Some good explanation about manual check of time zone settings can be found here: http://www.digital-detective.net/manual-identification-of-suspect-computer-time-zone-2/ http://forensium.com/Web_log/13_Calculate_time_zone_bias…
OSINT link collection
Over time I’ve collected many useful links and small HOWTOs which I use during my OSINT investigations. They go from very basic search techniques to more advanced social media data collection procedures. I will try to keep the below list up to date but as always I do not take any responsibilities for any broken…
Windows 10 Forensics: OS Artifacts
Found a good presentation created by Brent Muir about Windows 10 Forensics artifacts. Another good resource is this PDF published by Champlain College…
OSINT: Domains
There is quite more than just performing some Whois queries when performing domain name investigations. Below are a few links for your online searches of domain names and IP addresses. Online Port Scanner ViewDNS gives you a list of open ports on a particular domain. ViewDNS Reverse IP (viewdns.info/reverseip) Domain IP History You can also…
OSINT: Image & Video Analysis
Thanks to all the fancy gadgets, image and video files are spread all over the internet. Within this post I will describe what kind of search techniques are particularly for multimedia content. Reverse Image Searches A good start is always a image search using one of the big 2’s. But there are also a few…
Forensic imaging of a Mac using dd
A quick wrap up written by Mari DeGrazia how to live image a Macbook using the dd command => Link to blog post…
MacOS timestamps demystified
Here is a good article about time stamps in Mac OS X. The article describes what happens when files get created, moved, duplicated but also copied from one file system to a different file system. Thanks to Lee Withfield for his research. You will find the article here. And what about NTFS?! It’s all here…
OS X QuickLook Thumbnail Parser
Mari DeGrazia published a very useful python script to parse thumbnail images out of the Mac OS X QuickLook thumbnails.data file. It’s the pendant to Microsoft thumbcache folder under Windows. http://az4n6.blogspot.ch/2016/10/quicklook-thumbnailsdata-parser.html…
OS X Artifacts Collection
Sean Cavanaugh of AppleExaminer.com put together a comprehensive list of OS X artifacts. Although the Excel spreadsheet is mainly based on OS X Lion, most of the paths a still valid. You can find the Excel spreadsheet here. Another good resource is the blog post on sud0man’s blog => link …
OSINT: Advanced Twitter Searches
Another popular social media platform which you should include in your online investigation (OSINT) is Twitter. Currently more than 500 million Tweets will be posted every single day. There are a few ways if you would like to collect information from a suspects Twitter profile. Twitter Advanced Search If you are interested in recent posts…
- ← Previous
- 1
- 2
- 3
- …
- 8
- Next →