When it comes to booting up evidence files acquired from target disk, you got two options. One is VFC and the other is Live View. Both of them could c ...
分类:
其他好文 时间:
2018-05-31 23:06:09
阅读次数:
190
原始数据,如按年龄离散化 。首先元素各值频数的分布。 WOE(Weight of Evidence)反映了自变量对因变量的预测能力。 IV(Information Value)在预测模型中选择最重要的变量是最有用的技术之一。用于根据变量的重要性排列变量。 简化: 结果: IV 值经验规则: IV < ...
分类:
其他好文 时间:
2018-01-14 19:33:15
阅读次数:
412
In my previously article "EnCase missed some USB activities in the evidence files", I mentioned about that EnCase could only "see" few USB records. Ac ...
分类:
其他好文 时间:
2017-10-25 16:40:05
阅读次数:
154
My friend is a developer and her colleague May was suspected of stealing the source code of an important project "X". The Police searched her apartmen ...
分类:
其他好文 时间:
2017-10-06 16:54:13
阅读次数:
208
Usually we will use LiveView or VFC to "boot up" the evidence files acquired from suspect's computer or laptop. What if his/her OS is Win10? Win10 has ...
Although leaders are often thought to be people with unusual personal ability, decades of reserach have fail to produce consistent(一致的) evidence that ...
分类:
其他好文 时间:
2017-07-13 10:24:29
阅读次数:
166
My friend asked me why she could not find some important files in a physical image acquired from an Android phone. She took the evidence tree of an An ...
分类:
其他好文 时间:
2017-07-05 00:33:26
阅读次数:
259
来自俄罗斯的取证大厂Belkasoft,旗下的主力产品Belkasoft Evidence Center有不错的评价,除了BEC之外,咱们Yuri老兄也是佛心来着的,提供了一个免费内存镜像工具RamCapture给同好们享用. 它有32bit及64bit版本,无须安装,直接运行即可.但须以系统管理者 ...
分类:
其他好文 时间:
2016-10-22 11:47:58
阅读次数:
293
As a professional forensic guy, you can not be too careful to anlyze the evidence. Especially when the case is about malware or hacker. Protect your w ...
分类:
Web程序 时间:
2016-09-04 11:40:57
阅读次数:
294
Belkasoft Evidence Center makes me very impressed that it supports lots of evidence type. I have to admit that it’s one of the most powerful forensic ...
分类:
其他好文 时间:
2016-07-02 15:48:20
阅读次数:
184