±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36312
New Yesterday: 0 Visitors: 247

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Snagit Information

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

BattleSpeed
Member
 

Snagit Information

Post Posted: Mar 28, 11 21:59

If you're examining a system with Snagit (Tech Smith's popular capture software) installed, you might want to see if images, etc. you find have come from Snagit.

If so, Snagit automatically attaches date/time/URL and other tagging information to a capture, so assuming that you're working with a bootable image, it might be worth running Snagit to see what information it offers. You can search Snagit captures in various ways, and you can click "tags" on the top menu to see the tags that Snagit has associated with those screen captures.

I would imagine that the greatest forensic value of this information would likely be confirmatory, i.e. in conjunction with other evidence that certain websites were visited, and when. Also, I would think (logically) that the fact that a capture had been performed on a website would argue against the defense that someone visited the site "accidentally", "a bot did it", etc. Also, since users can create their own categories, keywords, etc. this information might provide invaluable additional insight into the user's mindset, intentions, interest, etc.

Incidentally, by default Snagit stores every capture it takes!

Here's a brief video on this function in Snagit:

www.techsmith.com/lear...efault.asp  
 

Page 1 of 1