Search results

  1. K

    Retrieving Deleted E-mail from Outlook

    Hi ew, if you expect to take any disciplinary/legal action with this incident, get a CF Pro in right at the start; someone who is keyed up on employee rights too. If you try and DIY it could leave you wide open to prosecution and severe financial penalty if you peak, or act on info gleaned...
  2. K

    Program to brute force an encrypted file

    Following on ddows comment, i'm wondering if the OP has been deliberately vague, initially, to gain some response, as also seen in other fora. Anyone else think this is tending towards " |-|4><0r " to bypass program protection? Admin ?
  3. K

    Internships/Work placements in the UK

    Hi bennett Do the Careers Dept there have any Directories / contacts you can use? why not google for data recovery and forensic companies and start writing. iirc, the only "no no" to self application was that you didn't pee on the Careers Dept feet, by applying to employers that they already...
  4. K

    WiFi WPA-PSK Rainbow Tables availible...

    20 chars ? I've witnessed network admin's and webmasters using a 3 char pass before now. 8O
  5. K

    Password Crack??

    ok i'll concede that. You are of course correct . ..... maybe i should have added "feasibly" or something. ... Even just eight bits of salt (and Linux uses much more than that) would require nine terabytes of rainbow table..... sorry,. kneejerk reaction to people throwing rainbow at...
  6. K

    Password Crack??

    Just a quickie. Maybe worth specifying the OS too for "Windows" user passwords maybe Rainbow tables cannot crack salted (*nix style) passwords. JTR can. but Yes, FTK is good, and Ophcrack, should you want alternatives for Windows OS. Kern
  7. K

    Program to brute force an encrypted file

    hi kolgrim The best shot you have, unless you know and/or care about the subject of password cracking, or have resources the FBI/CIA are jealous of, is to put your trust in the programs suggested in both forums. They usually "best guess" what sort of file it is, if you have no other info. An...
  8. K

    Retreiving chat from harddisk

    Hi Prakash, A few more details might get a better response from the rest of the community, but in general, it would depend on what chat programs were used, and if logging was turned on or a cache stored. Kern
  9. K

    Software to find source of an email?

    dilsh99 in short : Yes. but found source doesn't always guarantee found sender. Kern
  10. K

    How to create a word dictionary from a floppy, cd or HD?

    Never mentioned this as the guy was sorted out already, but for others looking for OSS solution, try a look at "Wyd" on the remote-exploit.org strings will spit out lots of garbage without suitable qualification. Kern
  11. K

    Sony Memory Stick: Any way to tell when a file was deleted?

    Hi Zed One way forward may be to reconstruct the scenario to find out how the mobile phone operates when files are created/altered/deleted.? Don't forget that any time discovered would generally be dependent upon the device clock setting itself, and not real world time. Kern
  12. K

    MIRC - Hacked? Any way to tell?

    Logs should be in the logs directory. maybe logging was disabled, or they may have been deleted. Other things to check maybe scripts.ini or anything else at all in the mirc subdirectories, and maybe any metadata associated with files downloaded. You could try a clean download of mirc and see...
  13. K

    MIRC - Hacked? Any way to tell?

    Zed It would only take the owner to add in a 3rd party 'helper' script, or initially accept a DCC send and essentially he could have relinquished control. There are many trojans, worms et al in irc. All to often an unsuspecting user accepts them or initiates them by typing something that...
  14. K

    Computer Forensic college assignment

    Hi Dragnet Two good 'real world' ones from Complete. Another possible is how to deal with consequence of encrypted filesystems. Surveillance & Live analysis may be ways forward rather than the "turn up, pull the plug and take it to the lab" approach. Kern
  15. K

    Evidence Star.lnk

    hi Statecop, Evidence eraser - yes Evidence eliminator - yes Evidence Star - no , never seen that one. did you find any other associated detail ? Kern
  16. K

    Message for Kern

    Hi rodriguez. no problem. check your mail :) regards Kern
  17. K

    Selling a Massive Paypal/eBay Exploit..

    Maybe just go right to the top, don't dick about with call centres or help staff. the glitch may just be swept under the carpet. Sounds like you're above board. it's just if they want to 'prove' that you aren't, to save their own skin. good luck and do keep us informed. Kern
  18. K

    Recovery Following Re-Format

    yes Christophe Grenier - the CG in cgsecurity cgsecurity.org
  19. K

    Recovery Following Re-Format

    Hi rodriguez, have you considered submitting that, and any other work like it, to Christophe? It's one of the clearest help files i've seen yet, explaining the subject around Photorec as well as its operation. Nice work. Kern
  20. K

    Miscrosoft Product available to LEO's

    Chris, me too, nothing personal. Thoughts similar to 'Complete' , abovepost. Altho you mentioned "being nice and providing timely and current information ... " which is nice, you also asked for qualifiers in return, and usually that smells of scam, however well intentioned and aware of MS 'LE...
  21. K

    Selling a Massive Paypal/eBay Exploit..

    i have found similar security flaws elsewhere a couple of years back.Not financial, just highly sensitive data. No hacking involved, just tripped over vulnerabilities that exist in bona fide programs, that common or garden users are unaware the liability they have left themselves in. Only...
  22. K

    Is University The Only Way? (UK)

    hi qwerty Thats not 'cos its a BSc. Thats content sharing to spin the money out further. You reckon ? MSc's have stocking fillers too, same reason as above. However, some Uni's are now promoting concise Degrees now to cater for high tech, fast changing, subjects like specialist IT...
  23. K

    Miscrosoft Product available to LEO's

    If it turns out on an MS portal then fair do's, but wouldn't take much to grab something like this, poison it, assume a reputable identity and disseminate it, would it? Also read someplace that Ricci Ieong (ewalker consulting HK) was responsible for at least starting the development of it. no...
  24. K

    Donning an investigative hat

    nice point cybercop. i never thought to mention converter progs as a "look for" following your lead, Openoffice has the capacity to convert to pdf too. Kern
  25. K

    Recovery Following Re-Format

    ok, its easier now u gave details. i've seen/done this before. Windows probably hasn't overwritten old user data, but will not let you view it as a new user, as you arent the "owner". 2 ways to go: 1: You need a live linux CD and grab a small storage device, USB pen or what. This will...
  26. K

    Donning an investigative hat

    Magnet, i can empathise with your situation as it was similar to one of my own early experiences. Before making any software recommendation ... Maybe start with the end in mind. What is it you are trying to achieve? Do You want to hold someone to account, maybe disciplinary procedure...
  27. K

    Donning an investigative hat

    ...... oh jeeez You do have a secure password on Admin ... don't you ? Passwords: Is the secretaries login detail know to anyone else? Is the Admin password known only by the admin? If either are common knowledge your chances of nailing the culprit by conventional means are slim. Admin...
  28. K

    Recovery Following Re-Format

    Hi b_argol39 1: Can i ...? : yes, but results could be variable, depending upon what you did. 2: How? : Run a recovery program, follow instructions carefully, and have a spare drive ready, larger than the one you are working on. What exactly did you do and in what order ? What results...
  29. K

    Artefacts

    Artefact: An object produced or shaped by human craft ... What specifically does your tutor expects you to produce as an Artefact? How broad is your "project", and what material is available for you to scrutinise? If you decide on using child abuse scenario look for work from the author...
  30. K

    cleanmgr.exe

    1: apart from google and microsoft, where you can get a full description of the prog, its a util for cleaning up redundant files.tmpfiles internet history etc: h t t p ://support.microsoft.com/kb/253597 h t t p ://support.microsoft.com/kb/315246 2: it can be run by a user, and it can also be...
  31. K

    Document Recovery: Rendering Issues

    Are you just trying to see human readable text i.e. the content of the doc? Some Doc readers try to recognise the info that says for instance which App wrote the doc, and so can correctly extract the human readable text. Sometimes the info/doc is so corrupted, they cannot operate on it, or...
  32. K

    Deploy Bag Contents?

    WRT a deploy bag, and apart from all the usual cables, connectors and screwdrivers, a forensically sound Live preview CD is useful. But used with all due care and attention to local preservation of evidence statutes. but yes, evidence preservation techniques must move forward as miscreants go...
  33. K

    Document Recovery: Rendering Issues

    Hi hdollar Sounds like you recovered a document from a fragmented filesystem, or the filespace has been partially overwritten by another program, thus leaving you a partfile. The symptoms of such is that usually the recovered file will be huge, starts correctly then is just a mass of garbage...
  34. K

    Fileshredder History

    yes, triplicating the query will likely get you the wrong side of an admin
  35. K

    Study path through high school and out

    hi Gravemind Obvious hits are computer studies, programming, perhaps some legal etc Maybe better to check with your schools careers Dept. With knowledge of whats available at your school and those in your area, they maybe better able to match what you need with what they can offer. good luck...
  36. K

    In Helix how to trace stagnographic & encrpted images?

    disk images similar question ask elsewhere in forum ... opensourceforensics.org/tests/index.html
  37. K

    1st project

    dude, it doesn't come much easier than this.... pls explain why, as ddow mentioned, you cant get Helix for instance. or DD ????? kern
  38. K

    Masters in CF

    no probs dude, anything to help. drives making strange noises usually are usually unserviceable to all but a lab. Do NOT have it to bits unless you are happy losing everything just for the experience of seeing inside. They could have physical damage, electronic malfunction or corrupted...
  39. K

    Masters in CF

    Hi LogicalKey First things first: concentrate on the present course , put all your energies into this one. Then .... What is it you want a "head start" in? If its for that particular course, get the syllabus and read through it. Then work to understand areas that are not familiar. You may find...
  40. K

    1st project

    just to add to the other guys links, opensource forensics ..... huge lists are out there GIYF .... first hit, top of the list , and strangely enough www dot opensourceforensics.org more (free) gear than you can shake a stick at. kern
  41. K

    1st project

    Hi Shabu, maybe download Helix Live Cd and read the Extensive manual. dd is probably the simplest bitstreaming application you can use & its not commercial. Also check out the variants, ddrescue, dd_rescue et al, these a have certain enhancement options. There is a GUI front end for such inside...
  42. K

    AccessData FTK Mainstream?

    hi Bruteforce. Accessdata FTK ( UTK / PRTK etc) are mainstream and accepted as industry standard, as similar to Guidance Software's Encase. Accessdata having a slightly different lean. There are comparisons on the net if you care to google. Both have training courses with industry recognised...
  43. K

    A Girlfriend Issue

    Hi merkaba, maybe this is nothing to do with you at the computer. its about control. she couldn't control or know your whereabouts. Even if you did show her "evidence" at the PC she would probably still bicker, like "oh so now you altered the PC to prove me wrong". Don't try and rationalize...
  44. K

    Psychology fit in anywhere?

    hi Importprincess fwiw, i think it's a darned good combination. Something that would set you apart from others. The human engineering aspect of computer h*cking has often been overlooked in favour of automated software solutions. I can see a similar vein in Computer Forensics with a wealth of...
  45. K

    Legal question / CP

    nasty ppl :/ i think they log who posts too, as i've seen members on such sites threatened with suspension for posting 'dubious age' images. good luck mabs, hope you find a resolution kern
  46. K

    Broke DVD

    well spotted psu :) www(dot)dc3.mil/challenge/ this also fits the bill for the other requests for checking if an image has been altered ! eeeh ! some folks
  47. K

    Legal question / CP

    i'd think that depends on which state/county/country's laws are being abused. i recall a site similar, if not photobucket, that remove images of anything slightly resembling 'underage' should they be posted and or drawn attention to. maybe just contact via email and raise the point that the...
  48. K

    Legal question / CP

    hi mabs, what does she seek to stop? if the image is 5yrs old, trying to prevent its further spread would be like trying to bale out a sinking ship with a pair of chopsticks. imho she would be just drawing extra attention to the fact if she went legal and tried to have it taken down. if she...
  49. K

    Broke DVD

    error correction http(colon)//en.wikipedia.org/wiki/Reed-Solomon
  50. K

    Broke DVD

    yeh, i suppose a lot would depend on how clean the break was. when i've destroyed CD's / DVD's they tend to be bendy breaks or they delaminate the foil from the plastic. not clean fractures at all. Still, if its a rainy day, what else is there to do but try :)

About us

  • Our community began in 2004. Since this time, we have grown to have over 29,000+ members within the DFIR & Cyber Security community.

    We are happy to announce that this forum is now under new ownership with the goal to once again become the main Digital Forensics Forum on the internet for DFIR, OSINT and Cyber Security.

    If you can think of ways to help us improve, please let us know.

    We pride ourselves on offering unbiased, critical discussion among people of all different backgrounds.

    We are working every day to make sure our community is one of the best.

Quick Navigation

User Menu