Hacker Factor Forensics

When most people think of computer forensics, they think of disks and data recovery. Tools such as The Coroner's Toolkit and Spinrite aid in this process. But computer forensics have grown to become much more.

Hacker Factor Solutions includes computer forensic specialists that are experienced in both classical computer forensics (data recovery and analysis) and non-classical, such as enhanced forensic tools and profiling.

Enhanced Forensic Tools
Everywhere you go online, you leave a little bit of yourself behind. These residues may be left in log entries, system files, or as hidden fields in images. Our unique tools include:

Thumbs. A tool to extract information from Thumbs.db files. The extracted information includes timestamps as well as actual images.
ImageAna. An image analysis tool. Useful for pulling subtle information out of GIF and JPEG images.
JpegAna. A JPEG image analysis tool. This tool can determine the last changes made to a JPEG image, or detect steganographic information.
JpegQuality. A JPEG image analysis tool that displays the quantization tables and estimates the JPEG quality.

The source code by Dr. Neal Krawetz was released publicly at the Black Hat Briefings USA 2007 conference.
A pre-compiled version for Windows has been provided by Chris 'Xenon' Hanson from AlphaPixel.
A pre-compiled version for the Mac (Intel) is provided by mcandre.

PAM. The Program Alignment Matrix (based on the Protein Alignment Matrix by Dayhoff, et al.). This system shows whether two programs or files share a common base.

Profiling
While forensics provide direct evidence, profiling interprets the forensic information. Forensics cover facts, while profiling addresses probabilities and likelihoods. Hacker Factor has developed profiling tools that include:

PolyWanna. A tools for detecting monoalphabetic and polyalphabetic ciphers.
Author Analysis. The words that people use are unique. The combination of vocabulary, spelling, word frequency, and other attributes define unique people. Our author analysis tools can determine whether two writing samples are likely by the same person, where editing took place, and in some cases, the author's nationality or age. These same tools and techniques work equally well on software source code.
Gender Analysis. Similar to Author Analysis, different genders rely on different words. While certainly not 100% accurate, this system generates a strong probability of an author's gender. The online version of Gender Guesser is available.
Keyboard Profiling. Based on how people type, physical attributes such as left/right handed and type of keyboard can be determined with amazing accuracy.