Get Involved


As we continue to strive to bring you the latest happenings in the world of digital forensics, we are on the look out for anyone who has a story to tell or something to share that would benefit the wider profession.

If you are:

  • researching a particular aspect of digital forensics
  • have developed a new tool that you would like to share
  • been involved in a case that has raised specific issues

then we want to hear from you.

If you have already written an article that has not been published or even one that has been published with a limited distribution and would like a wider audience, we are happy to discuss its suitability for any of our publications:

  • Magazine
  • Web White Paper
  • Newsletter


If you want a slightly less formal outlet than the web site or magazine, but still have something to say, we still want to hear from you for the DFM Blog and/or newsletter, if you:

  • have an opinion on a recent news item
  • a short story to impart
  • need an outlet for your frustration

We are looking to identify a number of you who would like to be regular contributors to the Blog or maybe provide less formal articles for the newsletters.

Technical Tools / Application Developers

Have you created a tool or application that you would like to share with others? If so, then contact us immediately.

Many practitioners develop their own tools and applications to deal with specific situations that arise. Rest assured that you would not be the only one who will meet that situation. So if you are prepared to share your tools with others, we have established a tools download section on the DFM website.

All tools will come with the normal safety warnings regarding their use, and using our outlet will get you feedback from your peers.

Technical Reviewers

Do you have the time and ability to technically review an article or tool/application? Then we want to hear from you.

At DFM we are always on the look out for people who are willing to carry out technical reviews of articles or tools/applications. We already have a waiting list of vendors who would like us to provide a technical review of their products, if you would like to join our team of technical reviewers; then contact us now.

Technical reviews will be published on the website and on occasion in the magazine, with the review fully attributed to the reviewers, if they so wish. You must not be a competitor or employee of the vendor who is supplying the technology for review, and you must have the skills and facilities to carry out any review. This is ideal for Universities or who have access to labs or those who have their own lab.


If you would like to get involved in any way, then drop us a line.

Send an email to providing a short biography and what aspect of DFM you would like to get involved with. We will then send you further details on how to proceed, in the area you have chosen.

Join the virtual team here at DFM and “Get Involved”



Digital Forensics to the rescue – recovering critical data after a format and reinstall!

Pete Membrey, an author for Digital Forensics Magazine describes how to recover all your lost critical data should you ever have to reinstall an Operating system or reformat your hard drive.

Here’s a little snippet:

It happens to all of us – sooner or later we lose data. Sometimes it’s important, others not, but rest assured it will happen. Even the most careful of us who take backups with something akin to religious fervor occasionally make mistakes. And so it was that I got a phone call from a very upset young lady who had just lost six months worth of work.

Her company had decided to refresh her PC and told her to drag and drop everything of importance on to the network share. This she did, but was unaware that some of the items had not been copied and were in fact just shortcuts. The weird thing though (or maybe not, I’m not a Windows expert) is that whilst some Excel files copied perfectly fine, one or two copied as shortcuts – and those of course were the important ones. After the copy had been made, the PC was whisked away, formatted and given to another colleague. A few hours later my friend discovered that her spreadsheet was no more and meanwhile her colleague was busy working away on her new machine.

So we have a spreadsheet on a machine that has been formatted, has had Windows reinstalled and is currently in use. The chances of recovering the data weren’t all that great but the work was sufficiently important that it was worth a try. I told her the first thing to do was get hold of the original PC, turn it off and make sure no one goes near it. Most operating systems continue to write data to the disk even if they’re otherwise idle. This is actually a good thing as it tends to make the machine more responsive – but that last thing I wanted was for the part of the disk containing the spreadsheet to get over written.

You can read on at Pete’s blog.



Battling Cyber Threats

Today, virtually every area of life depends on a cyber infrastructure that is vulnerable to attack. According to a recent report by the Center for Strategic & International Studies, sensitive U.S. military and civilian networks have been “deeply penetrated, multiple times, by other nation-states,” and hackers employed by terrorist and criminal organizations are a constant and serious menace. In an August 2010 survey by Symantec, of 1580 private businesses in industries such as energy, banking, health care, and other areas of critical infrastructure, more than half reported politically motivated cyber attacks, averaging 10 attacks in the past 5 years.

Computer security experts say the United States faces a radical shortage of highly skilled cybersecurity professionals who can prevent and combat such attacks. One federal official has estimated that there are only 1000 cybersecurity experts in the United States who have the deep technical knowledge required to safeguard national security; tens of thousands are needed, he believes. 

Read on at Science Careers (05/12/10)



New Windows zero-day flaw bypasses UAC

A new zero-day exploit in Microsoft Windows was disclosed today. The exploit allows an application to elevate privilege to “system,” and in Vista and Windows 7 also bypass User Account Control (UAC). The flaw was posted briefly on a programming education site and has since been removed.

The exploit takes advantage of a bug in win32k.sys, which is part of the Windows kernel. The flaw is related to the way in which a certain registry key is interpreted and enables an attacker to impersonate the system account, which has nearly unlimited access to all components of the Windows system. The registry key in question is under the full control of non-privileged users.

The flaw appears to affect all versions of Windows back to at least Windows XP, including the latest Windows 2008 R2 and Windows 7 systems. On its own, this bug does not allow remote code execution (RCE), but does enable non-administrator accounts to execute code as if they were an administrator.

Read on at Naked Security (01/12/10).



Issue 5 is Here

Hi folks,

Issue 5 of Digital Forensics Magazine is here. This time we’ve put together some great content on topics as far reaching as criminal profiling and volatile memory heap analysis; as well as the usual Legal section, From the Lab, and Angus Marshall’s IRQ column. We also welcome the world-famous, forensics commander-in-chief, a.k.a. Rob Lee, as one of our regulars who will be taking forward his own column in each and every issue from now on (now that’s value for money!). Also, we’ve introduced another new column to our format, this time concentrating on Mac Forensics (entitled Apple Autopsy) and at the helm of that section we welcome Sean Morrissey of Katana Forensic (and the brains behind the Lantern iOS forensics product and the forthcoming book from Apress on iOS forensics).

This is also the first of a series of special issues we’re putting together that focus on very specific themes of forensics. This idea came from a variety of 360 feedback letters and we believe it is a fantastic way of ensuring you get the biggest bang for you buck from your subscription. Issue 5 focuses on all aspects of Training & Education, opening the Pandora’s box of all the difficult issues of professionalism that you face every day.

Finally, we hope that you enjoy this issue of Digital Forensics Magazine, and please spread the word as we’ve really enjoyed our first year and want to make sure we continue publishing long into the future. We welcome all comments to our 360 department and will attempt to answer all your letters as quickly as possible.

Bye for now!




SSL, Issue 5 and coming up …

Dear DFM Reader,

We have great news. SSL is now up and running and by prefixing our domain name with HTTPS it will encrypt all communications. We will also be switching this across to a mandatory SSL connection later this year once we’re happy it won’t mess up anyone’s access to the digital edition or downloads area. I hope you are happy about this as it’s based on feedback we’ve had from a few readers and we feel that it’s an important step in securing your personal information and making you feel safer in our online environment, especially with the additional services that are coming up next year – product reviews, additional content and job listings to name but a few.

As you are probably aware, issue 5 will be out in a matter of weeks (1st Nov) and as our anniversary issue (yes, we’re 1 year old) we’ve got a great competition for you this time, to win books from O’Reilly, a media player form Archos and some cool software – but you’ll have to use your skills this time rather than answering just a simple question – so prepare for the great DFM cyber challenge 😉

If you subscription is close to an end (and many of you finish with Issue 5) you might be thinking about renewing. If you are, here’s a little taster of what’s coming up next year:

Situational Awareness & Digital Forensics
Digital Forensics in the Cloud
Netflow & Forensics
Using SIEM in Forensic Investigations
Wireless Networks & Digital Forensics
Deep Packet Inspection on High Speed Networks
Data Breach Investigations
New Series on CSIRT’s
Steg Signature Detection
BotNet Forensics
Digital Forensics Outsourcing
Social Networking Spy

Continuing Article Themes:
Lucas Donato – Criminal Profiling – An in depth look at the phases of a computer hacking attack.
Ron Tasker – Volatility – Finding a Rootkit and hidden processes.

If you want to re-subscribe, just head to the DFM website and sign up for another year to make sure you don’t miss an issue or lose vital access.

Finally, thanks for all your feedback and support over the past 12 months, we’ve had a blast, and we appreciate all your letters and comments, they keep us true to our promise to you to deliver the best forensics magazine on the planet. If you have any other suggestions of how we can improve, please just let us know at

Tony Campbell



Scientists ‘hack’ quantum cryptography

Computer Scientists from Norway have perfected a method of attacking quantum cryptography systems using lasers allowing them to listen to communications while being completely undetected.

Quantum cryptography is most commonly used to securely transfer keys and was considered to be un-hackable, as any attempt to attack the system and measure quantum data will disturb it. The system then detects this, ensuring the communications remain secure.

The team of scientists from three academic institutions in Norway developed a technique that remotely controls the photon detector. In effect, the use of the laser blinds the photon detector. Using a stronger pulse of lasers, data can then be transmitted without detection as the pulse is not a quantum process.

A report, published by the scientists, explains how, theoretically, anyone could implement the attack by using ‘off-the-shelf’ components.

Various quantum cryptography developers have been made aware of the vulnerability and ID Quantique have corroborated with the researchers to make an undisclosed countermeasure.



Lawyers losing cases while struggling with large quantities of Digital Evidence

In today’s modern age, digitally stored evidence is of the highest importance when it comes to legal processes. A survey published by Symantec Corp has shown that many legal companies spanning the EMEA (Europe, Middle East and Asia) region are losing cases, due to the fact that they cannot manage the immense amounts of evidence that is stored on digital media.

Over half of the responses to the survey showed that the problem was identifying and recovering the evidence and that this had caused delays and sanctions as well as the previously mentioned ‘lost’ cases.

Whilst highlighting that many cases are being lost, the report does show that the ability to identify, collect and process the digital evidence from within millions of different pieces of electronic information has had an encouraging effect on many cases.

Joel Tobias, MD of global forensic services firm CY4OR, ( stated that –

“It comes as no surprise that lawyers are facing penalties and losing cases after falling down at the challenge of processing digital information. This is a serious problem for legal professionals as 98 per cent of those surveyed said that the digital evidence identified during e-disclosure was vital to the success of legal matters.”

Joel went on to say how “Digital information needs to be handled with care and all electronic data should be treated as evidence. We’ve seen examples of firms that have used internal IT personnel to gather data for e-disclosure, when they have no understanding of digital forensics. Both areas of expertise rely on the controlled investigation of electronic data and as such are inextricably linked. The legal profession needs to be aware of this synergy, to avoid fines and lost cases. Professionals who are involved in e-disclosure should have a sound understanding of digital forensics and vice versa, to ensure a just and consistent approach.”

It is clear that there is a need for organisations to ensure that they are “Forensically Ready” and have staff trained to gather data in a way that is forensically sound.

The survey was conducted in August 2010, throughout the EMEA region and involved an estimated 5000 lawyers.



Call For The Government To Change Its Approach To Security

Managing Director of BAE Systems-owned consultancy, Detica, Martin Sutherland, speaking at the Homeland and Border Security Conference in London, has called for the Government to change its approach to security.

The audience, which included the new Minister for Security, Paul Neville-Jones, listened as Martin Sutherland analysed how the current economic climate, along the imperative to meet new Government-imposed spending targets, presents extreme challenges when providing security and privacy, especially at a time when the threat level is as high as its ever been. He warned that the current approaches by authorities to strengthen security regimes, “have the potential to become increasingly invasive as organisations sift through ever greater quantities of data in the name of national security”.

Whilst his speech took a strategic look at security across government and how the vast quantities of ever-increasing data needs to be better managed and analysed, the underlying theme was about the technology that could be better utilised to provide the services required by the various government departments charged with the nations security.

His proposed approach initially did not appear to offer anything new; taking a risk based approach to security, automating processes and doing more with less, and using the systems we already have in more intelligent ways. In fact these tenets of security have been at the heart of the government’s security paradigm for many years, however, in the current climate raising and reinforcing these ideals is timely and will resonate with the new Government who need to improve security yet still reduce budgets.

Sutherland went on to suggest that, “Common tools and methods and shared processes across Government”, should address the situation, however, have we not heard this all this many times before? We’ve already seen some successes using these principles, such as with the DVLA integrating information across the Insurance Industry and the Department of Transport to provide information on to Law Enforcement. Nevertheless, these are miniscule gains when compared to the size and amount of data being processed across all Government departments responsible for the nations safety and security.

The real challenge is to change the way Government conducts cross-departmental procurement; budgets are allocated on a departmental basis with little incentive to reward collaboration and sharing. Maybe the new coalition Government will have the appetite to tackle this problem head on, a problem that has been around for a long time?

If we were cynical, we might speculate that this statement by Sutherland is nothing more than a precursor to Detica’s positioning themselves in the circle of trust with the new Cabinet in an attempt to advise on the formulation of the G-Cloud strategy. We’re sure they are not the only service provider looking at how they are going to maintain margin with an ever reducing budget. However, we are not cynical, and Sutherland raises some important issues that do need to be aired. This is certainly a topic that will be returned to over the coming months.



Digital Forensics Magazine Survey

As part of the Training & Education theme for Issue 5 Digital Forensics Magazine is carrying out a global survey. The survey asks digital forensic practitioners around the world to complete the survey with a view to ascertain the level of qualifications held.

The survey investigates the thoughts of practitioners on what they believe are the core competencies required of a digital forensics practitioner. They are also asking what knowledge would be required if there were practitioners graded at basic, intermediate and advanced levels.

Tony Campbell, one of the DFM publishing team said, “By asking the practitioners opinions with regard to international standards on training we hope to inform the debate going on in a number of forums on this topic.

The survey will be open over the next 3 months and we are encouraging all parties with a vested interest in the subject to take the survey to help us all understand the current status of training and education in Digital Forensics and shape the future. This is your profession, help us inform and guide those that are setting standards and making decisions about our profession. “

Readers are urged to take the 3 minute survey today at to make sure their thoughts and opinions are captured.

A summary of the results will be released in forthcoming monthly newsletters available to Digital Forensics Magazine newsletter subscribers, and the main findings will form the basis of an article in the main magazine published later this year.