ForensicAnalysis at Yahoo! Groups

FAU-1.3.0.2390 released for evaluation and testing.

rossetoecioccolato — Mon, 03 Aug 2009 23:10:18 GMT

FAU-1.3.0.2390 is released for evaluation and testing and may be downloaded from

Vmware ThinApp/Thinstall Is it Good or Bad?

nitinceh — Sun, 13 Jul 2008 21:50:02 GMT

Hi all, I found this new tool released by VMware, IS it good or Bad, from the forensics and IT-Security point of view? Need your comments! Read on! Application

Re: Cofee -- Analysis of the Forensic Thumb drive

Greg Kelley — Wed, 28 May 2008 19:13:08 GMT

I am not aware of what it does specifically, just aware of what it is at a higher level. -Greg ... From: ForensicAnalysis@yahoogroups.com

Re: Cofee -- Analysis of the Forensic Thumb drive

nitinceh — Wed, 28 May 2008 19:07:14 GMT

... Hello Greg, Thanks for your reply, I just wanted to know more insight of how does it crack the password's if the Desktop/Workstation is Locked. Is it done

Re: Cofee -- Analysis of the Forensic Thumb drive

Greg Kelley — Tue, 27 May 2008 13:30:24 GMT

From what I have learned, there is nothing "super secret" about this USB drive tool. All they did was create some scripts to automate the tools and processes

Re: Cofee -- Analysis of the Forensic Thumb drive

nitinceh — Sun, 25 May 2008 09:52:45 GMT

... Thanks rossetoecioccolato, I will do that, however i just thought may be from our group someone would have tried this. I am only concerned with the

Re: Cofee -- Analysis of the Forensic Thumb drive

rossetoecioccolato — Sun, 25 May 2008 05:15:36 GMT

Nitin, Why don't you try contacting the author directly. His name is Anthony Fung. You will find his email address towards the middle of this page:

Cofee -- Analysis of the Forensic Thumb drive

nitinceh — Sat, 24 May 2008 10:42:15 GMT

Hi All, I have just seen this on sites with the content on Microsoft giving away a thumb drive to LE Tech agents to acquire evidence from a live computer. this

Re: dcfldd and bad sectors

rossetoecioccolato — Sat, 24 May 2008 03:58:13 GMT

... [...] ... DDrescue with '-d' uses the O_DIRECT flag (unbuffered IO) that was introduced with Linux 2.4 kernels (google for "O_DIRECT"): int do_rescue() {

dcfldd and bad sectors

rossetoecioccolato — Fri, 23 May 2008 19:55:58 GMT

The following question originally arose over on another list: "Open source tools such as DCFLdd v1.3.4-1 can usually recover all data, with exception of the

FAU-1.3.0.2364(beta1) released for evaluation and testing.

rossetoecioccolato — Thu, 15 May 2008 03:19:29 GMT

FAU-1.3.0.2364(beta1) has been released for evaluation and testing and may be downloaded from http://www.gmgsystemsinc.com/fau/b9b651b7-

Re: Vista Restore Points and Recovery

Eric Klink — Tue, 15 Apr 2008 14:34:24 GMT

Yes, you are right. But my range of dates was nicely narrow. I seized the computer on Dec 7 2007. I had a report of pics as seen by a witness on Nov 28 2007.

Re: Vista Restore Points and Recovery

Greg Kelley — Tue, 15 Apr 2008 13:17:32 GMT

Eric, Correct me if I am wrong, but I believe EXIF data is placed inside of a file by the camera that creates the files and/or the application you use to

Re: Vista Restore Points and Recovery

Eric Klinkowski — Mon, 14 Apr 2008 19:57:27 GMT

I ended up making my case off of using EXIF data as evidence in this case. It was a child pornography case. I was unable to retrieve any MAC (modified accessed

Re: Vista Restore Points and Recovery

Eric Klink — Tue, 11 Mar 2008 18:55:44 GMT

ok thanks, that makes more sense. Greg Kelley wrote: You have to go beyond the index.dat files. NetAnalysis provides a utility that