Recent content by binarybod

  1. B

    Need Help Basic Forensic Questions

    The answer to most of these questions is completely file system specific and even then probably depends on the manner and in which the file was deleted and the application used to do so. I would give different answers to these questions depending if the file system was HFS(+), Ext(2, 3 or 4)...
  2. B

    Incompatible dates and times

    OK, I thought in your OP that you were probably referring to files in the IE cache and looking at the main history and trying to tie the two in. I now take it that you are looking at main history index.dat records that refer to URL's like 'file:\\{somefile}'. In my experience these are much...
  3. B

    Incompatible dates and times

    There isn't really enough information here. How far out are the time stamps? Do you have an example? Which Index.dat file are you examining? There are 5 types (Main, Weekly, Daily, Cache and Cookie). Each record in the index.dat files mentioned has at least four embedded time stamps and they...
  4. B

    Cloning question

    You can also set up an HPA if you have older drives. HPA was introduced with the ATA-4 standard whilst DCO was introduced with the ATA-6 standard. Paul
  5. B

    How to take image of Win XP/7 using open source tools

    If you want '.E01' files then ewfacquire which is part of the libewf suite (look on sourceforge for libewf). Will work in both *nix and Windows. It's not open source but it is free: AccessData FTK Imager (not to be confused with FTK) which you can get from the AccessData downloads page. HTH Paul
  6. B

    Forensic tools

    If you are looking for forensic tools, the list to be found here is hard to beat: http : // www /page11 /page11.html (hint remove the spaces as CFW don't like direct links [which is pretty annoying, mod to note]) Moderator Note: The purpose of not allowing direct links is to...
  7. B

    Forensic examination of a Linux machine

    Listing the similarities is probably a shorter list. Your questions is far too open ended - would you like to pin down what you want to know a bit more? Paul
  8. B


    Apart from the academic journals there's: http :// www .digitalforensicsmagazine .com/ Paul
  9. B

    need help with computer forensics

    Truecrypt: http : // www .truecrypt . org/ downloads (remove the spaces) Paul
  10. B

    Software for detecting pornography

    The problem with scanning software is striking the right balance between false positives/false negatives. We use C4All: http : // www .c4all .ca/ It's free and you can set up a database to reflect whatever categories you like. It is surprising how quickly you can build up a core database of...
  11. B

    Computer Forensics vs. Security

    shawnboy, I see no-one has answered your question so I'll have a go... I can't speak for the security industry but in the UK, computer forensics is really, really difficult to break in to at the moment. There are opportunities but they are few and far between and it seems there is a legion of...
  12. B

    ! Computer Forensics, A day in the life?

    In an adversarial legal system, giving evidence in chief is easy but being cross examined never is, particularly when you are a key witness and the opposing side can make you look stupid/unprofessional thus giving them a chance to get the jury to discount your evidence. Having the in-depth...
  13. B

    webmail forensics

    Have a look at Internet Evidence Finder: http : // www . jadsoftware .com / go / ?page_id=141 I don't know how it performs on Linux images but many of the artefacts are the same whatever the OS Paul
  14. B

    A little advice please

    Firstly I should declare an interest as I am a tutor on M889 so you can factor in any perceived bias :wink: M889 is really only an introduction to computer forensics and it won't qualify you to work in this field. If you are a system administrator then it is ideal as an introduction to the...
  15. B

    grep expressions

    I have this printed out on my desk for just such occasions. http : // www .addedbytes .com /cheat-sheets/regular-expressions-cheat-sheet/

About us

  • Our community began in 2004. Since this time, we have grown to have over 29,000+ members within the DFIR & Cyber Security community.

    We are happy to announce that this forum is now under new ownership with the goal to once again become the main Digital Forensics Forum on the internet for DFIR, OSINT and Cyber Security.

    If you can think of ways to help us improve, please let us know.

    We pride ourselves on offering unbiased, critical discussion among people of all different backgrounds.

    We are working every day to make sure our community is one of the best.

Quick Navigation

User Menu