Collaborate Disseminate
If one uses a storage device (USB stick or SD card) on Windows, then it leaves "System Volume Information" folder in the file system. Would there be a way so a forensic guy could definitely tell on which computer the storage devi… Continue reading Could "System Volume Information" be used to find out on which system the storage was used?
If one formats the same USB stick (or SD card) to FAT32 file system on Windows, or on Linux, or on Android – would there be differences so a forensic guy could definitely tell on which OS or even on which specific machine the USB stick was… Continue reading Are there differences on how storages are formatted between different OS?
If one uses a micro SD card with a card reader on Windows, or on Linux, or on Android – would there be a way so a forensic guy could definitely tell on which computer the flash card was used by examining it?
I know OS can log which devices… Continue reading Which traces leave on a flash card after using it?
If one uses a micro SD card with a card reader on Windows, or on Linux, or on Android, would there be a way to forensically determine on which computer the card reader was used?
I know OS can log which USB devices was connected. As far as … Continue reading What traces are left on a flash card reader after using it?
If one uses a FAT32-formatted USB stick on Windows, Linux, or Android, would there be a way to determine on which computer the USB stick was used by examining the USB stick?
I know OS can log which USB sticks were connected. As far as I kn… Continue reading What traces are left on a USB stick after using it?
I am currently studying windows forensics and I have found that it would be advisable to image the drive while it is powered on and live. If you power it off, you likely will not be able to recover the keys. What would be the importance of… Continue reading Why is it advisable to capture a disk image before shutting down?
This is the third part of a forensics challenge in a European CTF, and it is apparently the most difficult one because only three people flagged it among 700 participating.
I’m only here for guidance on what could be done and only want an … Continue reading Is it possible to create an NTFS partition having only the $MFT and $J tables ? Forensics CTF
I was learning volatility and in this room in tryhackme they used psxview to find the hidden processes.
The assignment was,
It’s fairly common for malware to attempt to hide itself and the
process associated with it. That being said, we c… Continue reading How to identify hidden processes with volatility using psxview?
I was learning volatility and in this room in tryhackme they used psxview to find the hidden processes.
The assignment was,
It’s fairly common for malware to attempt to hide itself and the
process associated with it. That being said, we c… Continue reading How to identify hidden processes with volatility using psxview?
I was recently considering buying an Apple iPhone 13 Pro.
I like to ensure all of my devices are protected with passwords, having had a prior negative experience with a rogue organisation which could effortlessly crack my phone’s PIN code…. Continue reading Set password on iPhone 13? [migrated]