General Discussion: Artifacts of wiping
HexDrugsRockNRoll wrote: Looks like it's Bitlocker that fills the space with '0x57'.Nice find <img src="images/smiles/icon_smile.gif" alt="Smile" title="Smile" /> . Confirmed from the mouth of...
View ArticleGeneral Discussion: harddisk serial number
The following code fragment might give you an idea - largely based on Microsoft example stat = DeviceIoControl(hDrive.dHandle, IOCTL_STORAGE_QUERY_PROPERTY, &propq, sizeof(propq), outputbuff,...
View ArticleGeneral Discussion: Deleted data and guilt?
So, you plan to bring a passenger airplane down on March 8 and on February 3 you delete a bunch of files from your PC. <img src="images/smiles/icon_eek.gif" alt="Shocked" title="Shocked" />...
View ArticleGeneral Discussion: Password Recovery Software
fraudit wrote: I've used both Passware and Elcomsoft password recovery suites and I've found Passware product quicker and more effective. An important thing is that I used both of them almost...
View ArticleEducation and Training: Programming courses geared towards forensics
I'm aware that Control-F run a Python scripting course in the UK, however have not attended: http://www.controlf.net/training/ps1/
View ArticleMobile Phone Forensics: Mobile phone forensic software/tools equipement
Igor, How do you like MobileEdit if you use it? I am going to try the demo and see how that works out. Thanks, Chris Currier
View ArticleMobile Phone Forensics: Nokia Lumia920 forensic problem
Apparently there is support for Windows 8 with the Secure View Physical component. Not sure if that will apply to Nokia though or not. I will have to try it out at some point as well. Regards, Chris...
View ArticleGeneral Discussion: Msc. Cyber Security Versus Msc. Forensics
I understand MobilePhoneForensic and do not get offend. As I told you before I did not want to bias any people decision considering what uni to go. Personally my choice was between Cranfield and DMU....
View ArticleMobile Phone Forensics: Can a SDCard be linked to a phone?
We have a number of likely candidates as regards handsets. Two were reset to factory defaults. Two others are resisting all attempts at a physical download... I haven't tried a logical yet.
View ArticleGeneral Discussion: Msc. Cyber Security Versus Msc. Forensics
Very brief input from my side, having just come across this thread. The option to add a poll *is* buggy - it's a long standing issue which I just haven't found the time to address yet. From memory, it...
View ArticleEducation and Training: Programming courses geared towards forensics
Sorry I cannot help you with courses - I started over 30 years ago with Kernigham and Ritchie! Cranfield have a very good reputation.
View ArticleGeneral Discussion: EO1 logical?
I took an image of an OS Partition using FTK Imager as an EO1 file. Never really took a logical image before because I always take full physical images (best practice) but I wasn't calling the shots...
View ArticleEducation and Training: What Certs to get?
I found this entry through a search and InfoSecCow's answer was helpful to me as well, but I could use a little additional advice. I'm a 26 year veteran law enforcement investigator (detective for 13...
View ArticleGeneral Discussion: A software to show in a tree the FTK Imager filelists?
I uploaded a first test build here. If somebody happens to have Visual Studio 2008 still installed (it can't be downloaded any longer) I'd need the files of an empty MFC MDI (Multiple documents)...
View ArticleEducation and Training: What Certs to get?
Shoot me an email Scott. Cmore@77@verizon.net
View ArticleGeneral Discussion: A software to show in a tree the FTK Imager filelists?
francesco wrote: I uploaded a first test build here. If somebody happens to have Visual Studio 2008 still installed (it can't be downloaded any longer) I'd need the files of an empty MFC MDI (Multiple...
View ArticleMobile Phone Forensics: Mobile phone forensic software/tools equipement
nlpd120 wrote: Igor, How do you like MobileEdit if you use it? I am going to try the demo and see how that works out. Thanks, Chris Currier I sent a letter to you.
View ArticleGeneral Discussion: Deleted data and guilt?
The Flight 370 investigation is one of the best examples in recent history of where finding clues is most important, not establishing guilt. It highlights one of my personal crusades about making...
View ArticleGeneral Discussion: EO1 logical?
I asked because you are referring to E01 (e zero 1) as EO1 (e oh 1), and your concept of logical imaging. E01 images are sector images. E01 is not aware or cares of file system structure. A logical...
View ArticleEmployment and Career Issues: Opportunities in Australia
Hi mate, where are you located? email me at gmail --> ecophobia.
View Article