About

Created: Sunday, 27 January 2013
Updated: Sunday, 15 March 2026

Professional Experience

Since March 2012, I have worked as a Digital Forensics Examiner, handling a wide range of investigations, including:

  • Copyright infringement
  • Data breaches
  • Hacking incidents (defacement, credential‑stealing malware, bitcoin‑stealing malware, cryptomalware)
  • Theft of sensitive data (e.g., banking credentials)
  • Tax evasion
  • Money laundering
  • Web fraud and financial fraud

I have extensive experience with commercial forensic tools such as:

  • FTK
  • X‑Ways Forensics
  • Nuix Workstation
  • Magnet AXIOM
  • Oxygen Forensics
  • Cellebrite UFED Physical Analyzer

I also develop custom forensic tools when commercial solutions are insufficient.

I have deep expertise in:

  • Recovering RAID arrays without prior configuration information
  • Analyzing DVR file systems (often proprietary or undocumented)
  • Processing large‑scale log datasets containing millions of records
  • Understanding Microsoft SQL Server storage internals, gained through extensive tax‑evasion casework

Education

I hold a degree in Electrical and Computer Engineering from the Democritus University of Thrace, Greece.

My master’s thesis focused on:

  • Statistical properties of popular internet applications
  • Stress‑testing network interface cards and saturated network links
  • Identifying traffic patterns using Fourier‑based analysis

Software Development & Automation

I develop tools capable of parsing documented and undocumented data structures directly from raw sources, including direct disk access. I also developed many forensic tools related to the file systems NTFS and BTRFS in golang.
I use Python to automate repetitive tasks and to support electronic‑fraud investigations through:

  • Email header analysis
  • OSINT data collection
  • Visualization of communication patterns

Web, GUI, and Backend Development

I work with:

  • Flask for backend web development
  • PyQt and GTK+ 3 for desktop GUI applications

I have also developed tools for:

  • XML transformation
  • PDF report generation using XSL

Backend technologies I have used include:

  • MySQL
  • Microsoft SQL Server
  • Redis

I follow established software engineering practices:

  • Writing idiomatic, maintainable code
  • Unit testing
  • DRY
VirusTotal Hashwindowsntfsraid EnCase6 unallocated policy MD5 directory entry $DATA forensics ntfsfat32CV recovered fileCV security file systems ADS $MFTpassword $mft

Understanding $DATA attribute

The following scenario demonstrates a potentially confusing situation you might face as an investigator. Knowing extensively the NFTS internals...

Password policies - Password creation

Designing a password policy for applications facing the internet has always been a hot issue. Basically, the decision to enforce a set of...

Recovering a deleted file from FAT32

Assume you use a forensic software that has recovered file system metadata of a deleted jpeg file from a FAT32 formatted volume with a cluster...

Reconstructing a RAID 5 that holds an NTFS volume without knowing its configuration.

To save readers' precious time I would like to emphasize the fact that that this guide applies in raids containing an NTFS formatted...

Questions on File Systems and Windows Forensics.

Below you will find questions that test your knowledge on this subject. I wrote them while I read material mainly from books in file systems...

VirusTotal EnCase6 Hash Set

For the examiners who wish to locate malware in EnCase 6 based on virus signature, I have downloaded the latest VirusTotal database and...

Built with...

In May 2026, all backend libraries are updated, and the site moved to python3.14 rutime.

In March 2026, all backend and client...

© 2012 - 2026 Armen Arsakian updated atThursday 28 May 2026Contact: contact at arsakian.com

-3255 . 5202