General Discussion: YOU and your rigs video card
348 billions<img src="images/smiles/icon_eek.gif" alt="Shocked" title="Shocked" /> NTLM passwords per second <img src="images/smiles/icon_exclaim.gif" alt="Exclamation" title="Exclamation"...
View ArticleDigital Forensics Job Vacancies: Assistant or Associate Professor and Program...
Assistant or Associate Professor and Program Director Master of Science in Digital Forensic Management and Digital Forensic Science The Division of Information Technology and Sciences at Champlain...
View ArticleGeneral Discussion: find out if user booted from CD
digitalcoroner wrote: I'm trying to determine if workstation was used to download/burn the Live CD. Such things are usually downloaded as an ISO file, so check for such files within the active file...
View ArticleGeneral Discussion: Secure Deletion Software
Depending on why you want to delete the information, the trick might also be in hiding the use of deletion software. That can be a different, and trickier, question.
View ArticleMobile Phone Forensics: How are some SMS encoded within blackberry memory?
Interesting.. thanks for the replies everyone. So RonS, I'm not sure if you can speak to this, but is there a publicly released method for identifying some of these texts? I've been asked to see if I...
View ArticleMobile Phone Forensics: Deleted BBM problems via Cellebrite
Now that you mention this, I have seen quite a few extractions showing quite a few 'one party' chats, but they haven't really been of interest yet so I haven't looked into it. So yes I think I'm seeing...
View ArticleMobile Telephone Case Law: GPS Analysis
Andy I am deeply sorry for the delay in replying upon your last reply on my question. Thanks you, much appreciated.
View ArticleGeneral Discussion: LUKS encrypted drive - what to do?
I received a Macbook Air computer and the drive on it seems to be an encrypted Linux operating system. FTK Imager shows that the drive has 2 "Linux Native" partitions: a 500 MB partition and 121 GB...
View ArticleGeneral Discussion: HashTab questions
Explain how it is "booby trapped" A computer forensic practitioner should be able to articulate themselves to the layman as well as the other experts. Dominic wrote: Thanks guys. Just as a warning, the...
View ArticleGeneral Discussion: manually carve a file from image
As joethomas asked, what type of file is it? There are many files that standard carving programs will not find, eg .dat , .txt or ones for very specific applications My approach would be to use a hex...
View ArticleForensic Software: noob question about Metasploit
Was it a bad idea for me to attempt to download Metasploit? I was trying to get a copy of it on to my thumbdrive, and I ended up getting virus warnings about several infected files, including a...
View ArticleGeneral Discussion: HashTab questions
Admittedly, I was tired when I tried to get HashTab the first time. But, I somehow ended up with all kinds of time-waster programs that were likely carrying malware. (These were game apps and the...
View ArticleGeneral Discussion: iCloud
With the right warrant and his username and password (which you may be able to recover from his computer) you can use a elcomsoft tool to download his icloud information...
View ArticleGeneral Discussion: What goes in a forensic toolkit?
nat038 wrote: OK thanks again so far. The intent would be to able to provide an eD *and* full forensic service across all types of application and systems. Really what I'm looking for is a generalised...
View ArticleGeneral Discussion: Microsoft Surface RT
jaclaz wrote: @PaperClip_CCE The Surface does NOT run Windows 8, it runs Windows RT. It is NOT a i386 platform, it is an ARM one, for all the info there are, ONLY Windows RT can currently boot on that...
View ArticleGeneral Discussion: Found this in Unallocated space. Help me confirm...
What all did you try already before posting? DecipherTrent wrote: Hey all, I am humbling myself before my peers and asking the question of the following string. Þ:2008120120081208:...
View ArticleGeneral Discussion: where in windows registry are software patches listed
I like to load up the image as a VM and just check it that way. I find that more reassuring than checking the registry for some things because the data is being parsed in it's native application so...
View ArticleGeneral Discussion: Tell-tale signs of a RAT/Trojan has been initiated
Thanks. Can one be certain that the Trojan was not executed if there are not such indications?
View ArticleForensic Software: Can Sophos Endpoint Security Software interfere with EnCase?
Hi, Can Sophos Endpoint Security Software interfere with EnCase processing particularly if the drive in question contains viruses?
View Article