±Your Account
Membership:
New Today: 4
New Yesterday: 9
Overall: 24209
Visitors: 50±Latest Webinar
±Latest Articles
· Android Forensics
· Geo-tagging & Photo Tracking On iOS
· KS – an open source bash script for indexing data
· Mobile Device Geotags & Armed Forces
· Categorization of embedded system forensic collection methodologies
· Interpretation of NTFS Timestamps
· What are ‘gdocs’? Google Drive Data – part 2
· What are ‘gdocs’? Google Drive Data
· Bad Sector Recovery
· Forensic Artifact: Malware Analysis in Windows 8
· Geo-tagging & Photo Tracking On iOS
· KS – an open source bash script for indexing data
· Mobile Device Geotags & Armed Forces
· Categorization of embedded system forensic collection methodologies
· Interpretation of NTFS Timestamps
· What are ‘gdocs’? Google Drive Data – part 2
· What are ‘gdocs’? Google Drive Data
· Bad Sector Recovery
· Forensic Artifact: Malware Analysis in Windows 8
±Follow Us
±Latest Jobs
Back to top
Skip to content
Skip to menu
Back to top
Back to main
Skip to menu
Search found 86 matches
Re: Finding evidence of a copy to external USB (GREP help)
Posted: Tue May 14, 2013 4:44 am
[quote="keydet89"]Do you have a URL for that quote?[/quote]
I don't remember where that fragment was snipped from, but here's the prooflink:
http://msdn.microsoft.com/en-us/library/windows/desktop/b ...
I don't remember where that fragment was snipped from, but here's the prooflink:
http://msdn.microsoft.com/en-us/library/windows/desktop/b ...
- Belkasoft
- Topic: Finding evidence of a copy to external USB (GREP help)
- Replies: 12
- Views: 1428
Re: Finding evidence of a copy to external USB (GREP help)
Posted: Mon May 13, 2013 1:16 pm
Normally, Windows 7 will not index USB drives. Quote: "Windows Search 4.0 (installed on Windows XP) can index removable drives, but Windows 7 (which uses Windows Search 4.0) cannot because the USB dev ...
- Belkasoft
- Topic: Finding evidence of a copy to external USB (GREP help)
- Replies: 12
- Views: 1428
Re: Finding evidence of a copy to external USB (GREP help)
Posted: Mon May 13, 2013 6:56 am
Technically, copy operations are not logged in Windows. Granted, if you copy a file between two NTFS volumes, you may get something by analyzing the transaction log file; however, this won't be availa ...
- Belkasoft
- Topic: Finding evidence of a copy to external USB (GREP help)
- Replies: 12
- Views: 1428
Re: Finding evidence of a copy to external USB (GREP help)
Posted: Mon May 13, 2013 3:52 am
Assuming a Windows OS, you won't be able to find a log of if or what's been copied. The only history information available in Windows is a fact that a certain USB device (with its unique ID) was conne ...
- Belkasoft
- Topic: Finding evidence of a copy to external USB (GREP help)
- Replies: 12
- Views: 1428
Re: Trying to gather evidence from chat fragments in pagefil
Posted: Mon May 13, 2013 2:35 am
[quote="Dewald"]Can you tell me what the usual results you get from that software look like? Will there be any reference to the account-email or time reference for the chat fragments?[/quote]
The r ...
The r ...
- Belkasoft
- Topic: Trying to gather evidence from chat fragments in pagefile
- Replies: 5
- Views: 1077
Re: Analysis Question
Posted: Mon May 06, 2013 3:34 am
Please PM me if you'd like to receive a copy of our (unfinished) whitepaper on detecting malware with Windows Debugger scripts. Specifically, we're describing various things that are "suspicious" in t ...
- Belkasoft
- Topic: Analysis Question
- Replies: 4
- Views: 818
Re: Trying to gather evidence from chat fragments in pagefil
Posted: Mon May 06, 2013 3:30 am
You might be better off by using a specialized tool like ours. Belkasoft Evidence Center (Pro and Ultimate editions) include the ability to carve page and hibernation files as well as live memory dump ...
- Belkasoft
- Topic: Trying to gather evidence from chat fragments in pagefile
- Replies: 5
- Views: 1077