Looks like there is a local forensic group in the making here in Chicago! I do like the idea of having to meet up with other forensicators after work hours at a bar! An Informal group, No fees or affiliations and anyone interested in forensics can stop by! Site www.chi4n6.org Listserv http://groups.yahoo.com/group/Chi4n6 Edit Meeting coming [...]
Did you come across a computer that has a broken CD drive? Or your forensic boot disk is scratched up? Well here’s Raptor forensics to the rescue! 1. You will need to download Raptor ISO first. Here is the link: http://www.forwarddiscovery.com/Raptor/Register 2. Burn the ISO to a CD on your forensic workstation and boot it [...]
When it comes to NAS devices, there are many different types, some of which have external connections to attach directly to a host via eSATA, USB, or other interface. When a NAS device has the option to directly attach to a host in this manner, it is actually functioning as a DAS (Direct Attached Storage) [...]
So I went to the Chicago’s sneak preview of Encase’s V7. A few ups and downs. One of the neat new features of EnCase 7 is that it can acquire RAM!!! -it uses bzip2 compression (enable or disable compression! No more none, good, great etc) -It can image smartphones! -has an option to recover bad [...]
Mandiant has a free cool tool that helps you read the restore point log files. Download link: http://www.mandiant.com/products/research/mandiant_restore_point_analyzer/download 1 Using FTK or EnCase, export the restore points data located in the System Volume Information. 2 Open MANDIANT Restore Point Analyzer and go to FILE > Open Folder. Browse to the restore point folder you just [...]
Another certification added to my title. I am officially Computer Forensic Certified from BrainBench!! For only $49 bucks you can take a 40 multiple question exam. Click to read more!
Of all the things I could find on ebay, I found a EnCase (v6) dongle up for crabs. I took my chance and bid on it. $806.00 total! Not a bad deal since the normal price for a EnCase (v6) dongle is $5k!!!
A Good place to examine is RecentDocs which is also known as “Recently used documents”. There are 2 places you can check out for clues. 1> Navigate to the following; C:\Users\\AppData\Roaming\Microsoft\Windows\Recent 2> And finally examining the NTUSER registry. NTUSER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs 3> I used a cool tool called RegRipper. RegRipper is a Windows Registry data extraction and [...]
CaseNotes is a program that allows forensic analysts and examiners of any discipline to securely record their contemporaneous notes electronically. No more Paper!!! And you can encrypt your notes!! Download Link: http://www.qccis.com/forensic-tools Quick Start Guide Link: http://www.gastric.com/casenotes/CaseNotesQuickStartGuide.pdf
Did you come across a Mac computer and you realized you don’t have the proper tools? Did you try using a forensic boot disk and you weren’t able to successfully image the machine? Well, let’s use good old Encase/FTK then!!! 1 Lets start off by turning the Mac laptop and holding down the letter “T” [...]
