0%

Blog

Jun 17, 2013

epyxpete

Blog

0

You have just received an image of a dual-boot.  You add the image to your preferred forensic  suite only to discover that the linux partition of the image is not being recognized.  You immediately wonder.. “I know so and so can read extended 4! The other volume is not encrypted! What’s going on?” That became […]

Apr 14, 2013

epyxpete

Blog

0

I was recently given the opportunity to attend an advanced mobile forensics course taught by Joe Church from Digital Shield.  As part of the rite of passage certification process, Joe handed us an image of an infected Android device and challenged us to find the malware. By the third day of great instruction and working with […]

Feb 03, 2013

epyxpete

Blog

0

While examining an image of a Windows 7 computer, I struggled to find specific files that I knew at one point resided on the computer.  After hours of searching through both the allocated and unallocated area, I found the files in question on the shadow volumes. The shadow volumes, also known as the Volume Snapshot […]

Jan 11, 2013

epyxpete

Blog

0

Recently while examining an image of a computer, I came across the need to determine if the image contained a set of specific files.  For me those specific files were a series of pictures.  I was faced with two options, I can either manually go through all of the folders to search for the pictures, […]

Dec 02, 2012

epyxpete

Blog

0

Whether you need to make a forensic copy of an evidence drive for analysis, or restore a drive to look at the computer in a live manner, at one point or another you are probably going to find yourself needing to clone a drive.  Cloning a drive differs from imaging, in which cloning uses a […]

Nov 02, 2012

epyxpete

Blog

0

The master file table (MFT) is a database that contains information about all files on an NTFS file system.  Among other things, the MFT tracks times, size, name, and location of every file including itself.  It stores this information in entries, appropriately named MFT entries.  Each MFT entry gets assigned its own record number. AnalyzeMFT […]

Sep 26, 2012

epyxpete

Blog

0

The Windows registry is used by the operating system to store information about its configuration, users, applications and much more.  It is an excellent source of evidence for the forensic examiner. While looking for an open source solution to examine the registry, a colleague of mine recommended the Forensic Registry EDitor (FRED).  FRED is a GUI […]

Aug 22, 2012

epyxpete

Blog

0

The E01 image format, also known as the Expert Witness Format or the EnCase Image Format is perhaps the de facto standard for forensic analysis. Is it a format owned by Guidance Software containing a bitstream of an acquired disk, case information, checksums for every block of 64 sectors, and a footer with an MD5 […]

Jul 30, 2012

epyxpete

Blog

0

When it comes to media acquisition using Linux, tools like Raptor and Paladin are hard to beat. These tools are able to boot the computer and acquire the internal devices all while write-blocking the devices. If a GUI acquisition tool for Linux is what you need then look no further, Guymager is it. But if […]

image
http://epyxforensics.com/wp-content/themes/yunik-installable/
http://epyxforensics.com/
#d81e2d
style2
default
Loading posts...
#c4c4c4
on
none
loading
#c4c4c4
Sort Gallery
http://epyxforensics.com/wp-content/themes/yunik-installable
on
no
yes
off
off
Enter your email:
off
off