Posts Tagged ‘digital forensics’

Girlie’s Xmas Annual – Part I

December 15, 2012

Hello World!  

And welcome to Girlie’s Xmas Xtravaganza !

Well, the Festive Season is upon us and Girlie Geek Productions has been hard at work to bring you extra lolz.

We freely admit that it’s been far too quiet on this blog recently.

So now (drum roll… ) for your general delectation and delight, we bring you not one, not two but three snippets of humour to help get the party underway


Colour Mag

Modern take on Durer's engraving of Eden


Traditional Forensicator’s Xmas Quiz

Limber up, you Lab rats !  Answer the following questions as honestly as you can then count up your answers and see what category Forensicator you are !

1:  A solicitor calls wanting vital picture evidence off a mobile do you:

a) Tell them it’ll be £700 + VAT and it’ll take 30 days to process.

b) Ask for the make & model and give a truthful prognosis on likely results.

c) Tell them it’ll be 60 quid – just chuck it in a Jiffy bag & post it to the Lab.

2: You hear the Met contract is up for grabs, anyone pitching for it has to do a test case.  Do you:

a) Set the Lab’s best Rottweilers on it whilst charging their time to big-budget clients.

b) Take it too seriously & worry they’ve put Stego on there for a laugh.

c) Con Russ May into thinking it’s a real case & pay him to do it for you.

3: You win a large LE contract. Do you:

a) Sack the staff then get them back in on short contracts to maximise profits.

b) Rejoice for 15 minutes then worry that the weight of work might impact on standards.

c) Grab all the students and wannabies you can get your hands on to populate the mobile lab – they’ll only have to push buttons, anyhow.

4: The following statement describes how your organisation sees digital forensics:

a) It’s a gravy train – charge as much as you can for as little work as possible.

b) We eat, sleep and breathe forensics & have little else in the way of conversation.

c) Forensics? No time for that. Too busy making vacuous comments on Twitter.

5: The annual F3 conference is on.  How do you spend the time?

a) Visiting all the vendors just to hoover up the sweeties and freebies.

b) Virtuously on Day 1, pie-eyed on Day 2 & completely wasted on Day 3.

c) Dolling out booze and forensic goodies to favoured police officers in an attempt to curry favour.

6:  A nice fat civil case comes up but the box for analysis is a MacBook Air.  Do you:

a) Suck your teeth, whinge about how difficult it’s going to be and double your normal quote.

b) Dig MacQuisition out of the storeroom, pronto.

c) Know naff all about Macs but take it on anyway.


Now check your score:

Mostly As – You are a medium to large scale forensic shop with nice modern offices in a reasonable location and enough contract work coming in to feel smugly secure. Good luck when you lose your main LE contract.

Mostly Bs – You are a small shop constantly taking on too much work for too little money and being way too thorough to cut much profit but you’re happy because you love the job and your clients think you’re heroes.

Mostly Cs – You are Kraptech Forensics.


Part II coming after the break…


Chin chin, Mr Chandler

March 29, 2011

When it comes to classic crime writing, Raymond Chandler has to be top of the tree. Inventor of the ultimate in hard-boiled investigators, Philip Marlowe, Chandler had an urgent, waspish style of his own. Much parodied but never matched, it was a style that defined the detective novel and inspired a range of unforgettable Film Noir.

Chandler was American, but he lived in England for 12 formative years. During that time, it seems, he started both scribbling down story lines and crafting characters in the pages of a Commonplace book which has just been unearthed at auction. That master of the world-weary wize crack, Marlowe, has been found here in his original UK-based incarnation. Though how he knew about digital forensics will keep researchers guessing for years to come…

Philip Mahalo

Bogard as Marlowe

Mahalo, Borsolino & E-cigarette

I’m an over-worked, under-paid forensic analyst and have been for quite a while. I’m self reliant or a team player, depending on which version CV I send out. In private practice, so some cops don’t like me too well but I get along with the old F3 crowd OK. I’m unmarried, unless you’re talking about the job. I sometimes put people in jail, sometimes keep them out. I like booze and birds and Homefront, though Assasin’s Creed comes a close second. I don’t do marital cases. Go test CMA yourself if you feel like a hero. I’m British born, bred and bored to death. North Country. Spade = Shovel. Enough said. When I get run over by an old lady in a bath chair doing 90 in broad daylight on an empty country high street, if it happens, as it could to anyone in my business, nobody will give a tuppenny tin stuff.

The Big Creep

It was one of those units that had flourished out of a broom cupboard under the stairs for as long as anyone could remember.  Front Reception took ten minutes to locate them on the internal phone system –  some measure of the esteem in which the HTCU was held in that neck of the woods.I had just come off the M6 via the M1 and A14. I needed some B12 to straighten up from the experience.

It was a warm day. Felt like Spring. Blossom out and a myriad of complicated scents hanging in the air. Heavy enough to mute the voice of the OIC, anyhow. Antihistamine could’ve fixed it but he hadn’t figured that yet. His tight throat squeaked out a welcome as honest as a tart’s kiss. I responded, watching him look me over the whole time. He never offered a hand. Traditional stand-off. Prosecution versus Defence. It was going to be one of those mornings.

He was a funny little man. Mouse like and balding. Middle age had caught up with him but the comb-across was still running away.  Well, trying. The room they put us in was about 12’ by 12’. It was hot in there and he quickly removed his jacket. Seemed to me he was glad to do so, though he managed the news well. An empty gun holster swung loosely under one arm. Almost moved me to compassion: I guessed it was intended as an implicit threat but the void spoke more of impotence. However you read it, it was way OTT for CID transporting a suspect computer with fewer than 10 level 1 to 2’s between police premises.

There were two tables in the room. The Advent netbook was on one of them, set out neatly on an antistatic mat. It looked small and innocent. Too small to cause as much trouble as it had. I hesitated for a minute, sweat rising on the back of my neck. Could be a  Zif drive in there, after all. Hadn’t re-read the statement from the other side in my rush and was going on the memory of a regular 120 gig SATA. Maybe should have packed the adaptor. The door swung open and my Oppo walked through. ‘Hi’, he beamed.  Genuine smile, this time.‘How are you? Haven’t seen you in a while.’

The £20 I’d spent on an industry workshop which was ultimately hijacked for advertising by So Smug three years previously suddenly returned on the investment. We shook hands and got down to geek speak. The rest of the two hours it took to wrap the job was pretty much plain sailing. The relative merits of EnCase and FTK, Logicubes and Tableaus, Digestives and Hobnobs – we gabbled through the whole gamut of forensic experience, emerging happier and sadder by lunchtime. Except for the OIC, that is. His eyes wore that glazed, road kill kind of look. Had done since the second technical term flew past. But that was his problem.

The day was still beautiful as I turned my battered Brough Superior onto the road back. I let my mind loosen up as the accelerator went down. The holiday didn’t last long. The guy at the other end of the phone was a PI that’d called before. The ice in my voice said he’d  used up his share of free technical help.

“Can you do a Nokia 7210?”

“Sure,” I said, “What do you want off it?”

“Deleted texts.”

“Uh huh.  Who’s this for?”

“Husband who’s suspicious about his high-flying executive wife.”

“Told you before, I don’t do marital.”

“It’s business.  They’re in business together.”

Yeah, right.  I thought.  The pigs’ll be coming over in formation any time now.

“So the rival’s commercial or physical?”

“Maybe both.  What do you care?”

“And who owns the phone?”

“The husband.”

You sure learn fast, buddy.

“And he’ll sign for that?”

“Yes.  How much will it be?”

“Same as the last one, unless you want a Statement to go with it.”

“Someone else has quoted less.”

“Oh yeah?”

“Yeah. Seventy-five quid. Put it in the post.  No questions asked.”

“Let me guess…  The guy in the Midlands.  Says he’s a forensic analyst but he’s a regular PI fronting for another outfit.”

“So what?”

“So go right ahead and use him.  I’m not interested in a bidding war.”

I closed the phone with an angry expletive. The guy in the Midlands was getting to be a regular irritation. Like the people he was fronting for. It was a real forensics shop alright but the business strategy was about as subtle as Galliano on Glass. It hadn’t improved any since they lost that big LE contract, either. They were spending plenty on online advertising, that was for sure. You could Google ‘One-legged menopausal mothers for moral rearmament’ and their logo would turn up. Can’t beat target marketing.

I knew the main man there. Had done for years. His huge, hulking frame would shamble into all the usual conferences and then hover in some corner like a great cloud of gloom. Wasn’t all that popular, except with the other ex-military types. You could see why. He never approached anyone unless he smelt a business lead. And he always wore the same face. Solid. Expressionless. Last time it smiled, that face was around four months old and about to bring back wind.

For all his physical bulk, Cain Calico left no personal impression. There was nothing to leave. He was a cipher character. Just put there to move the world plot along. Though it was hard to see how. I was still angry enough at the PI’s call to think maybe it was to throw another spanner in the works of my life. Why not? There were enough in there to fix a fleet of Boeings already.

Calico had been trying to muscle in on the PI market for some time. He wanted to join the UK’s biggest representative group but couldn’t without endorsement from two existing, long term members. So he looked through the list of names until he found one he knew. It was mine. The email he sent was as blunt as his features. Told me how I was going to endorse him. Like I’m some 404 aching to hand over hard won clients on a plate. I didn’t trust myself to answer, so ignored it, though the audacity stung. Next thing, I stumble on his alternative route. The guy in the Midlands. The connection was too easy to miss. When he started putting himself around as a forensic ‘expert’, I decided to check him out. Found him on LinkedIn, though he wasn’t shouting about being a PI. The entry told a different story,  three line wonder that it was. But the location matched. And there was one contact. Calico.

Christmas Evenin’ All

December 31, 2010

The gentry watch the workers enjoy their Christmas fayre










It was Christmas Eve in the unit

Two analysts languished there

Hungover, tired and jaded

Tinsel shreds stuck in their hair


They gazed out on a frosted landscape

With no inclination to thaw

And reflected upon the injustice

Of having drawn this year’s short straw


They stared at the dregs of their coffee

And let slip a slight, wistful groan

As they thought of the grub and the telly

They were now missing out on at home


A days’ work was waiting attention

Keyboards and write blockers lay ready

But neither would risk getting started

With stomachs and hands that unsteady


Dim thoughts of the office party

Were starting to get more intense

Like pieces of some insane jigsaw

Where nothing quite fit or made sense


Their bleary eyes met for a moment,

A knowing look, silently shared,

Spoke volumes, for what had gone on there

Could never be publicly aired


It’d lasted ‘til well beyond midnight

With lashings of cheap fizz and beer

And everyone laughing and joking

‘til some clown goosed DC Smith’s rear


But the fuss was for nought, on reflection,

For she was much later espied

Putting a shadowy, masculine figure

In touch with her feminine side


Now, no-one had dared to make reference

To this little faux-pas, just yet

But when one lad started a sweepstake

Everyone took out a bet


In the corner sat the Inspector,

His face was all pasty and grim

The rumour mill had started grinding

And fingers were pointing at him


The whispering and speculation

At least made for innocent fun

And took their minds off the recession

And job cuts that surely must come.


The irony of the sweet carols

And steeple bells, starting to ring

Was not lost on these, our sad heros,

As they pondered what next year might bring


Of comfort and joy came no tidings

But all men must hope on that day

If they couldn’t enjoy Christmas dinner

They’d at least put some b*st*rd away


So they broke seals on two main exhibits

And imaged and indexed and poured

Over every last shred of the data

And turned up some pron and a fraud


Job done, they both left their shift happy

And went home to join in the cheer

Think on this tale, all who now read it –

There’ll be fewer to guard us, next year.


May auld aquaintance etc. etc…


Blue flashing light

The Forensicator’s Windows Song

September 14, 2010

Data forensics is seldom something the average examiner feels like singing about, especially after a hard day’s trawl through the cesspit of some foul offender’s C drive.  Small wonder, then, that one of the foremost forensicators of the 1930’s hid his true day job from the public gaze, preferring to promote an up-beat, cheerful persona as that cheeky, chirruping songster, George Formby.

Yes, when he wasn’t bashing a ukulele or finding a lamppost to lean on, it seems the toothy-grined Northerner was actually hip-deep in Hex.  This much is clear from the recently-unearthed first lyric for one of his most popular hits, ‘The Window Cleaner’.

Revealed here, for the first time, the words show that it was but a short step to the version which we know today.

[Those uncertain of the tune or unfamiliar with the genre can check out the following link: ]

The Windows Gleaner

I’m analysing Windows to earn an honest Bob,
For a nosey parker, it’s an interesting job
Oh, it’s a job that just suits me, forensicators you would be
If you could see what I can see
When I’m gleaning Windows

The office workers surfing porn or stuck on eBay dusk ‘til dawn
They’ve clearly got less brains than brawn
When they’re using Windows.

George Formby

George Formby and his HFS+ 'Snow Job' formatted banjolele

In my profession I work hard to stay right at my peak,
I’ll show the opposition that I am the smartest Geek.

I’ll pick through browser history: it’s easy as the ABC
And then I’ll probe the Registry
When I’m gleaning Windows.

Those dodgy search terms, passwords, links;
I’ll turn up everything that stinks
And put a stop to your hi-jinks
“Cos it’s all there in Windows.

Insiders with a hand in fraud; Blackmailers wishing they had scored
They don’t know every move is stored
When you’re using Windows.

Just let me at a hard disk and I’ll dish up all the dirt
I’ll carve that bloomin’ data ‘til the platters start to hurt

Some Facebook users snap a friend then put up pictures that offend
It’s come to be a modern trend
With eejits using Windows.

Some boastful of their manly traits do funny tricks with training weights
– that wasn’t thought of by Bill Gates
When he invented Windows !

Done for a laugh, whilst on a spree, or just when feeling wild and free
It’s there now for posterity
On PCs running Windows.

Just let me at a hard disk and I’ll dish up all the dirt
I’ll carve that bloomin’ data ‘til the platters start to hurt

Technology is great, for sure, the future will bring more and more
And keep the wolf from my front door
So here’s a toast to Windows!

Geekys’ diary – Sex and Sharp Practice

August 12, 2010

Wednesday 11th August, 1667

Up and to ye Starbuckke house for a Latte, the very vapours of which do help dispel a lingering hangover, for I did make too merry last eve with my good friend Mr. Hardestuffe.

‘Twas the headline from ye Sun which did start it. ‘Man dies in sex stunt with tree’. The very thought did have us convulsed.  The ladies being in the next room, Hardestuffe did question what need the unfortunate victim had of a tree, there being many a man whose wife might pass for wood in conjugal relations. I have heard it said before, yet so women do complain their husbands be brutish and brief in the marital bed. There is much in the old adage that every story hath two sides.

This morrow comes another headline, this time in ye Telegraph, which makes much of a ‘Cult of Apple’. I first think they have just heard of Sir Isaac Newton’s interesting new theory, prompted by an apple’s fall, which asserts that the same force which governs the moon does drag the fruit to earth. It is a wondrous concept and much debated, but not the thing which prompts this ejaculation. Noe, the article asks if iPods, iPads and a great swathe of other iStuffe be addictive. I do confess I am myself much taken with such slinky gadgets but it stretches credulity to the limit to say that buying music online is the ‘digital equivalent of a sexual encounter in which both parties conceal the fact that money has changed hands.’ What nonsense!  The man has plainly never frequented ye Olde Slapper’s Arms on Bankside, much less His Majesty’s Court, where a rustle of petticoats and the vaguest scent of Musk may win whole estates.

I to the office where very quiet and dull.  Yet here to my inboxe comes news from my Lady Lindy that the F3 conference be fixed for November.  I mighty glad, for I could do with a laugh. So, dispatching my booking post haste, I down to the Dog and Dongle for an early lunch and a start on getting ye liver into training in anticipation.

These slow times do breed some strange practices. Such is the desperation of our Northern neighbours that they now do try to gain business by appearing to have City offices.  My colleague, Widget, says that only last month he did see a fine piece of theatre whereby the name of one such country firm did suddenly appear on a meeting room door at the heart of Covent Garden.  What wit did think that out, should take himself a percentage of the proceeds !  Barely an hour of the clock goes by and the meeting is over.  Off comes the name from the door as fast as it went on, to be replaced just as quickly by another.  It was, of course, nothing but a sham but from this showe, and likely the additional purchase of an 020 number, do the clients seem content to believe our yokels have prestigious London premises.  Good luck to them, say I, but do wonder at the clients’ credulous nature.  Did they not find it odd to be surrounded by nothing but Northern accents in a city so famous for its ethnic diversity?

Now comes my champion pigeon, Pye,  bearing new instructions.I see from the LSC grant papers that we did win the worke despite cheaper quotes, which gives me a moment’s triumph.  It seems some other ‘experts’ do promise a mobile phone examination, to include deleted data, for less than 200 l.  I wonder at their audacity as much as their prices for, without advice of the make and model of the equipment, it be impossible to know what may be got therefrom.

tarot wheel of fortune

A Defendant's hopes dashed by ye Forensick Wheel of Fortune

This type of sharp practice, which takes advantage of the lawyers’ being ill informed on matters forensick, does make me mighty crosse. The publick purse be picked by these people, for they will make full charge whether they succeed or not, knowing none will be the wiser.  All pity, too, to the man whose freedom may be lost because those he relies upon to prove his defence be indifferent or incompetent money grabbers.

The Owl Hunting

December 18, 2009

More exciting gems are appearing from a secret stash of lost literary works.

Oriental scholars have been astonished by the latest find – a haiku from the hand of the famous poet and painter, Yosa Buson.

An acknowledged master of the ‘one-breath poem’, which is structured in the set form of 17 syllables arranged in a 5-7-5 pattern, Buson wrote at least 20,000 in his lifetime.  Until recently, his subject matter was always thought to have revolved around scenes from nature.

Now it seems clear that he knew and practiced the ancient art of ‘Susido’ – the 18th century Japanese version of digital forensics – spending hours at his bamboo portable, reflecting on the meaning of various artefacts.

This new example of Buson’s extraordinary talent bears his customary hallmark – the description of only one peaceful scene…

The Owl Hunting

Digital secrets,

Hex, ASCII, Metadata,

Lovely by moonlight.

The artist with his bamboo portable

Pish and Pen Testing

November 28, 2009

The recent find of hitherto unknown works on digital forensics from the hands of famous authors has caused a sensation in both computing and literary circles.  The lost draft of a book idea by Jane Austen, indicates that she knew more than was entirely proper for a lady of her day about the subject.  Now read on…

It is a truth universally acknowledged, that a company in possession of a network must be in want of a pen test. However little is known about the company, the nature of its business, clients and employees, this truth is so well fixed in the minds of competitive geeks in neighbouring counties,  that the company is considered the rightful property of one or other of them.

“Here, Dave,” said his colleague Peter to him one day, “have you heard that Stupidly Rich Corp is going for ISO27001?”

Dave mumbled that he had not.

“But it has” returned he, “Martin in sales has just phoned and told me about it”

Dave made no answer. Half way through a baguette stuffed with bacon, egg, mushroom and beans, he was at that moment more concerned with the assured admonishment he would earn from his wife for spilling sauce upon his freshly laundered jabot.

“Do you not know what that means?” cried his colleague impatiently.

Austen plus computer

The author at her computer

Dave effected a blank expression, the better, he felt, to conceal the source of the distasteful smell which now insinuated from his side of the office.

“Why, you must know that this is a perfect opportunity!  You must devise a pretext to contact them immediately.”

“You are over-scrupulous, surely,” said Dave, at last, “A company that size will have their own IT people.”

“Indeed,” returned his colleague, “but they have not the expertise.”

Dave concealed the guffaw which rose in his throat with a well timed cough.  Slack Space Forensics’ expertise in the field was founded on a three day course in ‘Ethical’ hacking. And they’d snored their way through the post-lunch lectures.

That, Ncat, wireshark,  Metasploit Framework and other freebies, crammed on a couple of 16 Gig ruggedised thumb drives, was all that stood between them and a potentially fatal unmasking.

“My dear fellow,” his colleague continued, “We merely have to convince them we are the best.  The usual bull and one of our fabulously expensive glossy brochures should do it. For good measure, I’ll have Martin spread a rumour down the pub that they have suffered a data loss.

“If we offer them a free Health Check at the same time…  ‘  he mused. “Why, I am quite convinced we could terrify them into a full-scale op in no time.”

“What if they twig it’s all smoke and mirrors?” ventured Dave, uncomfortably.

“Nonesense!” Peter replied, “The beauty of this game, my friend, is that few understand it.  You may depend upon it, the clients have no idea whether they are getting a good job or a crap one.”

Digital forensics – an historical perspective

November 27, 2009

Digital forensics is frequently said to be a ‘new’ science.  In fact, rummaging around in other people’s bits and bytes looking for evidence of their nefarious actions is a time-honoured occupation. There are those who would scoff at this assertion.  But this week’s sensational discovery of a cache of previously unknown manuscripts from the hands of famous writers will give the doubters pause for thought.

These fragments of lost literature, found in the recess of an antique commode sent up to auction by an anonymous owner, have been hailed by experts as an important breakthrough and palpable proof that past generations knew at least as much about the theory and practice of digital forensics as we do today.

In the best, ground-breaking traditions, this blog makes its debut by bringing you exclusive excerpts from these extraordinary texts.