WORM and hashing
Two interesting and IMO partly related postings were made in the previous days: Sandisk made a press-release about their new write-once-read-many (WORM) storage card, and Jesse Kornblum wrote a blog posting about updates and new features for his hashing tools.
Inverse keylogger
If you (like we once did) get a case where you have to explain ‘random mouse movements and keyboard inputs’, you might want to check for the following device:
http://www.thinkgeek.com/gadgets/electronic/a11e/
It should not be too hard to notice (who would miss some sort of PCB connected to their USB port… 
), maybe they should try and put some more effort into hiding it. Real keyloggers, like the ones from KeyGhost are far harder to detect…
Anyway, this device was not the cause in our case, nevertheless a fun thing to stumble upon (thanks to TB).
Show me your software and I will tell you…
I while back I overheard a conversation where someone was making a firm statement about vendor based certification: “If you don’t visit the regularly held Guidance Software training sessions, you can’t be a proper forensic examiner nor do a proper forensic investigation”. Excuse me?