Collaborate Disseminate
I have just started trying to learn to do some basic forensics tasks to try to find data hidden in a file. I am specifically trying to find hashes hidden within files, but I have been unsuccessful and I am not sure how best to proceed (I k… Continue reading Identifying hidden hashes in files [closed]
Considering the metadata such as creation and modification datetimes of files in terms of computer forensics. If tampering of such metadata date information is expected, can Benford’s law be used to proof or disprove the act of metadata al… Continue reading Can Benford’s law be used for the purpose of detecting deviations in a file metadata dates?
I have a question about sender IP address that is written in email headers.
If we know that this IP is not correct and valid (it means email was sent with using VPN)
Is there any method to find out the real IP address of sender from anoth… Continue reading Real IP address of the sender [duplicate]
I have been reading about the chain of custody in cybersecurity-related forensics and I wonder how you can be so sure the forensic scientist made their job right and they are not a malicious actor.
I have a specific scenario in mind, let’s… Continue reading How can you trust a forensic scientist to have maintained the chain of custody?
If you’ve ever watched CSI, you’ll know that suspects frequently leave incriminating traces of their DNA behind at crime scenes. According to a recent study, however, the telltale amount of that genetic material could also point to a person’s guilt or … Continue reading Your “DNA-shedder” status could be crucial in crime scene investigations
Following some suspicious activities on my PC, and also out of a general interest, I would like to expand my knowledge in IT forensics.
This quickly makes one aware of the complexity of the subject, and also how vague and elusive it feels … Continue reading What types of events in ProcMon are malicious?
Assuming a disk was full-disk encrypted using Bitlocker and the partition table is corrupted or entirely missing. Is it possible in any way to recover from this, given that the original Bitlocker password and Bitlocker recovery key are ava… Continue reading Is it possible to repair a corrupted partition table of a Bitlocker encrypted disk? [migrated]
Background: A Bitlocker encrypted hard disk (5TB WD Elements HDD USB) was accidentally wiped partially using the wiping tool Eraser Classic Portable (using the US DoD 7 passes method). The wiping only went on for a few minutes (max. 5 min… Continue reading How to properly determine if an Bitlocker encrypted disk has a corrupted partition table? [migrated]
I have a situation where I have access to a huge list of Bitlocker recovery keys but only the combination of the identifier (GUID) and recovery key are available. However the disk in question is corrupted and I don’t know which identifier … Continue reading How to identify a GUID of a corrupted Bitlocker disk in order to find the corresponding Bitlocker recovery key? [migrated]
I am wondering if it is possible to use flats or some other method to remove PRNU (and, if possible, other device or model specific identifiers) from smartphone images, due to privacy concerns. I would like to find a simple application to … Continue reading How to remove PRNU from smartphone photos?