Some Use Cases and Discussion

BlueRiSC DFI New Article (Digital Forensics Investigator): Hardware-Assisted Advanced Forensics and Cyber Threat Detection

1024 682 BlueRiSC

The goal of any computer investigation is to obtain as much evidence as possible from the computer while at the same time ensuring the integrity of the evidence. It is equally important that investigators find the needed evidence as quickly as possible. Investigation efforts are drastically slowed by privacy and security measures, such as log in passwords and full disk encryption, which have become all-too-common in modern personal computers.1 In addition, stealth rootkits and other anti-forensic techniques further interfere with evidence collection. This article will describe some core capabilities that are necessary for overcoming these obstacles in investigations: bypassing log in passwords, physical memory acquisition, relevant virtual memory acquisition, memory reverse engineering, space-time analysis/anomaly detection, and custom analysis and integration support.

Full text at