All, Based on user feedback, I am happy to announce the release of frag_find version 1.1.1. This program is part of the NPS Bloom Filter package. You can...
Hi all, I developed a new bash script tool Raw2FS, based on TSK: It's possible to resolve the file name starting from the carved file name generated by the...
Does anyone have a good resource, or know anyone that has done some good analysis of the Vista Volume Snapshot Service? I'm looking for information on the...
... I'm sorry for the bad url, this is the right url: http://scripts4cf.sourceforge.net/tools.html and I just developed a new release of Raw2FS, I hope it will...
I need to image a RAID 5 server. Can dcfldd image the logical volumes instead of the individual disks? Are there other tools that can do what I need? Thanks...
If you can image the server while it is down, I would image the logical disk (the disk presented to the operating system) using the server (do not pull the...
cat /proc/partitions will show all block devices for which there are resident ata, sata, or scsi drivers loaded. ... From: "sploithunter" <church@...> ...
Me and Mr. Denis Frati have just finished to implement the latest release of Selective File Dumper, SFDumper for friends;) What's new? Now the software works...
Dear Mr Bassetti, I'm an investegator for the Belgium Police in Kortrijk (Belgium). I like to be a beta tester for your new product SFDumper. Please send me a...
Does anyone here know, how to read a cc skimmer from linux? we have a case in here, we found a credit card skimmer, but we still have problem to read the data...
Hi I have the same problem and would also like some advice. The device in my possession has no markings or model number. Any help will do Beaunard Grobler ...
CCIU
ccu@...
Jul 3, 2009 5:31 am
3100
Are you sure that the devices are self contained models? Some of the devices I have seen are designed to connect either to a handheld device (pocket pc) or...
frag_find is a program that searches the blocks of disk IMAGE for one or more TARGET files. It does this by checking the SHA1 hash of every block of the target...
Can you send a picture? Also what types of cables you are using to connect to your system. I am not sure about finding a reliable device driver for those...
Hi Everyone, I have found evidence of credit card fraud in Windows Vista system restore volumes with a grep expression. The suspect appears to have been...
Well, from within Windows, programatically speaking, the Shadow Volumes just map back to the physical volume. Meaning, if you have ten HarddiskShadowCopyXX...
... As far as I know you should operate on the original disk (write-blocked) from a Windows Vista OS. By using vssadmin.exe and mkink.exe you can have access...
Thank you for your replies. Looking at the shadow volumes with a hex viewer, the volumes look like databases as Scott suggests from his review of the API....
Hi. What platform are you compiling on, and do you have SHA256? You might want to compare the compile environment of the test program in the log file with the...
Hi Simson I am compiling on Slackware 12.2 (32 bit). I couldn't find a specific package for SHA-256 although I did install a package called mhash which I was...
Fellow Professionals, This is the last week to register for the Digital Forensics Seminar. HiTek Digital Forensics is holding a one day seminar on July 29,...
Does anyone know of any online forensic seminars to earn some CPE. I need to get a few hours in before the end of the year without spending too much money to...
Stu/Simson, Doesn't something like OpenSSL or libcrypto provide these? Jon Sent from my iPhone ... [Non-text portions of this message have been removed]...
SHA-256 is not present in all versions of OpenSSL, which is why the configure script checks for it. My hunch is that the system below has multiple copies of...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
