Mobile Phone Forensics: Text+ Images
I have about a dozen images of interest with filenames that start with "tplocaldata.1348294663.867726.<username>_0 in the Text+ folder at /mobile/Applications/ of an iPod Touch. I need to...
View ArticleForensic Hardware: Motherboard Recommendations
I have been using the RIVE since it was released with out too much trouble. It works with my LSI 9265 RAID setup very well. But the board has had DIMM slot troubles. Its a clean setup and per memtest,...
View ArticleGeneral Discussion: Robocopy Results
Hi, I am receiving confusing results while using robocopy to move data. Normally we use evidence mover to transport data between drives or if we need to provide customers with results etc... For some...
View ArticleForensic Software: Rename carved zip files
www.cnwrecovery.com This will determine the type of carved file and rename, eg .DOC. DOCX It will also try and add a valid date, and possible name based on file metadata It will also try and optionally...
View ArticleGeneral Discussion: Fat32 data recovery
When a file has been deleted, the space is free for any use. The operating system can do what it wants, and typically, it will use the first free sector. Clever systems might look for free areas to...
View ArticleEmployment and Career Issues: Starting a Forensics Consulting Career
I misunderstood. I thought you would learn forensics, while working as a forensics consultant. I would consider that unethical.
View ArticleForensic Software: unix numeric value & dcode
http://en.wikipedia.org/wiki/Unix_time Why? One answer is space. To store a string of YYYY/MM/DD HH:MM:SS we would need at least 14 bytes (excluding separators). With Unix epoch time, we only need 4...
View ArticleGeneral Discussion: virtual servers
Bulldawg wrote: I suggest you bring in someone who is familiar with forensics. That will help protect you and your company from future liability. That said, here's how. Shut down the VM. It is possible...
View ArticleGeneral Discussion: Video Forensics
I would suggest a plug-in used with Adobe PS; Go to http://www.oceansystems.com/forensic/forensic-Photoshop-Plugins/index.php -GWOOD
View ArticleGeneral Discussion: Working with mounted EDB archives
Hi Adam, I've used the cmdlet to export to a PST. You can see some examples here: http://technet.microsoft.com/en-us/library/cc535123.aspx One of the examples is: Code:: Export-Mailbox -Identity...
View ArticleGeneral Discussion: Extracting email addresses
X-Ways forensics will do it very easily add evidence, Refine volume snapshot, then do a simultaneous search using a regular expression for email addresses. done.
View ArticleMobile Phone Forensics: Analyze Samsung E2202
Two good places to ask about this is http://forum.xda-developers.com/index.php and http://forum.xda-developers.com/index.php Both forums specialize in cell phone repair, and breakdown.
View ArticleEmployment and Career Issues: Starting a Forensics Consulting Career
I know several of the more prominent non-vendor specific certifications also come with listserv memberships. There are often requests for assistance for out of region collections. This maybe of use. If...
View ArticleGeneral Discussion: Robocopy Results
It appears Robocopy was right. The folder structure was just so deep, other tools weren't calculating the values correctly. Thanks for the response guys.
View ArticleGeneral Discussion: Fat32 data recovery
Thank you so much for your replies, I can see how its working now. I formatted the pen drive on a windows xp machine because when I did it on my windows 8 laptop, the values in the boot sector where...
View ArticleEducation and Training: Dissertation Ideas
I am sure it will show up on El$vr, and we will have the privilege, after a nominal fee, to peer review the paper.
View ArticleGeneral Discussion: Fat32 data recovery
Well, no. Meaning that if you partition/format under different OS the values in the BPB may be different, but they are usually "predictable" (for the given OS) Quote:: the first entry is 0x0ffffff8)...
View ArticleForensic Software: unix numeric value & dcode
si2013 wrote: Now, my question is, what exactly is 'unix numeric value' and why is firefox recording downloads in that format? The reason why Firefox has adopted a Unix time representation is probably...
View ArticleGeneral Discussion: How to know exact hour & minute you visited a website?
hello I have tried a few websites before making this question here but no resukts. On Windows 7, I am trying to see the exact time(hour and minute)I last visited a website. First, I tried going to the...
View Article