Recent content by 4n6art

  1. 4

    Hello all

    Since you are LE, may I suggest that you go to the IACIS training that is in Orlando every year? I believe they have their annual one coming up soon ( If you are new to forensics, this will give you a good core understanding of forensic methodology etc. - it is not vendor...
  2. 4


    sounds like a homework assignment :) If you want to be more specific in your question, I'm sure you could get some better answers.
  3. 4

    Any MD5 list for HDD wiping softwares?

    That would be useful only if the suspect did not uninstall the software from the HD after use. Better criteria would be to search registry and other locations for hints of a wipe software being installed and/or used. To answer your question though, I have not seen one.... but then again I have...
  4. 4

    notepad hidden message

    Hi: Welcome. What makes you think its encrypted? What makes you think there are two messages in it? Are you seeing them in hex or plain text? Can you give us some more information? Thanx -Art-
  5. 4


    I'm not understanding what you are looking for. - Where are you located? - Why the two month wait? - Are you concerned that the virus recorded your keystrokes 2 months ago or is continuing the record it right now still - Do you still have the virus on your computer? Why hasn't it been removed...
  6. 4

    Starting out Advice?

    IMHO - training is expensive and getting a job in CF is hard too. Stick with the company you are working with and see if they can train and move you into the forensic component of their business - assuming they have one. Good luck! Art
  7. 4

    Finding real domain name owner

    That depends on on many factors IMHO. 1. Did the registrant pay via a "gift" visa card - like the one you get from Walmart? 2. Did they pay via paypal or some other pay service? 3. Did they register in a different country? ...and many more like that.... Assuming you are law enforcement, you...
  8. 4

    someone is meddling with my hard drive

    Evil Maid requires physical access to your computer to put the code in to run at boot so it can capture your encrypted drive password. If you restrict physical access to your computer and do what Cybercop said, you should be fine. You are only as strong as your weakest link - there may be...
  9. 4

    Invesitgating if Source Code File dates have been modified

    To check and see if system dates were changed, you are going to need his computer. I believe that still depends on whether that event code is captured and is still available to you. If you get his system imaged, you could see if you can find any link files to the script - but that would not...
  10. 4

    MAC Address Resolution

    I guess the machine_name information would depend on what your firewall is tracking. (not much of a IDS, IPS person) Can you analyze the other packets from the same MAC and see what else your user is up to? Maybe you can find a pattern or a website/url that could help you narrow down who it...
  11. 4

    GREP Proximity Search w/ wildcard operator

    Not much of an Encase power user, but try this website and see if it helps. It is my understanding that grep expressions are standard.... (but then again i could be mistaken) http: // www .regular-expressions. info/
  12. 4

    GREP Proximity Search w/ wildcard operator

    Does this help? http : // www .
  13. 4

    States that I know of requiring PI licensing

    Mindy: I think your list is old or incomplete. In 2008, Michigan passed a law making it a felony to do CF work without a PI license. -=Art=-
  14. 4

    Computer Forensics Examiner position in GCC?

    Are you planning on leaving the Feds? Why those countries? (just curious :D ) Why can't you get a posting thru the Feds there, there are many positions in media exploitation where the Feds send their examiners overseas. You may want to explore those opportunities - will keep you with the Fed...
  15. 4

    Total Beginner

    Agreed. At the risk of sounding rude (and please believe me I am not....) The CF field is not the IT field of the 1990s when everyone decided to take a few classes and get their MCSE en-masse and become IT folks - nor should it be taken as such. The CF field may seem cool, but it requires a...

About us

  • Our community began in 2004. Since this time, we have grown to have over 29,000+ members within the DFIR & Cyber Security community.

    We are happy to announce that this forum is now under new ownership with the goal to once again become the main Digital Forensics Forum on the internet for DFIR, OSINT and Cyber Security.

    If you can think of ways to help us improve, please let us know.

    We pride ourselves on offering unbiased, critical discussion among people of all different backgrounds.

    We are working every day to make sure our community is one of the best.

Quick Navigation

User Menu