Simson (and all), I was looking at pyflag for 3 reasons: 1) I'm trying to create a set of well packaged forensic tools for opensuse (a fedora competitor). See...
Greg, None of these are good reasons for working with pyflag. The design is such that, without the original developer maintaining it, the program has no...
We're looking to incorporate carving into Autopsy 3. Obviously, we'd rather not build our own, but it's not looking good. For performance reasons, we want to...
Brian, What do you need in terms of carving? There's a lot to be said for creating a next-generation carver. We've even started speccing one out. Writing a new...
Hi Guys. I was recently doing some carving on network traffic. I found the text I was looking for in a 200mb dll file using photorec. I would be interested...
Are you running the carver on the raw traffic or are you reassembling it first? If you are not reassembling, I recommend looking at the new version version of...
Hi. I was running it on the reassebled traffic. I was content with the results, as I found what I was looking for, but I have more work to do in the coming...
Hey Simson, To be honest, we're looking for something simple at this point. Autopsy doesn't have any carving functionality to deal with unallocated space. A...
And I should also add that the best case scenario is that we could make a 'XYZ carving module' for carver XYZ that simply drops in and it improves as the...
Since we're on the subject of carving, I think a useful (optional?) first carving step would be to check consecutive blocks of data in unallocated to see if...
Brian, Can Autopsy use FUSE on Windows? If so, it could export a virtual disk of the unallocated sectors... ... [Non-text portions of this message have been...
Back To You: Dr. Carrier, I had forwarded your request to an associate of mine who is an IT Department Chair at ITT Technical Institute here in the Cleveland...
I'm pleased to announce the release of tcpflow version 1.4.0 beta 1 Key elements in 1.4.0 include: Completely rewritten TCP implementation that: * Handles TCP...
I would like to extend my appreciation to the writers of linux opensource software for digital forensics: In the last year the main names I can think of are...
... Please, let us not forget the fine, Italian police who create and distribute CAINE Ubuntu. These folks recently released a new version of CAINE: ...
... Ciao people... as far as I know The Italian Police Uses both Deft&Caine BUT No LEA never gave a single cent for its dev or distribution. What done so far...
All, frag_find is a hash-based carving tool. The current version didn't compile under current versions of Linux and was tied up in the NPS Bloom Filter...
The 4th Annual Open Source Digital Forensics Conference will be held on November 5, 2013 in Chantilly, VA. You are invited to submit a presentation or...
I've got a case where I need to find one specific email. It was sent via Apple Mail on a Mac about 6 months ago. It was deleted a couple months later. I'm...
All, In my case, bulk_extractor found about 90,000 rfc822 related fragments (or full emails). I then did a simple grep through those to find the specific...
Greg, I'm glad that you were able to do well with bulk_extractor. You might want to look at the User Interface. it would allow you to search for the email...
All, I guess we all know ARM cpu's are becoming a major factor and drive smartphones, pads, etc. You may not realize that motherboards and soon even servers...
Kali Linux, the successor to BackTrack 5, also has support for ARM and includes forensic and security tools. Here's a link in case you're interested: <Kali...
I've experimented with BackTrack 5, but I don't recall it having forensic tools? ie. imagers, log2timeline, registry parsers, etc. Is there a list of tools on...
Reminder that submissions are due May 1. As always, we're interested in presentations on new tools, old tools, user experiences, complaints about tools, etc. ...
We had more submissions to OSDFCon (http://www.osdfcon.org) this year than we have speaking slots. To make this a community effort, we're collecting feedback...
