Forensic Software: Enscript v6 to v7 errors
I recently am trying to do a simple enscript to do pre-processing for encase to get the OS installation date. Have been googling for awhile but the codes i could find are all for v6 or below and after...
View ArticleGeneral Discussion: WORD 2010
1. I think this is a helpful subject for forensic analyses. Because you can analyse document metadata but before it; making some experiments and seeing results can help us about our comments related...
View ArticleGeneral Discussion: EfficientDiary
randomaccess wrote: its quite the annoying so the next thing is, in the absence of a command line utility, does anyone have any suggestions of "scripting" a brute force on a gui program? Alternative to...
View ArticleGeneral Discussion: Win XP Event Log(s) Gap
From looking at the mini dump files, the BSODs were related to the HP 3D Driveguard software. Specifically, C:\Windows\System32\drivers\accelerometer.sys. I removed and reinstalled that software.
View ArticleGeneral Discussion: Facebook Forensics
Hi, Is there anyway of tracking an IP Address in Facebook Chat realtime or otherwise? I have a case in that I wish to track down the IP Address of a FB User so I can locate. Is there a way? Method? to...
View ArticleMobile Phone Forensics: UFED Touch/Physical with BB Bold 9900
I wonder if anyone who has UFED Touch/Physical would be kind enough to tell me whether or not the BB Bold 9900 is a supported model for physical acquisition and decoding? What if the device was...
View ArticleForensic Software: Decrypting EFS Help!
Are these scripts that come with the Encase software? If yes, I'm not seeing it.
View ArticleForensic Software: EFS in Encase 7
I've run analyze EFS and checked secure storage tab, but there are no passwords for the users. Then I ran the dictionary attack with no success. Any other ideas?
View ArticleForensic Software: Looking for a Windows utility to forensically copy files
The dsfok toolkit's dsfo should do nicely: http://members.ozemail.com.au/~nulifetv/freezip/ jaclaz
View ArticleGeneral Discussion: Detection of Forged Documents
I was wondering if anyone has knowledge about powerful software/hardware that can make the detection of forged documents easier. I've got one product...
View ArticleGeneral Discussion: WORD 2010
ddewildt wrote: So if you print, then close without saving, it won't be updated. You need to print, then save the document. I'll second this statement. The print data only gets updated after the...
View ArticleGeneral Discussion: Document Metadata Extraction
I use ListIt from www.forensictools.com.au Not free, but very reasonable and seems to do the job I ask of it. Does some funnies with PDF metadata i.e. puts Author into it's own Last Saved By field, but...
View ArticleForensic Software: IEF (internet Evidence finder) facebook images
I have a case where IEF was used to examine a computer but unfortunately at this time I do not own IEF. What criteria does IEF use to carve out Facebook pictures? When reading the IEF report it appears...
View ArticleEducation and Training: ssd performance enabled trim vs disable trim
A lot of forensics is using tools - but before you use a tool you have know what they are doing. Also, if you were in court, you would have to justify your answers. Just saying what is says on the box...
View ArticleEducation and Training: ssd performance enabled trim vs disable trim
Quote:: Design your own tests, and then revise the tests depending on the results. Quote:: I have started some experiments but in the tool I used creates its own test file which is equal to the size of...
View ArticleMobile Phone Forensics: UFED Touch/Physical with BB Bold 9900
Colin, you cannot bypass any bb passwords at the mo, only option is chip off.
View ArticleForensic Software: IEF (internet Evidence finder) facebook images
Hello, Which dept do you work for? lasvegascop wrote: I have a case where IEF was used to examine a computer but unfortunately at this time I do not own IEF. What criteria does IEF use to carve out...
View ArticleForensic Software: EnCase Hash conversion
In case anyone else finds this thread - exporting hash sets from EnCase: (Tested in EnCase 6) Click on View -> Hash Sets Check the sets to export View -> Hash Sets Subtabs -> Hash Items Check...
View ArticleGeneral Discussion: WORD 2010
Adam10541 wrote: There must be specific circumstances where this works, as I said in my previous post print then save makes no difference to the meta data when I did it (Win 7 x64, Word 2007). All my...
View ArticleServices Required: Collection at Hamburg
Hi, I am looking for a company that can perform collection work and hardcopy scanning at Hamburg. Is there any local candidate for forensic or eDiscovery company in Hamburg?
View Article