Friday, October 11, 2024

Good to be back! After a decade

EnCase Forensic version 24 excites me!

at No comments:

Wednesday, May 22, 2013

TeamViewer Log File | EnScript

You don't need any specialized software to parse the TeamViewer Log File. It's just an text file, "notepad.exe" and human interpret is far enough to analyze .

If you like to know more about TeamViewer Artifacts, here is the best link. Click here. Its speaks more about the understanding of log file, and data in Registry hives.

If you are an EnCase user , and your not interested in exporting log file in old way, you can use my EnScript which is exactly an click away. Download Here
at No comments:

RegRipper Supporting Files | EnScript

This is how it starting, RegRipper is not registry hive viewer.

Registry Analysis with RegRipper was always good for me. Apart from waiting for the end of status bar in EnCase, RegRipper does so fast - some forensicator use RegRipper for the cross check purpose.

This is just like the previous post of mine, this script export the RegRipper supporting files which can be useful for Clickers.

And here is the EnScript., Download Here.

After the export is over you can use RegRipper to parse the data. Download Here
at 4 comments:

Tuesday, May 21, 2013

Volume Shadow Copies EnScript

Its been a long time after my previous post.

Today I was following #ceic @ twitter for things happening around there. Something interesting got into , that's "Volume Shadow".

As most of us know it available in NTFS filesystem,only. If you were interested in knowing the basic of Volume Shadow, click here.

LibShadow can be use to parse the Volume Shadow supporting files. You can download the beta version click here

How to use LibShadow?

youtube is the best player for most of us.

To get all the supporting files, I have written an small EnScript which can help you to get copy from the E01 or RAW from EnCase software.

Download EnScript

Hash value is computed for each supporting file as addon forensic feature, hahahah...!
at No comments:

Monday, August 27, 2012

Save Energy | Monitor


That was really a long time, I have posted something useful[hope you don’t mind].


I was using an CRT Monitor for the past 5 Years , which consumed an energy which emitted heat on my face. Which took ample amount of electric power for its usage, and most of the time I don’t off my monitor when I have an break – so technology took more energy[Indirectly I wasted].I was having mind of that for long time, where I can’t help. On the other hand, my PC also taking more electric power compared to laptop. Somewhere in my Mind it was registered that no to PC and CRT.

So, now I got laptop and an LCD Monitor, which takes 1/3 power compared to older technology and I don’t need to invest in UPS, for backup. And I was haunting Google for Monitor optimiser of human error, to my surprise I got this, MonitorES - Monitor Energy Saver v1.0.1b , it do’s magic in saving electric energy. I’m trying my best to save energy and trying to go green and recycle, and making surrounding plastic free.
at No comments:

Wednesday, July 11, 2012

Data Seg & Tally Export

Greeting to visitors,


Today I gonna upload you two updated EnScript which I used to call them as (a)Data Seg and (b)Tally Export. The GUI of both resembles the same, but the background work was much sophisticated and differ from each other in more area, and the end result will be pakka[super correct].

You can download both from here..

 1. Data Seg
2. Tally Export - email me for more info

If you got any query email me
at No comments:

Tuesday, October 11, 2011

EnCase v6 Condition for EnCase v7

Greeting to all,

EnCase v6 was History , EnCase v7 now changes the digital investigation GUI i.e., browser like Graphical Interface.. and that's really awesome.

But I have no idea, why EnCase v7 developer's dropped v6 Conditions.For that positive note EnCase v7 developer's made options to create their own Condition, called EnCondition.No problem, you can download "EnCase v6 Condition for v7" and use, investigate, filter the needed files for investigation and more

Download the attached file, decompress it with 7zip. Please paste the decompressed folders to C:\Users\<UserName>\Documents\EnCase\Condition , if you made default installation...

How to EnCase v6 Condition for EnCase v7



at No comments:

Thursday, October 6, 2011

Steve Jobs - Apple's Visionary, Dies At 56

Steve Jobs — the man who brought us the iPhone, the iPod and the iMac — has died. The co-founder of Apple was 56 years old. Jobs had been battling a rare form of pancreatic cancer for years.

"It boggles the mind to think of all the things that Steve Jobs did," says Silicon Valley venture capitalist Roger McNamee, who worked with Jobs.

McNamee says that in addition to introducing us to desktop publishing and computer animated movies, Jobs should be credited with creating the first commercially successful computer.

"Any one of those would have qualified him as one of the great executives in American history," McNamee says, "the sum of which put him in a place where no one else has ever been before. To me he is of his era what Thomas Edison was to the beginning of the 20th century."

Jobs was just 21 when he co-founded Apple Computer in his garage in Cupertino, Calif., in 1976. The following year, when Jobs and his partner, Steve Wozniak, released the compact Apple II, most computers were big enough to fill a university basement or came from do-it-yourself kits for hobbyists with soldering irons.



"It made Apple the biggest computer manufacturer in the nascent computer industry," says Leander Kahney, author of Inside Steve's Brain.

But in 1981, Apple got its first taste of serious competition, when IBM released its own personal computer. IBM had the advantage of a well-known, trusted name, and Jobs — a California boy — loathed the kind of conformist East Coast culture it represented.

So he countered with the Macintosh, the first computer to feature a mouse, pull-down menus and icons — thus eliminating the command-line interface.

"Jobs' idea was that we'll make it easy enough that anybody can do it ... a grandmother, a kid, people who don't have any experience," Kahney says. The Mac was an example of the kind of product that would come to define Jobs' entire career: easy-to-use computers.

That's the message Jobs sent to millions when he released the Mac in 1984. In an ad that aired once during the Super Bowl, a woman dressed in brightly colored shorts runs into a room of gray-looking people and throws a sledgehammer at a screen where Big Brother — read IBM — is talking. The minute-long reference to George Orwell's 1984 became one of the most famous television commercials of all time.

It also illustrated Jobs' belief that computers were tools to unleash human creativity. In an interview for the 1996 PBS documentary Triumph of the Nerds, Jobs said, "Part of what made the Macintosh great was that the people working on it were musicians and poets and artists and zoologists and historians who also happened to be the best computer scientists in the world."

In many ways Jobs was the poet of the computer world. He'd gone to India and become a Buddhist. He took LSD and believed it had opened his mind to new ways of thinking.

But Jobs' iconoclastic ideals did not always make him easy to work with.

"He was just a terrible manager and a terrible executive," says Trip Hawkins, the marketing director of Apple until 1982. "At that point in time I never really thought that he could be a CEO."

Jobs was eventually fired in a 1985 boardroom coup led by John Sculley — the man Jobs himself had hired to be CEO of Apple. But Jobs was driven to make computers vehicles for creativity, and after he left Apple, he purchased a little-known division of Lucas film and renamed it Pixar.

In 1995, Pixar released the first animated feature to be done entirely on computers. That film, Toy Story, was a huge success, and Pixar followed it with other big hits including Monsters, Inc., The Incredibles and Finding Nemo.

But Apple didn't exactly thrive in the years after Jobs' departure. With less than 5 percent of the computer market in its possession and analysts predicting the company's demise, the board invited Jobs to come back and run his old business.

In 1998, as interim CEO of Apple, Jobs introduced the iMac and once again helped remake the computer industry. According to venture capitalist McNamee, the iMac was the first computer made to harness the creative potential of the Internet.

"The iMac reflected the transition of consumers from passive consumption of content to active creation of entertainment," McNamee says. "People could write their own blogs, make their own digital photographs and make their own movies. Apple made all the tools to make that easy and they did at a time when Microsoft just wasn't paying attention."

Three years after the iMac, Jobs announced Apple's expansion into the music industry with a breakthrough MP3 player — the iPod.

"This is not a speculative market," he said as he introduced the iPod in 2001. "It's a part of everyone's life. It's a very large target market all around the world."

The iPod was a classic Jobs product — easy to use and nice to look at. Apple sold tens of millions of iPods, and the iTunes store became the No. 1 music retailer.

Six years later, Apple released the iPhone — a device whose elegance and user friendliness blew other phone/music players out of the water.

In 2010, Apple created yet another groundbreaking device with the introduction of the iPad. With its color touch-screen, the tablet gave users the ability to surf the Web, send e-mail, watch videos and read e-books.


Book publishers weren't the only ones to embrace the new tablet. A host of magazines, newspapers and broadcast news organizations, including The New Yorker, The Wall Street Journal and NPR, created iPad-specific apps that helped showcase stories — and images — in a tabloid-style layout.

And in January 2011, Apple reached a milestone by surpassing 10 billion downloads from its App Store — a sign of just how popular the company's devices have become with consumers.

"Simplifying complexity is not simple," says Susan Rockrise, a creative director who worked with Jobs. "It is the greatest, greatest gift to have someone who has Steve's capabilities as an editor and a product designer edit the crap away so that you can focus on what you want to do."

Rockrise believes Jobs touched pretty much anyone who has ever clicked a mouse, sent a photo over the Internet, published a book from a home computer or enjoyed portable music or a computer-animated movie.

She says they all have Jobs to thank for making it happen.

LINK to original story by Laura Sydell @ www.npr.org 
at No comments:

Sunday, September 11, 2011

Year Segregation 2005 - 2011

Greeting to all after some long time...

Because of So and So...

This Small Script came to life, coz of client direct requirement..

This EnScript helps you to segregate depending on the year vice... From 2005 to 2011...

File Types supported are Documents, Excel, PDF, Compound File, DataBase File .......


Hope you all Enjoy via Automation on day to day life...

If you have any probe let me know and help you...




Download Here
at No comments:

Saturday, August 6, 2011

Digital Forensic Search


The following is the listing of sites indexed by the Digital Forensic:

Its worth of sharing...

Blogs

A Fistful of Dongles  http://ericjhuber.blogspot.com/
A Geek Raised by Wolves  http://jessekornblum.livejournal.com/
A Renaissance Security Professional  http://renaissancesecurity.blogspot.com/
An Eye on Forensics  http://eyeonforensics.blogspot.com/
American Destroyer http://megadeus.com/
appointments-uk  http://appointments-uk.blogspot.com/
Blog Matt Churchill  http://mattchurchill.net/blog/
Bradley Schatz on the intersection of technology and the law http://blog.schatzforensic.com.au/
cci  http://cci.cocolog-nifty.com/blog/
Cellular.Sherlock - Mobile Forensics from the front lines  http://blog.csvance.com/
CnW Recovery  http://cnwrecovery.blogspot.com/
Codeslack  http://codeslack.blogspot.com/
Computer Forensic Blog  http://computer.forensikblog.de/en/
Computer Forensic Source  http://forensicsource.blogspot.com/
Computer Forensics and IR - What's New  http://newinforensics.blogspot.com/
Computer Forensics, Malware Analysis & Digital Investigations  http://www.forensickb.com/
Computer Forensics-E-Discovery Tips-Tricks and Information  http://cfed-ttf.blogspot.com/
ComputerForensicSource.com  http://www.computerforensicsource.com/
copgeek018  http://copgeek018.wordpress.com/
Crucial Security Forensics Blog http://crucialsecurityblog.harris.com/
CSITech - Computer Forensics  http://nickfurneaux.blogspot.com/
CyberSpeak's Podcast  http://cyberspeak.libsyn.com/
Dancho Danchev's Blog - Mind Streams of Information Security Knowledge http://ddanchev.blogspot.com/
Derek Newton « Information Security Insights http://dereknewton.com/
Digital Forensic Source  http://www.digitalforensicsource.com/
Digital Forensics Blog  http://digiforensics.blogspot.com/
Digital Forensics Solutions  http://dfsforensics.blogspot.com/
Ex Forensis  http://exforensis.blogspot.com/
FireEye Malware Intelligence Lab  http://blog.fireeye.com/research/
Forensic 4cast  http://www.forensic4cast.com/
forensic . seccure . net  http://seccure.blogspot.com/
Forensic Artifacts  http://forensicartifacts.com/
Forensic Computing — Digital forensics from the view of a computer scientist http://www.forensicblog.org/
Forensic Incident Response  http://forensicir.blogspot.com/
Forensic Photoshop  http://forensicphotoshop.blogspot.com/
Forensicaliente - because digital forensics is "hot"  http://forensicaliente.blogspot.com/
Forensics from London  http://forensiccontrol.blogspot.com/
Forensics from the sausage factory  http://forensicsfromthesausagefactory.blogspot.com/
Geoff Black's Forensic Gremlins - Everything that gives you fits in Digital 
Girl, Unallocated  http://girlunallocated.blogspot.com/
GPS Evidence Tracking Issues http://gpsevidence.blogspot.com/
Forensics and E-Discovery  http://www.geoffblack.com/
Hacking Exposed Computer Forensics blog http://hackingexposedcomputerforensicsblog.blogspot.com/
Happy As A Monkey  http://happyasamonkey.wordpress.com/
integriography A Journal of Broken Locks, Ethics, and Computer Forensics http://integriography.wordpress.com/
Internet Storm Center Diary  http://isc.sans.edu/
IR and forensic talk  http://blog.kiddaland.net/
Journey into Incident Response  http://journeyintoir.blogspot.com/
Mark Morgan http://markmorgan47.wordpress.com/
Matthieu Suiche’s blog ! - Happiness only real when shared.  http://www.msuiche.net/
McGrew Security Blog  http://www.mcgrewsecurity.com/
MNIN Security Blog  http://mnin.blogspot.com/
Mobile Device Forensics  http://mobileforensics.wordpress.com/
Mobile Forensics Inc Blogger  http://blog.mobileforensicsinc.com/
Mobile Telephone Evidence  http://trewmte.blogspot.com/
Post Humorous  http://www.posthumorous.com/
Push the Red Button  http://moyix.blogspot.com/
RAM Slack – Random Thoughts from a Computer Forensic Examiner http://ramslack.wordpress.com/
The Cave  http://cyb3rdaw6.harpermountain.net/
The Digital Standard  http://thedigitalstandard.blogspot.com/
The Last Line of Defense  http://blog.tllod.com/
trustedsignal -- blog  http://trustedsignal.blogspot.com/
Unmask Parisites blog  http://blog.unmaskparasites.com/
volatility Advanced Memory Forensics  http://volatility.tumblr.com/
Websense Security Labs  http://community.websense.com/blogs/securitylabs/
Windows Forensic Environment  http://winfe.wordpress.com/
Windows Incident Response  http://windowsir.blogspot.com/
Zscaler  http://research.zscaler.com/

Websites

Brian Carrier Digital Investigation - Forensics and Evidence Research  http://www.digital-evidence.org/
Computer Crime & Intellectual Property Section US DOJ http://www.justice.gov/criminal/cybercrime/
Computer Forensics Miscellany  http://computerforensics.parsonage.co.uk/
Craig Gall Helping Lawyers Master Technology  http://www.craigball.com/
DFRWS (Digital Forensics Research Conference)  http://www.dfrws.org/
Digital Forensics Magazine supporting the professional computer security industry http://www.digitalforensicsmagazine.com/
ENSIA CERT  http://www.enisa.europa.eu/act/cert/
E-Evidence Information Center - Home  http://www.e-evidence.info/
FIRST - Improving security together  http://www.first.org/
Forensic Focus  www.forensicfocus.com/
Forensic Magazine Issues  http://www.forensicmag.com/current-issue/
Forensics Wiki  http://www.forensicswiki.org/
Inside the registry  http://www.insidetheregistry.com/regdatabase/
International Journal of Digital Evidence on Utica College http://www.utica.edu/academic/institutes/ecii/ijde/
Into The Boxes  http://intotheboxes.wordpress.com/
Lenny Zeltser  http://zeltser.com/
log2timeline  http://log2timeline.net/
Mobile Forensics Central  http://www.mobileforensicscentral.com/
National White Collar Crime Center  http://www.nw3c.org/
Network Forensics Puzzle Contest  http://forensicscontest.com/
NIST Computer Security Division Special Publications  http://csrc.nist.gov/publications/nistpubs/
Open Source Digital Forensics  http://www2.opensourceforensics.org/
SANs Computer Forensics  http://computer-forensics.sans.org/
SANS InfoSec Reading Room - Forensics http://www.sans.org/reading_room/whitepapers/forensics/
SANS InfoSec Reading Room - Incident Handling http://www.sans.org/reading_room/whitepapers/incident/
SANS InfoSec Reading Room - Malicious Code http://www.sans.org/reading_room/whitepapers/malicious/
SANS InfoSec Reading Room - Steganography http://www.sans.org/reading_room/whitepapers/stenganography/
Small Scale Digital Device Forensics Journal  http://www.ssddfj.org/
SWGDE  http://www.swgde.org/
The Honeynet Project Challenges  https://www.honeynet.org/challenges/
Welcome AppleExaminer  http://www.appleexaminer.com/

Webpages

AuSCERT Forming an Incident Response Team  http://www.auscert.org.au/render.html?it=2252&cid=1938
Cybercrime.gov searching and seizing manual http://www.cybercrime.gov/ssmanual/index.html
Daubert v. Merrell Dow Pharmaceuticals  http://www.law.cornell.edu/supct/html/92-102.ZS.html
Default Processes in Windows 2000  http://support.microsoft.com/kb/263201
Digital Evidence: Standards and Principles http://www2.fbi.gov/hq/lab/fsc/backissu/april2000/swgde.htm
Digitalcorpora Disk Images  http://digitalcorpora.org/corpora/disk-images/
FileSignatures Table  http://www.garykessler.net/library/file_sigs.html
Forensically interesting spots in the Windows 7, Vista and XP file system and registry (and anti-forensics)  http://www.irongeek.com/i.php?page=security/windows-forensics-registry-and-file-system-spots
Microsoft Windows XP - Default settings for services http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sys_srv_default_settings.mspx?mfr=true
QQIS Whitepapers  http://www.qccis.com/resources/whitepapers
RFC 3227 - Guidelines for Evidence Collection and Archiving  http://www.rfc-archive.org/getrfc.php?rfc=3227
SEI Handbook for Incident Response Teams http://www.sei.cmu.edu/library/abstracts/reports/03hb002.cfm
Windows 7 Default Services and Suggested Startup Mode http://www.windowsnetworking.com/articles_tutorials/Windows-7-Default-Services-Suggested-Startup-Mode.html

Groups

Yahoo Win4n6 Group  http://tech.groups.yahoo.com/group/win4n6/
Yahoo Linux Forensics Group  http://tech.groups.yahoo.com/group/linux_forensics/ 


at 1 comment:
Subscribe to: Comments (Atom)