General Discussion: Recovery of a text file with damaged MFT (zero sized file)
In the meantime I have created a $LogFile parser that will among many things, retrieve and reconstruct all file location related information (dataruns, file size, etc) for any file referenced as the...
View ArticleClassifieds: XRY Complete kit for sale
I have a barely used XRY Complete kit for sale for £3000. It comes complete in excellent condition with all cables, memory card reader, codemeter USB key, communications unit, AC/DC adapter,...
View ArticleGeneral Discussion: Recovery of a text file with damaged MFT (zero sized file)
Thanks Joakim. After I had the problem, I immediately created an image with Easeus Todo Backup, but later I found that this is not a true image. The information is not a raw copy of the original disk....
View ArticleGeneral Discussion: VLC Recent Files
More a comment on the way the information is displayed with different tools, I probably worded that badly, sorry
View ArticleGeneral Discussion: Mount an LVM ext4 partition from a spanned EWF image?
Hi all, I have a disk image of an ubuntu box in spanned ewf format that I need to mount for analysis and I'm trying to do it without having to DD out the entire LVM volume as a single raw image (its...
View ArticleGeneral Discussion: USB Analysis for Class Assignment
gurharman wrote: Those files have been deleted off of the drive so I need a tool that would allow me to recover those files. Try either (or both) of Photorec: http://www.cgsecurity.org/wiki/PhotoRec...
View ArticleDigital Forensics Job Vacancies: QCC Vacancy - Digital Investigations, London...
Blackthorn Technologies (formerly QCC Information Security Ltd) have an additional vacancy for an experienced Digital Investigator: Digital Investigations Specialist
View ArticleMobile Phone Forensics: Vault Android APP
I have came across this App before, and has it happened it was also on a Samsung Galaxy S2 device I would recommend taking a filesystem dump of the device in XRY or Oxygen (or even better a Physical...
View ArticleMobile Phone Forensics: Mobile Malware
CopyRight wrote: Anyone has software to scan the android for malware after its been mouted as a drive on the computer? Lee Reiber suggests using HouseCall in his "MPE+ Android Malware Detection"...
View ArticleForensic Software: XWF ReportStyler
Thanks for your feedback! Bug reports, feature requests, other suggestions or feedback is allways welcome.
View ArticleGeneral Discussion: Comodo timemachine forensics
Just found this which could be useful http://forensir.blogspot.co.uk/2013/03/how-to-make-forensic-examine-drive-with.html Will investigate more on Tuesday!
View ArticleGeneral Discussion: Recovery of a text file with damaged MFT (zero sized file)
damaged_mft wrote: After I had the problem, I immediately created an image with Easeus Todo Backup, but later I found that this is not a true image. With all due respect, not so surprisingly<img...
View ArticleGeneral Discussion: Analysis Question
For anything with malware or a "virus did it" defence I'm going to run my standard registry reports which inter alia list all the run keys. Anything with AppData in the path would instantly stand out...
View ArticleMobile Phone Forensics: Mobile forensics after factory reset
Alistair wrote: That is also one area I am researching, what if the thief just puts the device in "airplane mode" ? Or recovery mode? All communication with the outside world will be cut off and good...
View ArticleMobile Phone Forensics: Mobile Malware
we are going a bit off topic actually so i guess it would be a better idea sto start a new thread about this, yet i was curious about how dumping is accomplished from a vendor independent point of...
View ArticleForensic Software: JAD IEF vs Belkasoft, opinions?
CopyRight wrote: However i was wondering if it supports importing an image taken by tools like (UFED,XRY,OXYGEN etc...) and then conducting analysis on them.From their website: Industry standard Mounts...
View ArticleMobile Phone Forensics: Mobile forensics after factory reset
Alister some ideas. On the basis that remote wiping is one security policy/procedure and you have other policies/procedures listed, maybe link other policies/procedures which, if compromised, trigger...
View ArticleGeneral Discussion: Recovery of a text file with damaged MFT (zero sized file)
damaged_mft wrote: note: The EASEUS file is 5% smaller than the .bin image created by DMDE. So either the EASEUS file is compressed, or the non-allocated space has been left out. If it is compressed,...
View ArticleGeneral Discussion: Trying to gather evidence from chat fragments in pagefile
Yes, nearly impossible. The paging file is made up of memory pages copies from active applications and the operating system. The pages from different applications are mixed up, so pages might not be...
View Article