Forensic Software: Detecting Truecrypt Volume in EnCase
Thank you all for your replies. I'm unable to download those enscripts because i am using Encase with a university lisence, so i don;t have access to the guidance software forum. It's a Windows XP OS....
View ArticleGeneral Discussion: Can every file be recovered by forensic tools?
Belkasoft wrote: Ah, but that depends on who pays for it, and why. Using any commercial tool is certainly easier than Photorec. It's also usually much faster to use a single tool than two separate...
View ArticleEducation and Training: Looking to study tools that PwC and similar big firms...
I would think that the original post was actually well written...if you don't know PwC is, then it's likely that you don't have anything of value to add to the discussion...it would all be speculation....
View ArticleGeneral Discussion: USB Removal Date/Time
keydet89 wrote: minime2k9 wrote: Have you had a look in the Shellbags? If its a Windows 7 machine , the usrclass.dat file can contain information about folders which have been accessed, which could be...
View ArticleGeneral Discussion: ExFAT vs FAT32 (deeper mechanics)
Canot say if specifically it can help you, but maybe something in the source here: https://code.google.com/p/exfat/ is of use. Since it recently went "Version 1.0" it should have overcome the issues...
View ArticleMobile Phone Forensics: BMW Key Fob Mobile Phone
Hi 4Rensics, The chipset you mentioned (MT6252) is pretty common for Chinese phones. The manufacturers in China who make these Mediatek, Spreadtrum and Infineon phones are called IDHs (Independent...
View ArticleMobile Phone Forensics: Cellebrite vs XRY
yunus wrote: 2. XRY does Not have enough support for chinese phones. Cellebrite has good support for chinese phones. Seperate module for those phones: Chinex Just to clarify on point #2, Chinex is an...
View ArticleForensic Hardware: competing product of Shadow3
Hi Pied, Shoot me an email I have an idea for you. Thanks, Ryan Judy EDEC Digital Forensics ryan@edecdigitalforensics.com
View ArticleForensic Software: Recovering Hidden FAT16 partition
Hi guys, I have found evidence for a hidden FAT16 Partition in EnCase which I am trying to mount. I have never had to do this before so some assistance would be great. Thanks in advance, Dan
View ArticleForensic Software: Making a file signature analyser tool
tomb1992 wrote: You can then place these two OSFsig documents into the compare signature section and it will show you that the document has been modified. Ask yourself, what do your really want to do:...
View ArticleEducation and Training: Looking to study tools that PwC and similar big firms...
A) What 5 tools would you say are essential for an investigator at PwC? Law book, paper, pen, calculator and excel B) Are Linux and Mac forensics a big focus in there firm? No clue, you have to ask...
View ArticleForensic Hardware: different bridge for each host drive interface, or adapters?
Hello all. I am building a forensic hard drive acquisition kit. I'd like to spend money as wisely as possible, and so I have a question. Which of the two scenarios below would be recommended, and, if...
View ArticleGeneral Discussion: Email Forensics (Read / Unread)
Years ago I did some research with email and found that you could set the preview time to never update so that in a sense you could read the email in the preview tab without triggering the read/unread...
View ArticleGeneral Discussion: Can every file be recovered by forensic tools?
Belkasoft wrote: Using any commercial tool is certainly easier than Photorec. It's also usually much faster to use a single tool than two separate ones; not just because you save time on not doing a...
View ArticleGeneral Discussion: Gutmann´s method valid for 1990,s hard drives?
MDCR wrote: Gutmans proposed wipe claimed that it took 7x5=35 passes to wipe a drive clean (which i never read any explanation or research for). See his paper 'Secure Deletion of Data from Magnetic and...
View ArticleForensic Software: Autopsy opening screen not showing
Visual C++ Redistributable, maybe? From the Sleuthkit readme: Quote:: There have been reports of the exe files not running on some systems and they give the error "The system cannot execute the...
View ArticleGeneral Discussion: Deepspar Vs Atola Insight
I am currently confused on what to buy as an imaging device in my data recovery lab, the well known deepspar or the powerful Atola Insight? Pros and Cons...?? Thanks.
View ArticleMobile Phone Forensics: Android Forensics:A Case Study of the Nexus S Virtual...
Thanks for passing on your experience.
View Article