not the intent of this blog post to be an all-encompassing guide to the forensic analysis of an iPhone. Rather it is a look at some of the tools I use in my practice and how they can be applied to iPhone forensic analysis. That being said, let's get to it. Why would you use the Cellebrite...