Understanding $DATA attribute

Created: Thursday, 20 September 2018

The following scenario demonstrates a potentially confusing situation you might face as an investigator. Knowing extensively the NFTS internals will help you to reach at valid conclusions.

Assume that you have located a deleted...

Password policies - Password creation

Created: Thursday, 13 September 2018

Designing a password policy for applications facing the internet has always been a hot issue. Basically, the decision to enforce a set of rules, revolves around how much you trust your users or how much freedom you are willing to concede, when...

Recovering a deleted file from FAT32

Created: Saturday, 25 August 2018

Assume you use a forensic software that has recovered file system metadata of a deleted jpeg file from a FAT32 formatted volume with a cluster size of 2.048 bytes. The forensic software displays that the recovered file has starting cluster...

Reconstructing a RAID 5 that holds an NTFS volume without knowing its configuration.

Created: Tuesday, 03 July 2018

To save readers' precious time I would like to emphasize the fact that that this guide applies in raids containing an NTFS formatted volume.

Firstly, keep in mind that this guide serves as a proof of concept, hopefully it will prove...

Questions on File Systems and Windows Forensics.

Created: Thursday, 09 March 2017

Below you will find questions that test your knowledge on this subject. I wrote them while I read material mainly from books in file systems and Windows Forensics.

The questions are not meant to be exhaustive and they might even...

VirusTotal EnCase6 Hash Set

Created: Monday, 15 December 2014

For the examiners who wish to locate malware in EnCase 6 based on virus signature, I have downloaded the latest VirusTotal database and compiled to an EnCase 6 Hash Set. Note that hashes are MD5 you need to hash your files first. ...


Created: Sunday, 27 January 2013

Since March 2012, I work as a digital forensics examiner, I examine cases such as copyright infringements (aka web scraping), data breaches, hacking (defacing, malware to steal bitcoins, cryptomalware, malware to steal sensitive data e.g....

Built with...

Created: Saturday, 05 January 2013

This site was completely revamped since 2017 using the following technologies:

  • twitter bootstrap4 as html template, icons by fonts-awesome
  • site fonts served by google-fonts
  • server side code, flask (a python...

© 2012 - 2023 Armen Arsakian updated atThursday 07 November 2019Contact: contact at arsakian.com

-2095 . 4042:v0.7