Computer Forensics & Data Recovery has articles on a wide variety of subjects relating to Computer Forensics - Data Recovery, Computer Crime, Cryptography, Freeware Computer Forensic Toolkit.

 

Fresh Advice:

The most important part of your PC is your data. In the event of a serious system crash, you can usually restore the operating system and programs that you use, but your personal data may be lost. Although emergency data recovery options are available, these will tend to be costly and there is no guarantee that everything you want can be recovered. A better approach is to start a regular routine of backing up your important data.

 

Your data should be backed up as often as possible, It isn't necessary to back up your whole hard drive. Identify the folders that hold your important files and only back those folders up to save on storage space. To find out where your files are being stored, use "Save As" instead of just hitting "Save" when you create or update your files, and note the location the program is using to write your data.

Introduction

This report will closely examine the forensic tools needed for the investigation and analysis of digital media on a Windows platform. A tool will be included for all stages of the forensic process.

 

Imaging - DriveImage XML 1.20

DriveImage XML can backup logical drives and partitions to image files, browse these images, view and extract files, restore these images to the same or a different drive, copy directly from drive to drive Image creation uses Microsoft´s Volume Shadow Services (VSS), allowing safe images to be created even from drives currently in use. Images are stored in XML files, allowing them to be processed with third party tools. DriveImage XML runs under Windows XP Home, XP Professional and Windows Server 2003. The program will backup, image and restore drives formatted with FAT 12, 16, 32 and NTFS.

 

Alternative Data Streams (ADS) - Lads

Lads is a command driven tool that allows the user to view all ADS within a given NTFS directory. The program also show the ADS of encrypted files, even when the files were encrypted using a different version of Windows. Lads runs under Windows NT 4, 2000, XP, 2003 and Vista.

 

Hex Viewer/Editor & Data Recovery - WinHex

WinHex is a universal hexadecimal editor that can view/edit many different file types. This program has a directory browser that lists existing as well as deleted files and directories. This feature makes it easy for a forensic investigator to extract deleted files from a drive/image. There is an automatic recovery mode for FAT12, FAT16, FAT32, and NTFS drives called "File Recovery by Name" that simply requires the user to specify one or more file masks (like *.gif, John*.doc, etc.). WinHex can recover all files that can be recognized by a certain file header signature (e.g. JPEG files, MS Office documents). This element works on virtually all file systems.

 

Date/Time Stamps Decoder - DCode

This utility decodes the various date/time values found embedded within binary and other file types. During a forensic examination, an investigator may need to decode a date or verify the date provided to by forensic software.  Decode can take a decimal value or a HEX value and convert it into a date & time in a variety of formats.

 

Recycle Bin Analysis - Rifiuti

Many computer crime investigations require the reconstruction of a subject's Recycle Bin. Rifiuti was developed to examine the contents of the INFO2 file in the Recycle Bin. Rifiuti will parse the information in an INFO2 file and output the results in a field delimited manner so that it may be imported into a spreadsheet program.

 

String Searching - Strsrch

The program is designed to perform multiple string searches of files contained on a disk. Strsrch searches for any number of strings in every file on a drive, specific files, specific directories or disk images. This tool can search for Internet activity by performing searches on the strings normally associated with Internet activity such as http://www and ftp://ftp.

 

Internet Activity Analyser - TotalRecall

TotalRecall is a forensic analysis tool to reconstruct Microsoft Internet Explorer (MS IE) activity on a computer system. MS IE stores its Internet activity in index.dat files. These files are binary database files, which are used by Microsoft as the file type for storing several different sets of information. Included among these files are user data, Internet cookies, and Internet history storage. This program investigates: IE activity, IE history, IE cookie, IE favorites and user`s activity (recent files and folders, not erased temporary files). After processing, the information from the source is loaded into the appropriate table for analysis.

 

Password Recovery - LCP

LCP is a Password auditing and recovery tool for Windows NT/2000/XP/2003. Passwords are recovered by dictionary attack, brute force attack or a hybrid of dictionary and brute force attacks. This method is the most effective and can reveal almost any password.

 

ZIP Files Password Recovery - ZIP Password Recovery

Zip Password Recovery can recover lost passwords for zip archives. This tool uses a customisable brute force attack to recover passwords. Zip Password Recovery can also recover passwords when different passwords are used in one or more files in the archive. There is no limit to the length of the password to be recovered. Zip Password Recovery is very fast: more than 1,000,000 passwords per/sec on a standard PC. The program will run on Windows 9x, ME, NT and 2000.

 

Directory Report Generator - Disktective

This disk reporting tool can be used to trace used space within hard disks or directories. Disktective can generate directory tree reports detailing all files and folder within a given directory. This tool also has a pie chart generator to illustrate the file space allocated to each installed program and directory.

Freeware Forensic Tool Kit

DriveImage XML 1.20
Lads
WinHex
DCode
Rifiuti
Strsrch
TotalRecall
LCP
ZIP Password Recovery
Disktective

 

Cryptographic Methods - Posted on 10/1/2008

Computer Crime and Computer Forensics - Posted on 2/1/2008

The Freeware Forenic Toolkit - Posted on 6/12/2007

 

 

 

Sponsors

Links: