Forensic Software: Filter operating system files
The first Google result for "encase manual" is an EnCase manual. If you open it and search for "NSRL", page 64 shows how to work with the NSRL hash sets.
View ArticleGeneral Discussion: chances of decrypt an encrypted volume in external HDD
Password cracking can take from 1 second to 1000,000,000,000 years approx. Knowing the user could help. Many users only use only a few passwords. Some users create very strong complex passwords
View ArticleGeneral Discussion: File System Forensic Analysis by Brian Carrier still nr1?
It is a bit dated, in that it doesn't have some of the newer file systems, such as exFAT, Ext4, ReFS, and so on. However, file systems don't really change too much, so the ones that are in there (FAT,...
View ArticleMobile Phone Forensics: Locked Iphone 5s
well then, hopefully will have a chance to replicate their findings
View ArticleForensic Software: Low level disk analysis tool for live machine
Maybe you can use a client server solution like f-response and combine it with Encase. If you have an Encase 7 license you can create a servlet and use it like Enterprise but only 1:1.
View ArticleEducation and Training: Books that every Forensics Investigator should read
Some classic/essential texts (note: one or two are now a bit long in the tooth, although some have more recent editions): Forensic Computing: A Practitioner's Guide - Tony Sammes and Brian Jenkinson...
View ArticleEducation and Training: Books that every Forensics Investigator should read
jamie wrote: Forensic Computing: A Practitioner's Guide - Tony Sammes and Brian Jenkinson The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics - John Sammons File System...
View ArticleGeneral Discussion: chances of decrypt an encrypted volume in external HDD
binarybod wrote: I hate to be pedantic but these are hash algorithms not encryption.What can I add? <img src="images/smiles/icon_question.gif" alt="Question" title="Question" /> Code::...
View ArticleGeneral Discussion: File System Forensic Analysis by Brian Carrier still nr1?
Ok thanks, i did place an order for it today, it seems to be the general opinion that it is a must read. I also noticed that it is included in the SANS FOR508 class package. I'm guessing that although...
View ArticleMobile Phone Forensics: Samsung SCH-i535
I have a Samsung SCH-i535 (CDMA) that I'm trying to process with Cellebrite. I've completed a logical extraction, but am unable to process a physical. I am unable to get the phone to PDA mode using the...
View ArticleForensic Software: Low level disk analysis tool for live machine
You can do it with OSForensics as well. There is a function to make a USB install, then you can run it from the USB drive on the live machine and do a File Name Search across the whole drive. From...
View ArticleGeneral Discussion: Collecting Data from Microsoft Sharepoint
NUIX have a sharepoint collection tool (NUIX sharepoint collector) I've not used it or seen it but generally NUIX produce quality software...at a price
View ArticleForensic Software: F-response and Sophos Safeguard enterprise 4-6
Hi, I've got experience with f-response with Safeguard Easy. Maybe you can describe your problem. I assume it is related to full disc encryption and "remote connection" software like f-response. Feel...
View ArticleGeneral Discussion: How to use a RAM image to decrypt "encrypted containers"
I do not quite understand what you mean by a "memory dump of an encrypted hard drive". Was it a small RAM disk located completely in the computer's volatile memory, and you have a dump of that? Or what...
View ArticleForensic Software: A $LogFile parser utility for NTFS
Project moved to; https://github.com/jschicht with updated version available.
View ArticleMobile Phone Forensics: Need Help with Scenario based questions/Law...
Adam, I would add something to your legal section about possible fifth amendment implications of asking someone for their pass code and what that might do to the evidence obtained from the search....
View ArticleGeneral Discussion: File System Forensic Analysis by Brian Carrier still nr1?
Am studying a Msc in forensics and it is definitely being portrayed as a must have/read for the course.
View ArticleMobile Phone Forensics: Need Help with Scenario based questions/Law...
Wow. Thank you for the responses.. Now if I can get a volunteer to type all of them up lol.. You guys are awesome. Keep it coming... Adam
View ArticleForensic Hardware: Target Disk Mode on Lenovo/HP?
There are as I see it two potential issues. The first one is that seemingly an issue exists that prompted to make the Thunderbolt device only detectable at boot time (i.e. no "hot-plug"):...
View ArticleGeneral Discussion: A software to show in a tree the FTK Imager filelists?
NOT really useful/connected with the topic , but I happened to find casually this thingy here: http://www.primitivezone.com/primitive-disk-indexer.html that seems like nice (creating "disk contents...
View Article