Tutorial about file carving tool FOREMOST

Just found a blog post by follow the white rabbit about how to use the unix/linux file carving tool FOREMOST. It’s a step by step explanation how to use the tool, what kind of run parameters are available and and in what format the configuration file is built (and how you can tweak it). Very…

Read More

OS X as a Forensic Platform

SANS Institute published a new research paper written by David M. Martin called: “OS X as a Forensic Platform”. It paper gives a hands-on overview how to setup your OS X as a forensic workstation. It takes about package management (mac ports vs. homebrew), python setup incl. pip, virtualization / containerization, evidence acquisition with command-line…

Read More

Analyzing USB Entries in Windows 7

The team of Blackbag Technologies released a new blog post about analyzing USB entries in Windows 7. It not only shows how the Blackbag tool can analyze attached USB thumb drives to a Windows 7 system, but also where the relevant registry keys and system files are, which are needed to determine valuable information about…

Read More

OSINT: Domains

There is quite more than just performing some Whois queries when performing domain name investigations. Below are a few links for your online searches of domain names and IP addresses. Online Port Scanner ViewDNS gives you a list of open ports on a particular domain. ViewDNS Reverse IP (viewdns.info/reverseip) Domain IP History You can also…

Read More

OSINT: Image & Video Analysis

Thanks to all the fancy gadgets, image and video files are spread all over the internet. Within this post I will describe what kind of search techniques are particularly for multimedia content. Reverse Image Searches A good start is always a image search using one of the big 2’s. But there are also a few…

Read More