Recent content by Complete

  1. C

    Safeguard Easy - Removal of encryption

    I believe EnCase supports Utimaco. Take a forensic image of the encrypted drive, import it into EnCase, it will ask for a password, enter the credentials and you're good to go. Otherwise, I agree with Art's method.
  2. C

    Truecrypt??

    Is there any visible data on those partitions? Look in Prefetch to see if TrueCrypt has been run. Look at the LNK files to see if there are any references to files contained in those partitions that may be encrypted. There is a program here that claims to identify TrueCrypt containers. www...
  3. C

    Another Equipment Question

    Having been in your position once, I would recommend: Desktop with lots of RAM and CPU power Large dual monitors Extra storage devices Server 2003 or 2008 Ultimate Write Block Kit EnCase w/training Here's my justifications... Most commercial forensic tools run on Windows. Server 2003/08 will...
  4. C

    Help! How do you nullify the effects of Go.DriveClean

    ISPs will retain logs of assigned IP addresses, but I have always been assured (by the larger ones anyway) that they do not retain a listing of sites visited. This would be a huge privacy nightmare, a storage nightmare due to the large volume of data, and it is simply not needed for the normal...
  5. C

    HELP needed regarding Report writing

    Hi! Welcome to the forum! Good luck with your homework. I don't think anyone else will do it for you. Especially if you're in that much of a hurry. But, for a starting point, Google for email headers. Write your report beginning with the case facts and what steps you took to get to a conclusion.
  6. C

    2009 CFCE Conference

    During the course? Try to remember half of what they throw at you! :) For the practicals, you're going to use DiskEdit and SPADA. Pay extra attention to those modules. Everything else will help, but you're going to cover a ton in the practicals that aren't necessarily addressed in the class...
  7. C

    2009 CFCE Conference

    The practical/testing portion doesn't take place during the class. It is a looong process that starts after the class is over. My advice is start early and don't procrastinate. The coaches that help with testing are generally very knowledgeable and quiet patient as they help guide you through...
  8. C

    Live memory forensics cases

    Not sure if this will help... http ://www .zdnet.com.au/news/software/soa/US-ruling-makes-server-RAM-a-document-/0,130061733,339278641,00.htm
  9. C

    Affidavit and Search Warrant

    Thanks, KP. I agree, I never had a judge do anything but sign the warrant.
  10. C

    Affidavit and Search Warrant

    This is pretty open ended. Ask anything you think is necessary. Judges don't fill out search warrants - officers do. You need to learn as much information as possible. For a search warrant, you need to show that there is probable cause a crime was committed and there is evidence you can collect...
  11. C

    Operating System and Network Adapter Info

    An alternative method would be to export all the registry files and use RegRipper to process them. You'll get all that information and more.
  12. C

    For the Forensic Pro

    I respectfully disagree with Uzdcar. I was a sworn law enforcement officer and while assigned to criminal investigations worked every type of case imaginable. I also specialized in computer forensics and worked with numerous other agencies on cyber crime cases. IACIS is a law enforcement based...
  13. C

    File headers

    Yes, check out Winhex as it does have a decent carving function. There is a list of file headers within the program. Also try PhotoRec - a very nice tool as well.
  14. C

    Online identity theft

    PMs are disabled on this board. Plus, I'm not even sure what information you're looking for.

About us

  • Our community began in 2004. Since this time, we have grown to have over 29,000+ members within the DFIR & Cyber Security community.

    We are happy to announce that this forum is now under new ownership with the goal to once again become the main Digital Forensics Forum on the internet for DFIR, OSINT and Cyber Security.

    If you can think of ways to help us improve, please let us know.

    We pride ourselves on offering unbiased, critical discussion among people of all different backgrounds.

    We are working every day to make sure our community is one of the best.

Quick Navigation

User Menu