I'll see if i can find a similar file on my system and write a parsing program... ... John Lehr Evidence Technician San Luis Obispo Police Department ...
3582
fornzix
Jun 14, 2012 8:14 pm
I updated to the most current version of log2timeline and that didnt work. It seems that it's not a normal index.dat history file. I've been told on another...
3581
fornzix
Jun 13, 2012 5:57 pm
Thanks for the quick response. I'll give it a try....
3580
Lehr, John
slopd4256
Jun 13, 2012 5:51 pm
Log2timeline (http://log2timeline.net/) will parse that file into a format of your choice. ... John Lehr Evidence Technician San Luis Obispo Police Department ...
3579
fornzix
Jun 13, 2012 5:45 pm
Good morning, I'm looking for a little direction. I'm having a heck of a time finding a program to parse an IEDownloadHistory index.dat file. EnCase,...
3578
AJ Duncan
mr.grimlock
Jun 10, 2012 7:13 pm
Hi. I am using Autopsy for the first time and have a problem. I have added a host with two dd files in it. I then click on the File Activity Time Lines link...
3577
Harry Duncan
usr.src.linux@...
May 27, 2012 10:12 am
In my experience, repartitioning doesn't delete any information other than the parition table, all your data is still on the drive and easily retrievable, and...
3576
S Jones
srobtjones
May 27, 2012 10:00 am
For the record, I don't care who you really are. This forum exists to ask questions and freely answer. Whatever anyone tells you here, including me, be sure to...
3575
Simson Garfinkel
simsongarfinkel
May 27, 2012 1:01 am
I am pleased to announce the release of tcpflow version 1.2.7 Version 1.2.7 offers two significant features over previous versions relating to the processing...
3574
Nathan Jordan
njordan27
May 25, 2012 2:53 pm
I'm going to go out on a limb here Jaack and say you're not a forensic specialist - you're terrified law enforcement are going to come crashing down around...
3573
Jack
montyw4700
May 25, 2012 1:55 pm
Dell inspiron 9200 HDD Unusable from person used linux to make hdd unusable repartitioning partially done 2 prevent discovery of info Tax & RICO. What's best...
3572
Harvey Rothenberg
forensic28sa
May 16, 2012 4:56 pm
To All, A six month experiment Dell is undertaking to design a notebook running open source software aimed at developers (as reported on the net as of May 11,...
3571
The Dog's Bollix
ISXPRO
May 15, 2012 2:28 pm
The following boot CD contains ext3grep which claims to have support for ext4: http://partedmagic.com/doku.php?id=start I've not had a need to test it or use...
3570
Greg Freemyer
gregfreemyer
May 10, 2012 1:33 pm
Here's more detail of the x-ways format: http://www.x-ways.net/investigator/evidence_file_container.html ... -- Greg Freemyer Head of EDD Tape Extraction and...
3569
Greg Freemyer
gregfreemyer
May 10, 2012 1:07 pm
All, X-ways is saying their new evidence container format, equivalent to a L01, is based on ntfs and should be easy for any tool to work with if they want to. ...
3568
simsongarfinkel
May 6, 2012 8:42 pm
(All positions involve the use and development of of open source computer forensics tools.) ...
3567
Simson Garfinkel
simsongarfinkel
May 5, 2012 7:38 pm
(All positions involve the use and development of of open source computer forensics tools.) ...
3566
Harry Duncan
usr.src.linux@...
May 5, 2012 3:56 pm
Hey Kern, When its a failed / failing drive, never use dd, always ddrescue / dd_rescue and a log file, and only as the last luxury step after you've already...
3565
The Dog's Bollix
ISXPRO
May 5, 2012 3:02 pm
Thanks for the pointers to the article. I don't have a failing drive. I was more interested in the technology than I was in any results it could provide. I've...
3564
kern
kern.uk@...
May 5, 2012 2:58 pm
Tony, For (linux based) data recovery use dd or a dd derivative like ddrescue / dd_rescue, and move data from the failing source to a known good target drive....
3563
Paul D. Bain
pauldbain
May 4, 2012 4:54 pm
... Tony, I suggest that you see this article: http://www.linuxjournal.com/article/7684 I also suggest that you read the readers' comments that are appended to...
3562
The Dog's Bollix
ISXPRO
May 4, 2012 10:16 am
Hello, Does anyone know of a linux based equivalent to this product: http://www.grc.com/sr/spinrite.htm or any tools that compare to it? Thanks in advance for...
3561
Harvey Rothenberg
forensic28sa
May 2, 2012 6:08 pm
Here is sort of some food for thought ... A French Proverb - "Old chickens make the best soup" and I am definitely getting up there ( over 45Â lol ) Or A...
3560
David Kovar
dkovar
May 2, 2012 1:16 am
Greetings, Access to the evidence isn't limited by proprietary forensic tools. The people collecting evidence can either use another tool to do the collection,...
3559
Simson Garfinkel
simsongarfinkel
May 2, 2012 12:31 am
It certainly sounds to me like Guidance has made Ex01 an open format. If it is more efficient than AFF4 and if there is an open source implementation, we...
3558
Daniel Walton
walton_daniel
May 1, 2012 11:14 pm
I agree. We need open formats, so that access to evidence isn’t limited by proprietary forensic tools. If only Guidance and Xway’s added support for AFFLIB...
3557
Harvey Rothenberg
forensic28sa
May 1, 2012 6:50 pm
Len : No, but it depends upon how you look at this. At this same time, I am trying to inform persons that I know and I feel are important to this issue to be...
3556
Simson Garfinkel
simsongarfinkel
May 1, 2012 11:56 am
http://nps.edu/Academics/Institutes/Cebrowski/Relationships/Employment-Opportunities.html Employment Opportunities Cebrowski Institute > Relationships ...
3555
Daniel Walton
walton_daniel
Apr 30, 2012 10:48 pm
Thanks for the update Harvey. Re “Guidance has published the specification for the format, and we have worked with 2 other developers who are currently...
3554
Harvey Rothenberg
forensic28sa
Apr 30, 2012 8:53 pm
Back To You - All : A Mr. Ken Basore from Guidance replied to my posting in another discussion group, here is what he said ( I have added some bolding and...
