Skip to main content

Home/ ComputerForensicsTV/ Group items tagged files

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
cftvgroup

Windows 10 Forensics - AFENTIS FORENSICS - 0 views

afentis.com/...windows-10-forensics

shared by cftvgroup on 27 Jan 15 - Cached
  • The start screen from Windows 8 is no longer there
  • The difference is rather than protecting the drive as a whole each file is now protected by BitLocker, so if a file is removed from the drive it will still carry the protection that was added to it during the BitLocker process.
  • Trusted platform module (TPM) is still not needed to use BitLocker
  • ...10 more annotations...
  • Signed driver enforcement
  • The new multi desktop
  • New sharing and security options for folders now include permissions, auditing and effective access as well as giving the user more control of how the folder is shared and who can view it.
  • Phone authentication could be through a number, NFC or built in alert/application.
  • When file’s properties are opened it now shows a ‘Previous Versions’ tab which shows any older versions of this file along with the date it was last modified. This will help determine if the file has been edited and when it happened.
  • Microsoft is also including “next generation user credentials” which will allows single sign in everywhere.
  • Per application VPN is being added to W10,
  • There is now a folder called Home on the file explorer that allows the user to view favorites, frequent folders and recent files. This could help determine what the user has been opening from their files.
  • W10 will still use NTLM and LSAAS meaning the various password cracking tools that forensic investigators use such as rainbow tables will still work in the same way on W10.
  • TPM or software KSP attestation based authentication means there won’t be any secrets on the disk. This will allow the users to have hardware based authentication which will be more secure and quicker to use. This will only feature on machines that house a TPM chip which will store the keys. This type of authentication is secure as it has good resistance against attacks since it is based on hardware within the machine and harder to access
cftvgroup

Bulk Extract EXIF | Taksati - 0 views

taksati.wordpress.com/...bulk-extract-exif

bulk extract exif

shared by cftvgroup on 27 Jan 15 - Cached
  • Can you script that so I can do that to several hundred files, he said. Don’t have to, I said…
  • ExifTool is a extremely powerful command line utility that has been around since 2003. It is still actively maintained and has grown to encompass so many metadata types beyond EXIF that it has well outgrown its name. It also has some very powerful formatting and processing capabilities in it, making bulk extraction of just the data you want an easy task.
  • produces 38 data points
  • ...10 more annotations...
  • Irfanview
  • There is a lot of really good info in executable files,
  • Run Time Since Power Up : 5 days 2:24:57
  • But, ExifTool against the same file produces 72 data points.
  • And, since .dll files are structurally identical to .exe files, we get very similar data from them.
  • internal metadata inside office documents
  • Can recurse subdirectories if the target is a directory.
  • Can specify multiple filetypes using -ext switch instead of file mask.
  • Control the output format with -T, -csv, -json.
  • It should be one of your favorite tools.
cftvgroup

Top 20 Free Digital Forensic Investigation Tools for SysAdmins - 0 views

www.gfi.com/...estigation-tools-for-sysadmins

Tools SysAdmin

shared by cftvgroup on 09 Jun 16 - Cached
  • Sleuth Kit is an open source
  • CAINE (Computer Aided INvestigative Environment) is Linux Live CD
  • disk image, file, or directory of files and extracts information such as credit card numbers, domains, e-mail addresses, URLs, and ZIP files.
cftvgroup

Understanding the Android File Hierarchy | Android News for Costa Rica - 0 views

www.all-things-android.com/...tanding-android-file-hierarchy

understanding android file system

shared by cftvgroup on 14 Mar 15 - Cached
  • cftvgroup on 14 Mar 15
     
    "thumb"
cftvgroup

Plists | Taksati - 0 views

taksati.wordpress.com/...plists

plist intenal structure osx ios

shared by cftvgroup on 27 Jan 15 - Cached
  • internal structure of Plist files
  • Plist files are found sprinkled throughout OS X and iOS and contain the various configuration settings and other information of use to the OS and applications.
  • Plists are key/value pairs that are stored in either text or binary.
  • ...2 more annotations...
  • XML is not a very efficient way to save data on disk
  • So, Apple introduced a binary format. When opened in something that doesn't like it, it will look like this
1 - 6 of 6
Showing 20 items per page