Anyone know if there is work being done to implement support for EnCase v7's new Ex01 file format in libewf or other open source libraries? Otherwise I guess...
I've got a bunch of keyword hits in a "Pictures.pd6" file. The file appears to be database used by Windows Live Photo Gallery. It's located on a Windows Vista...
Does any one know how to view the log files found in the \home\userid\.local\share\gvfs-metadata\ folder? Thanks [Non-text portions of this message have been...
All, Is there a handy linux forensic tool to verify a drive is 100% zeros? fyi: We got the drive from opposing and it was thought to have data on it. A casual...
I'm getting the following error when running log2timeline (v .63) Any suggestions??? Is it an error with a specific file in the recycle bin or the recycle bin...
Are there any Linux memory dump images available for experimantal/research purpose? (Any version of kernel would do.) Images for Windows are available for...
ANNOUNCING AFFLIB 3.7 I'm happy to announce the release of AFFLIB 3.7. Significant highlights of the release include the following: - Copyright Clarification....
Hi Everyone. A friendly reminder that proposals for OSDF are due by next monday (4/16). And if you are interested in participating in a hack-a-thon, e-mail us...
Some cell phones are not fully supported by Cellebrite (in our case, LG-265). Sometimes the only option appears to be photographing all the SMS messages...
I am writing here since this is an experts' forum. Please read this link - http://www.thehindu.com/news/cities/chennai/article3255359.ece This person was...
I've created a super timeline by means of log2timeline. It is composed of these files: * PC01HD01_part02.csv : TimeLine partiion (C:) # log2timeline -p -r -z...
I'm working with bitstream copy of Windows 7 Starter. I got the timezone information by using regripper perl rip.pl -r /mnt/ewf/Windows/System32/config/SYSTEM...
A client of mine has a laptop where the user has encrypted their home directory - I imagine this would have been done using LUKS? I understand Ubuntu offers...
Hi All I have extracted a list of graphics files from folder full of data using: /# find . -type f -exec file {} \; > ../../../notes/file-types.txt/ I then...
Be it a Linux or Windows application, I'm looking for a Windows Link Viewer that people use and trust. I performed a quick google search of link viewer...
I know yaru does a good job of showing deleted registry keys, along with the hex output. Are there any other recommended FOSS tools which do the same - show ...
Okay, I'm tying to do my first linux created file inventory. It's of a thumb drive with not that much data on it, so this should not get too crazy. There are...
Linux dump ram.../dev/mem does not work more, so we must use /dev/fmem...it works, but in a forensics live analysis how much affect the compiling operations...
We're doing it again this year, but a few months later than last year. Sorry if you receive this multiple times. 2012 Sleuth Kit and Open Source Digital...
Simson, You might want to consider adding "file inventory creator" to the description of fiwalk. We have to create a file inventory on a reasonable percentage...
All, I assume we all have to create file inventories from others to peruse from time to time. I'd like to leverage exiftool v8.65, which I think has a lot more...
All, I just came across this mailing list. I've decided to try and get more DFIR (Digital Forensic / Incident Response) apps in to openSUSE. This mailing list...
What is the best open source tool for grabbing a snapshot of the windows memory hash values to compare with hard drive data? [Non-text portions of this message...
I was curious if there were any techniques in recovering cached network connection. I cannot find anything significant on the web. Regards, Brad [Non-text...
