Search results

  1. S

    crime encounter

    Get a robust firewall and keep it on, always. Install a reliable AV suite and keep it updated. Install a malware detector (pop-up blocker is good too) And never, every reply to phishing emails, use pirated or cheap copies of software, or visit dodgy sites.
  2. S

    Why examine the swap file last?

    The swap file changes, every nanosecond, so you either have to capture it live, or do a dump of the ram. You would examine it last because it is usually a last resort!
  3. S

    Starting Computer Forensics & have some questions

    For some reason I can't post my answers.....
  4. S

    Does imaging HDD capture deleted files too?

    Re: What to do after you imaged the usb with FTK? <r><QUOTE author="cyber101"><s> </e></QUOTE> Download a free copy of OS Forensics and open up the E01 file, you should then be able to see the deleted files and just highlight them and download them.</r>
  5. S

    VMDK hash value abnormality

    Ah! I have been following this thread in case somebody had a good explanation, and now I see that somebody has. It seems so obvious now that somebody has pointed it out. TY!
  6. S

    Computer evidence IP

    I've never heard of a static IP changing by itself. My gut feeling would suggest that somebody, somewhere, has manually changed it (and not owning up because they think they might be in trouble). Check your syslogs!
  7. S

    What Should I Do?

    OU is hard, very hard, and the standards are higher than at a lot of traditional "brick" universities. But they are very good at what they do and as you say, it's ideal for people with family committments, etc. I don't know whether they still do an "open" Degree where you can mix and match the...
  8. S

    Two e01 forensic image on one larger drive !

    There's no reason you can't do that if you want to, just make sure that a) there is enough room on the drive for both - leave some overhead, b) it's been forensically wiped before re-use c) you have hashed both the originals and the copies to make sure they are identical.
  9. S

    Does imaging HDD capture deleted files too?

    Re: image clone first before recovery? <r><QUOTE author="cyber101"><s> </e></QUOTE> FTK Imager works well and there are free versions.</r>
  10. S

    Mozila Firefox Crashes Help

    You need to give us a lot more information - operating system? hard drive space? RAM installed? other browsers installed? what error messages are you seeing? and that is just for starters. The people on Stack Overflow are very good.
  11. S

    Company Data Theft

    Cybercop is correct, there needs to be a dead acquisition made and the copy used to search/work on. I would look in the link files first, they will show if a USB has been used and possibly what files have been transferred to it. But you MUST work on a clone, NOT the original, or any subsequent...
  12. S

    serious assault

    You inform HR to cover your own back. Then you take it from there. It may involve interviewing the person (or persons) involved. It's up to the victim to contact the police (they may not want the police to get involved) but it is important for your own ethics and professionalism that you have...
  13. S

    How to access files a USB stick that is playing up

    OS Forensics has a free version and is very good.
  14. S

    CSI Effect

    I did it, but I had to put Alabama as I live in Scotland and there was not an option for non-US participants. Also one of your questions said "exits" when I think you meant to put "exists". I do not want to seem picky but I think it might make some participants misunderstand the question.
  15. S

    Audio File Authentication/Integrity Examinations

    Sorry mod :( TY for fixing it.
  16. S

    Audio File Authentication/Integrity Examinations

    "http://audacity.en.softonic.com/download" It is a free download and very easy to use. Just open the sound file and you will see the wave form. There are various tools to expand it and examine it in detail. Expand the waveform and you should be able to spot whether anything has been cropped...
  17. S

    Audio File Authentication/Integrity Examinations

    Have you tried Audacity?
  18. S

    Live Computer in a crime scene - how to record evidence

    Is it a desktop, a laptop, is it running Windows or Linux or some other OS? Is it acting as a server? Is it connected to a network? Wirelessly or cabled? Is it locked with a password? Is there a sysadmin who can help or are they all possible suspects? Is there encryption? Every single one...
  19. S

    opening a bkf extention with encase

    I still come across bkf files occasionally but they are a pain to open now, as Windows got rid of the bkf option after XP. I would suggest making a copy in Encase to preserve your original, then take the copy and decompress it using this - "https : // www...

About us

  • Our community began in 2004. Since this time, we have grown to have over 29,000+ members within the DFIR & Cyber Security community.

    We are happy to announce that this forum is now under new ownership with the goal to once again become the main Digital Forensics Forum on the internet for DFIR, OSINT and Cyber Security.

    If you can think of ways to help us improve, please let us know.

    We pride ourselves on offering unbiased, critical discussion among people of all different backgrounds.

    We are working every day to make sure our community is one of the best.

Quick Navigation

User Menu