Creating Screenshots and Recordings in Digital Forensic Investigations Using Free Mac Tools

There are many reasons why anyone working in the digital forensics/incident response profession should have the ability to record the screen of their computer. Whether it is recording the actions taken during an investigation so another person can replicate them, recording an adversaries activity on a victim machine, or simply creating some training videos,

Finding Deleted URLs in Mozilla Firefox places.sqlite File

Issue: URLs visible within the places.sqlite database file when viewing the file in hex view that are not visible when viewing the file in SQLite Manager or FTK’s viewer.  The URLs seen in hex view are relevant to the investigation. Test Information: Path for Mozilla information (Windows XP):  C:\Documents and Settings\%user%\Application Data\Mozilla\Firefox\Profiles\%uniquevalue%.default\ OS:  Windows XP SP 3, 32

Understanding Peer to Peer Investigations in Child Exploitation Cases

Peer-to-Peer (P2P) file sharing is one of the fastest and easiest ways for individuals around the world to obtain and trade images and videos of child sexual exploitation.  As of October 2007, the Wyoming Internet Crimes Against Children (ICAC) Task Force has captured 377,044 unique computers sharing image and movie files containing child sexual