This case it manager who cloned company hard drive is this evidence support my opinions?
What i sould understrand from this case
This case it manager who cloned company hard drive is this evidence support my opinions?
I guess it depends on WHAT exactly are your opinions. ?
Those entries are connected with Optional Packages of a PE 4.x/5.x
https://
Which may mean that on that machine the Windows 8/8.1 ADK has been installed or downloaded, but not much more.
jaclaz
thanks to feedback
what program did you use to recover those? =)
also those arent deleted hives, they are deleted KEYS.
To look for registy files, including deleted and badly damaged ones, you can use Belkasoft Evidence Center (http//
Here is a short video tutorial on how to do it, and what can be found
https://
also those arent deleted hives, they are deleted KEYS.
Well, sure, if you want to get all technical…
Nightworker,
You said "This case it manager who cloned company hard drive is this evidence support my opinions? What i sould understrand from this case"
Do you mean, "I am analyzing a forensic image of a computer of a former IT manager to determine if IT manager created a copy of the computer, possibly using some version of WindowsPE/FE to do it, before leaving the organization."?
This is forensics. our world is technical =)