In this article, we are going to learn how we can mount a forensic image in Windows Machine. There are multiple ways to accomplish this and tools like OSF Mount, Arsenal etc. will help us in this process. So, Let’s Start. Table of Content Introduction Why Mount an Image? Mounting Tools Mount Image Pro OSF […]
Forensic Investigation of Social Networking Evidence using IEF
In this article, we will learn about this amazing forensic tool called Magnet Internet Evidence finder (Magnet IEF) which is used to recover or extract evidence from the various data source of the system and then integrate them into a single case file for analysis and reporting. Table of Content Introduction Features of Magnet IEF […]
Multiple Ways to Create Image file for Forensics Investigation
In this article, we will learn how to capture the forensic image of the victim’s hard drives and systems to get help in the investigation. There are multiple ways to do that work and these tools will help us a lot in the process of an investigation so let’s start this process. Table of Content […]
Multiple ways to Capture Memory for Analysis
In this article we will be going to learn the how to capture the RAM memory for analysis, there are various ways to do it and let take some time and learn all those different circumstances call for a different measure. What is RAM? RAM is short for Random Access Memory. It is referred to […]
Digital Forensics Investigation through OS Forensics (Part 3)
In Part 2 of this article, we have covered Recent Activity, Deleted File Search, Mismatch File Search, Memory Viewer, and Prefetch Viewer. This article will cover some more features/ functionalities of OS Forensics. To Read Part 2 of this article click here. Raw Disk Viewer On a drive, file system files and directories generally store […]
Convert Virtual Machine to Raw Images for Forensics (Qemu-Img)
Introduction to Qemu-img for Virtual Disk Conversion This is a very handy little application. The QEMU team developed it. The software is very useful when dealing with virtualization, and you can find Qemu-img available for both Windows and Linux. You can change the format of a given virtual disk file to most of the popular […]
Digital Forensics Investigation through OS Forensics (Part 2)
In Part 1 of this article, we have covered Creating case, File Search and Indexing. This article will cover some more features/ functionalities of OS Forensics. For Part 1 if this article clicks here. Recent Activity Recent Activity feature allows an investigator to scan the evidence for recent activity, such as accessed websites, USB drives, […]
Digital Forensics Investigation using OS Forensics (Part1)
OSForensics from PassMark Software is a digital computer forensic application which lets you extract and analyze digital data evidence efficiently and with ease. It discovers, identifies and manages ie uncovers everything hidden inside your computer systems and digital storage devices. OSForensics is a self-capable and standalone toolkit which has almost all the digital forensics capabilities […]
Forensic Imaging through Encase Imager
Scenario: Competitors suspect Mr. X of selling his company’s confidential data, but without any evidence, they could not take any action against him. To get into reality and proof Mr. X guilty, the company has requested the forensic services and have come to know all the relevant data is present inside the desktop provided to […]
Forensic Data Carving using Foremost
Foremost carves data from disk image files; it serves as an extremely useful tool and is very easy to use. For the purpose of this article, we used an Ubuntu disk image file, and we repeated the process twice. The purpose of doing so was to see if Foremost can carve data out of incomplete […]