win4n6 : Messages : 4096-4126 of 8647

Messages: Simplify \| Expand		Author	Sort by Date

4096		keydet89	Apr 1, 2011 12:30 pm
	You posted one day early, Dale....
4097		Paul D. Bain pauldbain	Apr 1, 2011 2:24 pm
	... These days, when I encounter an acronym whose meaning I do not know, I am inclined to try Acronym Finder first: ...
4098		Jeff Wold specialidiot	Apr 1, 2011 2:29 pm
	I gotta admit I was a bit harsh in my reply - my apologies to the OP. ... I gotta admit I was a bit harsh in my reply - my apologies to the OP. On Fri, Apr 1,...
4099		Eric Huber ericjhuber	Apr 1, 2011 2:32 pm
	Urban Dictionary can be useful for parsing these sort of things out also. It actually has a lmgtfy entry. :) ...
4100		Ron McGill zax_cgp	Apr 1, 2011 3:22 pm
	So dish the dirt, proper. How many showed up. Were there any drunken fights amongst the open source vs commercial boys, etc. ... From: keydet89...
4101		Dale Rogers rogersforensics	Apr 1, 2011 5:20 pm
	Just trying to throw a little humor into the mix. Next time I'll work on my timing and delivery. dwr Dale W. Rogers Rogers Computer Forensics Roseville, CA...
4102		Ron McGill zax_cgp	Apr 1, 2011 5:48 pm
	No POVS beyond this point. POV stands for Point of View, obviously. So if you put up a sign that says "No POVS beyond this point," the meaning is obvious. ...
4103		Baker, Dave frnzxguy	Apr 4, 2011 11:33 am
	Request for Proposal – DFRWS Forensic Challenge 2012 The DFRWS Challenge The DFRWS Conference is soliciting proposals from individuals or teams interested in...
4104		keydet89	Apr 4, 2011 11:50 am
	All, As a result of last Thu's first meet-up, I've looked into the possibility of having meetings at the Reston Regional Library. I went to the web site this...
4105		keydet89	Apr 4, 2011 12:25 pm
	As a follow-up, what we need from those who will be attending (or would like to attend) is: - What would you like to see discussed or presented? - Would you be...
4106		Anderson Clayton creitaum	Apr 4, 2011 1:57 pm
	Hi guys I need to analyze some prefetch files. How do you guys analyze that? With some special tool or with strings tool??? Thanks Anderson...
4107		Benjamin Koehl sysvolinfo	Apr 4, 2011 2:01 pm
	I sometimes use Windows File Analyzer (WFA) Available from http://www.mitec.cz/wfa.html (free) On Mon, Apr 4, 2011 at 9:57 AM, Anderson Clayton <...
4108		Brent Wrisley brentwrisley	Apr 4, 2011 2:30 pm
	Harlan, Sorry if this came up and I overlooked it. Have you considered the Reversespace in Herndon? http://hackerspaces.org/wiki/Reverse_Space A colleague of...
4110		Weg, Jimmy jimmyweg	Apr 4, 2011 2:33 pm
	Advanced Prefetch Analyzer by Allan Hay: http://www.ash368.com/ Jimmy Weg, CFCE Agent in Charge, Computer Crime Unit Montana Division of Criminal Investigation...
4111		Greg Kelley gwk1973	Apr 4, 2011 2:35 pm
	I highly recommend that DFI news write-up. Very informative. Realize that there is no "tool" to analyze the prefetch files. There are tools to extract pieces...
4112		Douglas digitalforen...	Apr 4, 2011 2:36 pm
	Depends on the platform you are on, but in Windows (corersciton there is a .pl you can run as well) I use RedWolf's Prefetch Parser: ...
4113		lakshmi narayanan raj... laksnr	Apr 4, 2011 2:45 pm
	Jimmy, Thanks for the website information. It is good to have more than one tool to do the same job. L ________________________________ From: "Weg, Jimmy"...
4114		lakshmi narayanan raj... laksnr	Apr 4, 2011 2:46 pm
	Doug, Thanks for the links to the DFI website, it looks informative (haven't read it yet) as well as link to the Prefetch parser. L ...
4115		Stefan Kelm sk081557...	Apr 4, 2011 3:07 pm
	Anderson, ... I always use strings (remember to run strings w/ different '-e' encodings on every file) but wrt prefetch files I find Harlan's pref.pl script to...
4116		Mark Woan markwoan	Apr 4, 2011 3:16 pm
	and PrefetchForensics (http://www.woanware.co.uk/?page_id=173) Mark...
4117		Weg, Jimmy jimmyweg	Apr 4, 2011 3:34 pm
	Please pardon a cross post if you've seen this elsewhere. I have a system with two drives: Disk 1 (Win7) was formatted on 6/29/2010 and Win7 was installed on...
4118		Eric Huber ericjhuber	Apr 4, 2011 3:37 pm
	EnCase, but I'm a hopeless forensic geek so I tend to do a lot in hex. :) I think it's a result of getting into the industry when we didn't have all of these...
4119		keydet89	Apr 4, 2011 3:41 pm
	... Depends on what you mean by "analyze". I have a Perl script that I use not only for extracting the time stamp and run count metadata, but also extracting...
4120		keydet89	Apr 4, 2011 3:41 pm
	Thanks, Brent, I'll take a look at this......
4121		Greg Kelley gwk1973	Apr 4, 2011 7:46 pm
	Jimmy, Just to confirm, while there is no "Admin" user on Disk1 (Win7), you found MSIE records related to Admin, right? Do the MSIE records point to the C:...
4122		Weg, Jimmy jimmyweg	Apr 4, 2011 8:05 pm
	Thanks, Greg. I just solved the mystery. The MSIE index records that I recovered, by scavenging the physical disk, actually were in a recovery set of IMG...
4123		Greg Kelley gwk1973	Apr 4, 2011 8:08 pm
	Glad you solved the mystery. Thank you for the clarification regarding dates of files downloaded with Frostwire. I wasn't certain if files downloaded by...
4124		Sean McLinden sean.mclinden	Apr 4, 2011 9:26 pm
	I know that there are a couple of commercial options out there and I looked at the latest libpff but it does not, currently, support this. Has anyone used a...
4125		Jean-Francois Gingras n6000w95000	Apr 4, 2011 9:27 pm
	You can look at those links for more info : http://42llc.net/index.php?option=com_myblog&task=tag&category=Prefetch&Itemid=39 ...
4126		keydet89	Apr 4, 2011 9:59 pm
	... I've heard good things about Intella, but I haven't had to use it. Some other possibilities may include: ...

Yahoo! Groups

Breaking News Visit Yahoo! News for the latest.

The Yahoo! Groups Product Blog

Check it out!

Group Information

Yahoo! Groups Tips

Did you know...

Messages