For the examiners who wish to locate malware in EnCase 6 based on virus signature, I have downloaded the latest VirusTotal database and compiled to an EnCase 6 Hash Set. Note that hashes are MD5 you need to hash your files first. Acknowledgments go to the VirusTotal for making available the files. Use this link for download. Hash Set contains more than 18 millions of hashes.
The following scenario demonstrates a potentially confusing situation you might face as an investigator. Knowing extensively the NFTS internals...
To save readers' precious time I would like to emphasize the fact that that this guide applies in raids containing an NTFS formatted...
Since March 2012, I have worked as a Digital Forensics Examiner, handling a...
In May 2026, all backend libraries are updated, and the site moved to python3.14 rutime.
In March 2026, all backend and client...