General Discussion: NTFS sparse file data runs ($UsnJrnl)
mrthaggar wrote: Essentially what I'm trying to do is to to be able to determine the exact start and end offset of the file on the disk, e.g it runs from cluster x to cluster 512822, however I'm not...
View ArticleGeneral Discussion: Network traffic analysis with xplico - eForensics Mag
Hello all, if you are interested in digital forenscis, eForensics Magazine's just published a FREE issue! After registration you can read about network traffic analysis with xplico! You can find also...
View ArticleGeneral Discussion: Qnap array
How is the RAID setup? With 5 drives it could be RAID 5, 6, or 10. RAID 5, RAID 6, RAID 5+hot spare - 4-drive models or above RAID 6+hot spare - 5-drive models or above RAID 10 - 4-drive models or...
View ArticleForensic Software: any java-enabled tool (API) 4 scaning a device and searching
waleed wrote: The digital forensics framework (DFF) and Sleuthkit are seem to support what I need. But I need your ideas about this issue. You might also want to take a look at Autopsy 3, and in...
View ArticleGeneral Discussion: Examining VDI files
two linux vms both have passwords file carves found pictures of interest but i need to find a way to get into the OS or examine the OS file system konboot works for win/osx, i saw something that said...
View ArticleGeneral Discussion: Internet Content Reviewer UK
GCHQ do a very similar task, pay isn't great and I bet you'd be in for some real terrible viewing...
View ArticleGeneral Discussion: Qnap array
jaclaz wrote: bombone wrote: oh thanks. Now Ftk imager on all disk. E01 or dd? bye thanksdd (and not E01) but why exactly FTK imager? <img src="images/smiles/icon_question.gif" alt="Question"...
View ArticleForensic Software: Calling & Call one enscrip from another.Should be easy?!?
Todd, If you are writing EnScripts then there is only one place for proper help - https://support.guidancesoftware.com/forum/forumdisplay.php?f=11 (You will need to register) Oh BTW, get ready for a...
View ArticleForensic Software: Visualizing E-Mail Data (MBOX)?
mt, I take it as implicitly read that you want a similar functionality but a lot cheaper? In my workplace I don't do visualisation, it helps occasionally to get the big picture BUT, down that road lies...
View ArticleGeneral Discussion: Examining VDI files
Ill have to answer those questions when I'm back to work in a couple weeks. Thanks jaclaz
View ArticleDigital Forensics Job Vacancies: Technical Services Support Specialist III,...
The Howard County Police Department in Howard County, MD is seeking applicants for Technical Services Support Specialist III (Computer Forensic Examiner). SALARY RANGE: $55,057.60 - $88,795.20 Annually...
View ArticleGeneral Discussion: Reading disk areas backwards - does it help?
You dont mention what software you are using. i am familiar with how X-Ways does reverse imaging, so ill speak to that a bit. i believe reading backwards, at least with X-Ways, disables CRC checks and...
View ArticleGeneral Discussion: Reading disk areas backwards - does it help?
PaulSanderson wrote: The issue re coil actuators moving a different way is probably not relevant as a modern drive has embedded servo so the heads 'know' where they are. Yes, but at least in theory it...
View ArticleForensic Software: ICQ 8 (Build 5999)
Hi, I'm looking for a tool to process ICQ 8 databases (mra.dbs & opt.dbs). Not the old messages.mdb or messages.qdb). Any hint is welcome!
View ArticleClassifieds: Logicube Forensic Dossier for sale
I'm selling the rock-solid Logicube Forensic Dossier http://www.logicube.com/shop/forensic-dossier/ Perfect working order, updated to latest firmware, with all original cables, power supply, case and...
View ArticleGeneral Discussion: Interview with Dr Richard Overill, Senior Lecturer, KCL
An interview with Dr Richard Overill, Senior Lecturer in Computer Science, KCL and author of the paper "The ‘Inverse CSI Effect’: Further Evidence from E-Crime Data" is now online here.
View ArticleForensic Software: pivotPI, social media skip tracing software
Have you as a Private Investigator ever had the headache of sifting through the mass amount of social media information on a Person of Interest? Better yet have you ever missed information that had...
View ArticleClassifieds: AccessData FTK and MPE+ for Sale - Extra Copy not needed.
All, I currently have extra copies of the following software for sale. I have the original dongles and software disks. FTK 4 (Full Software with modules, Dongle) - Asking $2500.00 MPE+ (Mobile Phone...
View ArticleGeneral Discussion: Qnap array
Bombone, Has the RAID actually finished rebuilding after the two HDD replacements?
View Article