±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36459
New Yesterday: 3 Visitors: 102

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Search found 3564 matches

Re: WebCacheV01.dat - opened files with Windows Explorer?

Post Posted: Jan 16, 20 13:59

[quote="donedo"]
So, it is not possible to tell which program was used to open entries like "file:///C:/Users/Username/somefolder/20.jpg" by looking at WebCacheV01.dat only?
[/quote]

As recommen ...
keydet89
Topic: WebCacheV01.dat - opened files with Windows Explorer?
Replies: 5
Views: 1137
 

Re: Forensics on PDF created from MS Word: tracing the autho

Post Posted: Jan 15, 20 20:59

Do you have access to the system used by the unauthorized person?
keydet89
Topic: Forensics on PDF created from MS Word: tracing the authors
Replies: 2
Views: 567
 

Re: What do you do?

Post Posted: Jan 08, 20 12:02

Long time old school DFIR, incident responder...back in the day when the joke was that we'd image all 3000 systems. Never did that, though.

Transitioned to threat hunting and response with the adv ...
keydet89
Topic: What do you do?
Replies: 6
Views: 1592
 

Re: Apple significant locations

Post Posted: Dec 29, 19 13:13

https://articles.forensicfocus.com/2018/05/28/apple-iphone-forensics-significant-locations/

https://www.mac4n6.com/blog/2015/12/20/parsing-the-ios-frequent-locations
keydet89
Topic: Apple significant locations
Replies: 1
Views: 688
 

Re: exploit evidence from encase

Post Posted: Dec 12, 19 11:55

[quote="afsfr"]we collect Linux image in encase, we suspect one of Linux application is exploited and attacker got root shell access through exploit, is there any way to find evidence of exploit in en ...
keydet89
Topic: exploit evidence from encase
Replies: 4
Views: 1212
 

Re: Tool for browser forensic investigation

Post Posted: Dec 04, 19 01:30

[quote="Z899090"]Sorry reworded my post, i meant to say browser forensic; basically a cheap alternative to axiom/IEF.[/quote]

Any particular browser? There are plenty of free tools available, such ...
keydet89
Topic: Tool for browser forensic investigation
Replies: 7
Views: 2418
 

Re: Disk: How do I find the deleted local user account?

Post Posted: Nov 29, 19 11:30

[quote="elixirelixir"]I acquired a disk image Win7 OS. I have attempted the following artifacts. However, still cannot find which user is deleted. [/quote]


[quote="elixirelixir"]
Attempt 2:
Du ...
keydet89
Topic: Disk: How do I find the deleted local user account?
Replies: 1
Views: 691
 
Page 1 of 510
Page 1, 2, 3 ... 508, 509, 510  Next