openduck

peter hannay’s personal website

Archive for the 'forensics' Category

Paper: “A Methodology for the Forensic Acquisition of the TomTom One Satellite Navigation System”

December 04th, 2007 | Category: forensics, gps, paper

Title: A Methodology for the Forensic Acquisition of the TomTom One Satellite Navigation System

Authors: Peter Hannay

Abstract
The use of Satellite Navigation Systems (SNS) has become increasingly common in recent years. The wide scale adoption of this technology has the potential to provide a valuable resource in forensic investigations. The potential of this resource is based on the ability to retrieve historical location data from the device in question while maintaining forensic integrity. This paper presents a methodology to acquire forensic images of the TomTom One satellite navigation unit. This methodology aims to be comprehensive and straightforward, while maintaining forensic integrity of the original evidence. However, in consideration of the aforementioned methodology it should be noted that the defined method may not extract all potential evidence and the viability of collected evidence is dependent on future research into the analysis of said evidence. In order to address this consideration, research into this area is currently ongoing.

Demo
Get the Flash Player to see this player.

Files: Full Paper (PDF), Slide Show (PowerPoint), Demo (QuickTime)

No comments

Paper: “LIARS Phase One – A live CD system for extraction of user and owner information from laptop and notebook hard drives”

December 04th, 2007 | Category: forensics, paper

Title: “LIARS Phase One – A live CD system for extraction of user and owner information from laptop and notebook hard drives”

Authors: Peter Hannay, Andrew Woodward, Nic Cope

Abstract
Laptop and notebook theft is major issue worldwide. Many laptops are found by Police, but it is rare that the owner is able to be identified, resulting in the device being wiped and sold. This results in a reduced recovery rare for police and increased payouts for insurance companies. The first phase of the LIARS project modified an existing open source program, chntpw, and used the registry hive interrogation feature. The resulting program is run from a forensically sound live Linux CD, and outputs any relevant registry information to the screen in a text format. This paper outlines the method by which this is done, and gives information about the code modification. It goes on to talk about the next phase of the project, using file carving to examine formatted laptop drives.

Files: Full Paper (PDF)

No comments