General Discussion: Linux ntfs-3g implementation and deleting files
Looking through the source, the section in question (as far as I can tell) starts in dir.c, line 1885: Code:: /* * Search for FILE_NAME attribute with such name. If it's in POSIX or * WIN32_AND_DOS...
View ArticleForensic Software: Windows 7 - Last Accessed Date
TheSiv wrote: Just wondered if anyone had a quick answer? Yes, but it may take some time, and it may additionally depend on other settings. (I couldn't make it quicker) If you want the longer one it is...
View ArticleGeneral Discussion: Linux ntfs-3g implementation and deleting files
Chris_Ed wrote: Looking through the source, the section in question (as far as I can tell) starts in dir.c, line 1885: Code:: /* * Search for FILE_NAME attribute with such name. If it's in POSIX or *...
View ArticleGeneral Discussion: Finding hidden encrypted files
jhup wrote: Like this? Although, this one is $10.93. That is a fancy wrench. Any chance the file is just hidden and not encrypted at all? In addition to view hidden files, you can set Explorer to show...
View ArticleGeneral Discussion: PST/MSG to PDF
I guess now we just need a Näive Bayesian classification module, and we are all ready to go!
View ArticleMobile Phone Forensics: Cellebrite Ufed Touch Ultimate Hangs during...
Cellebrite has been completely amazing in its support and they are working to fix my issue. My question was from the point that I had never experienced an issue like this with any of my previous...
View ArticleForensic Software: Encase parody
First person to post this on the GSI support forum gets 5 points.
View ArticleMobile Phone Forensics: Blackberry Bold 9650 Password
It depends on the source of the encryption, if it is from the user interface, then in a lot fo cases, yes. If it is pushed through from the BES, then no......so far (-:
View ArticleEducation and Training: Good Classes to Study Mobile Phone Forensics
I'm sure this question must come up a lot nowadays, but I'm pretty new to this site as a whole. My question is: I've already taken Cellebrite's 3-day ultimate course. Now, I've become very interested...
View ArticleForensic Software: Encase parody
Chris_Ed wrote: BenUK wrote: Looks like it's been taken down from the Guidance forum. Where's the fun in that? If only their software was as efficient as their mods.If only!! I wasn't aware about...
View ArticleGeneral Discussion: search_db.h2.db - FrostWire H2 Database
Ali-B wrote: Just wondering if anyone had any luck with the suggestions in this topic in particular finding something to convert the h2 file to another format. If it is a H2 Database, you can download...
View ArticleGeneral Discussion: Files from personal devices
digitalguru wrote: Case was related to DLP.. Employee during exit copied office data on to personal hard disk and deleted the data from personal hard disk. Senior Management want to check if any...
View ArticleGeneral Discussion: Student assignments
keydet89 wrote: Something else to consider: http://www.dfinews.com/articles/2013/05/training-not-enough-case-education-over-training#.UcxpCvnVB8F Curiously, when I raised (indirectly) the issue about...
View ArticleGeneral Discussion: Document Metadata Extraction
You can also try Absolution which is an open source forensics tool with an emphasis on e-Discovery. The output is dumped to XML instead of CSV, but you can just import it into a spreadsheet and write...
View ArticleGeneral Discussion: Remote Forensics
In the past, I've been interested in such concept for remote data recovery and performed some tests locally. The idea was to use a SSH client like Putty on the computer that the investigator uses and...
View ArticleForensic Software: Rebuilding RAID
I don't have extensive experience with RAIDs, but I you could try the following: - First of all pray for it to be RAID 0 or 1. - If you can see a file system, it probably is. - You want to look for...
View ArticleGeneral Discussion: Finding hidden encrypted files
armstrong wrote: Thanks! Also, talked to him a little today and apparently the only program he used to hide the file was command prompt. Not sure if that means anything and not really sure how to use...
View ArticleGeneral Discussion: Finding hidden encrypted files
armstrong wrote: Thanks! Also, talked to him a little today and apparently the only program he used to hide the file was command prompt. Not sure if that means anything and not really sure how to use...
View ArticleForensic Software: Rebuilding RAID
Mount Image Pro also has the ability to find and recover a RAID configuration from disks or images. As Jaclaz also mentioned, RAID Reconstructor from runtime.org also does a very decent job. Good luck!
View Article