win4n6 at Yahoo! Groups

Public Beta announcement for the NTFS TriForce

hecfblog — Thu, 23 May 2013 03:16:36 GMT

Hello!, Long time reader first time caller. I am realasing our NTFS parsing tool for public beta that creates a unified view of parsed output from the

Re: New wrapper script for RegRipper

Giuseppe Specchio — Wed, 22 May 2013 14:03:17 GMT

Ok, by means administrative privileges it's running! Cordiali saluti, Giuseppe Specchio Digital Evidence Specialist Personal Blog: Thinking in Forensics

Re: Exchange Sever sending spam

Jonathan Zahler — Wed, 22 May 2013 13:45:49 GMT

Ben, I really appreciate that advise, I'll check it out. Thanks, Jonathan ... -- Thank You, Jonathan

Re: New wrapper script for RegRipper

Corey Harrell — Wed, 22 May 2013 12:28:35 GMT

Took some personal time from work this morning and tracked down the issue. The issue has to do with the way the command is entered. Short answer, drop the

Re: New wrapper script for RegRipper

Corey Harrell — Wed, 22 May 2013 11:36:00 GMT

Found the issue. It has to do with the -c switch. Good catch and I'll look into the code later this morning. To get around the issue you can drop the -c all

Re: New wrapper script for RegRipper

keydet89 — Wed, 22 May 2013 11:25:06 GMT

Corey, Thanks for posting this, and the blog post, as well. After reading the blog post, I would be interested to hear other's thoughts as to your "why" (as

Re: New wrapper script for RegRipper

Corey Harrell — Wed, 22 May 2013 11:24:47 GMT

I'm having trouble replicating the issue you are seeing. I did the following: On Windows 7 system without Perl installed I fired up FTK Imager 3.something. I

Re: PST email Listing

Edgar — Wed, 22 May 2013 10:20:14 GMT

We also verify whatever these tools give us back. We make sure everything is repeatable and try to accomplish the same result using a secondary method and

Re: Live CD with dcfldd and no auto mount

Stefan Kelm — Wed, 22 May 2013 08:26:17 GMT

Andrew, ... same over here. Have successfully been using the different USB versions (NBCAINE) for quite some time now. Cheers, Stefan. -- Stefan Kelm

Re: New wrapper script for RegRipper

Giuseppe Specchio — Wed, 22 May 2013 07:31:04 GMT

By means of FTK I acquired the hive files and I stored them in a temporary folder Windows-Analysis\System\Registry\RegRipper>cd Example

Re: Exchange Server sending spam -- Because cracked?

Susan Bradley — Wed, 22 May 2013 06:47:35 GMT

If you have exhausted your resources, I'd recommend calling 1-800-microsoft and asking for a Windows online forensic analysis tool or WOLF. Ask for a Security

Re: Live CD with dcfldd and no auto mount

Giuseppe Specchio — Wed, 22 May 2013 06:38:37 GMT

Try with Deft (http://www.deftlinux.net/download/) Best Regards, Giuseppe Specchio Digital Evidence Specialist Personal Blog: Thinking in Forensics

Re: Live CD with dcfldd and no auto mount

Paolo Dal Checco — Wed, 22 May 2013 05:25:37 GMT

You might try DEFT Linux as well: it does support USB3, no automount. Paolo -- Dr. Paolo Dal Checco, Consulente Informatico Forense

Re: New wrapper script for RegRipper

David Nides — Wed, 22 May 2013 04:18:22 GMT

Nice work as usual Corey. Thank you.

Re: PST email Listing

Wed, 22 May 2013 03:11:10 GMT

Thank you for the detailed discussion. This is not a criminal case. My normal procedure is to verify any data exported. thanks again.