Understanding $DATA attribute

Created: Thursday, 20 September 2018

The following scenario demonstrates a potentially confusing situation you might face as an investigator. Knowing extensively the NFTS internals will help you to reach at valid conclusions.

Assume that you have located a deleted...

Password policies - Password creation

Created: Thursday, 13 September 2018

Designing a password policy for applications facing the internet has always been a hot issue. Basically, the decision to enforce a set of rules, revolves around how much you trust your users or how much freedom you are willing to concede, when...

Recovering a deleted file from FAT32

Created: Saturday, 25 August 2018

Assume you use a forensic software that has recovered file system metadata of a deleted jpeg file from a FAT32 formatted volume with a cluster size of 2.048 bytes. The forensic software displays that the recovered file has starting cluster...

Reconstructing a RAID 5 that holds an NTFS volume without knowing its configuration.

Created: Tuesday, 03 July 2018

To save readers' precious time I would like to emphasize the fact that that this guide applies in raids containing an NTFS formatted volume.

Firstly, keep in mind that this guide serves as a proof of concept, hopefully it will prove...

Questions on File Systems and Windows Forensics.

Created: Thursday, 09 March 2017

Below you will find questions that test your knowledge on this subject. I wrote them while I read material mainly from books in file systems and Windows Forensics.

The questions are not meant to be exhaustive and they might even...

VirusTotal EnCase6 Hash Set

Created: Monday, 15 December 2014

For the examiners who wish to locate malware in EnCase 6 based on virus signature, I have downloaded the latest VirusTotal database and compiled to an EnCase 6 Hash Set. Note that hashes are MD5 you need to hash your files first. ...

About

Created: Sunday, 27 January 2013

Since March 2012, I work as a digital forensics examiner, I examine cases such as copyright infringements (aka web scraping), data breaches, hacking (defacing, malware to steal bitcoins, cryptomalware, malware to steal sensitive data e.g....

Built with...

Created: Saturday, 05 January 2013

In the latest Update (April 2023), this site was migrated to GAE standard environment using python3.10 rutime. All back end libraries have been updated as well. Client code stills uses backbone and jquery, but it is planned to move to more...

© 2012 - 2023 Armen Arsakian updated atMonday 03 April 2023Contact: contact at arsakian.com

-2427 . 4374:v0.85