Recent content by dthstker

  1. D

    Software for detecting pornography

    I haven't seen skin detection software that is reliable enough to use in my work flow... you still have to look at every file to find false hits and find what was missed. There are just too many variables for it to be affective. DL
  2. D

    forensic image analysis

    I would also look at MATLAB, from MathWorks. They have a dedicated module for Image and Video Processing. DL
  3. D

    Student in need of a professional interview...

    You might read this too. It really is pretty accurate on what the life of a Forensic Computer Examiner/Analyst is like. http : // johnjustinirvine .com/ post/ 339744451 DL
  4. D

    What Hashing Algorithim is being used today?

    You might try reading this. http : // www . forensicmag.com/print/235
  5. D

    X-Ways, FTK, EnCase, WinFE, or Live Distros

    I encourage people to start with FTK demo version. It will only process 5000 file items. They can process most camera media cards, thumb drives and other removable memory. It will give you a good base for understanding for how these tools work. DL
  6. D

    email header

    Oh, look, in the example the first, second and third IP Address are all the same, and fourth and fifth. DL
  7. D

    encase and net history

    It should be pretty obvious. The creation date of the index.dat should be prior to the modified date, and prior to or equal to the oldest internal dates in the index.dat records. When the index.dat is copied to a second computer the creation date will be after the modified date. From the...
  8. D

    email header

    Read the header from the bottom up to find the source IP. 74.50.213.185 - Geo Information IP Address 74.50.213.185 Host nkwt185computer.nexusconsltng.com Location US, United States City Phoenix, AZ 85028 Organization Tech Solutions ISP Tech Solutions AS Number AS3257 Tinet SpA Latitude...
  9. D

    Hash Device drive or external/removable device

    Can you use prodiscover to "load/mount" the .eve image to perform an examination? When it is loaded/mounted in prodiscover will prodiscover let you verify or hash the image? Is the .eve a logical image or a physical image? DL
  10. D

    Hash Device drive or external/removable device

    Are you mounting your image file before you hash it? DL
  11. D

    Hash Device drive or external/removable device

    Unless we misunderstood the question, you should probably get your tuition money back because your professor is wrong too. Here is the test results that I conducted prior to my earlier post, I used ACESLE XP WriteBlocker, and FTK Imager, as was suggested in an earlier post. Write blocker on ...
  12. D

    Hash Device drive or external/removable device

    If a write blocker is in place, and working properly, the values should be the same between the hash of the device and the hash of the image file. Make sure you are hashing and imaging the same drive partition in both the device and the image, physical or logical. You should be using physical...
  13. D

    MD5 Collision Attacks

    Hash Value Collisions http : // www . forensicmag.com/ articles.asp?pid=238 Note: Since I wrote this the collision search for SHA-1 using the distributed computing platform BOINC, which began August 8, 2007, organized by the Graz University of Technology. The effort was abandoned May 12, 2009...
  14. D

    File structure listed in FTK report

    Isn't sguy.INFERNO consistent with a domain username? I would need to see more information regarding the structure of the file system and evidence file data to make any judgement on the Orion v. Inferno question. Also you don't indicate which version of FTK was used to create the report. DL
  15. D

    is citizenship a major issue for a forensic investigator?

    I'd say that it really depends on the agency you are going to work for. Not having citizenship will limit your options. DL

About us

  • Our community began in 2004. Since this time, we have grown to have over 29,000+ members within the DFIR & Cyber Security community.

    We are happy to announce that this forum is now under new ownership with the goal to once again become the main Digital Forensics Forum on the internet for DFIR, OSINT and Cyber Security.

    If you can think of ways to help us improve, please let us know.

    We pride ourselves on offering unbiased, critical discussion among people of all different backgrounds.

    We are working every day to make sure our community is one of the best.

Quick Navigation

User Menu