Loading ...
Sorry, an error occurred while loading the content.

Messages List

9753

Re: deleted email analysis

Before relying on the modification date, I would first perform some testing. I know that with respect to PST files, emails can have both their create date and
Greg Kelley
Aug 3
#9753
 
9752

deleted email analysis

I'm doing some analysis on deleted email in FTK. I've pulled the .ost file from the system and wanting to get some metrics on the number of days the emails
bbelton1996
Jul 31
#9752
 
9751

OSDFCon Program is Up

The crowd sourcing for the Open Source Digital Forensics Conference (OSDFCon) agenda finished earlier in the month and the results are now up. We’re going to
Brian Carrier
Jul 30
#9751
 
9750

Determine file length from header in .264 files.

I am carving .264 video files from a QSEE DVR and using 6D-64-76-72-39-36-6E at offset 80 as the header. Has anyone any insight to identifying the file length?
theinspectaneck
Jul 24
#9750
 
9749

Upcoming Conferences/Workshops and Calls for Papers

All, Just a reminder that a maintained list of Calls for Papers and Conferences/Workshops of interest to the digital forensics community is maintained on the
Baker, Dave
Jul 20
#9749
 
9748

Volatility at Black Hat!

The Volatility team will be participating in a number of events at Black Hat this year, and we hope to see many of you there. This includes a book signing,
Andrew Case
Jul 15
#9748
 
9747

CALL FOR PAPERS - DFRWS-EU-2016 - Lausanne, Switzerland

The DFRWS EU 2016 conference will be held in Lausanne, Switzerland from March 30th to April 1st, 2016. http://www.dfrws.org/2016eu The DFRWS is dedicated to
Baker, Dave
Jul 9
#9747
 
9746

AAFS DMS 2015 Announcement for Abstracts!

Colleagues, If you have not already heard, AAFS is still accepting abstract submission for the conference in Las Vegas, NV scheduled for February 22-27, 2016
BROTHERS, SAM
Jul 1
#9746
 
9745

Call for Participation - DFRWS USA 2015

DFRWS USA 2015 will be held August 9-13, 2015 at the Hyatt Regency Philadelphia at Penn's Landing, in Philadelphia, PA, USA http://www.dfrws.org/2015 The DFRWS
Baker, Dave
Jul 1
#9745
 
9744

Re: Volatility help

Thanks for the help on this all….swamped this week, but will dig more and post my findings when I get a few. James From: win4n6@yahoogroups.com
    Lay, James
    Jun 22
    #9744
    This message has attachments
    9743

    Re: Volatility help

    Cool Dave Sent from my iPhone Dnardoni@... ... Cool Dave Sent from my iPhone Dnardoni@... On Jun 19, 2015, at 12:50 PM, 'Lay, James'
    Dave Nardoni
    Jun 19
    #9743
     
    9742

    Re: Volatility help

    Thank you Dnardoni….that was TOTALLY helpful. I can now see my file: process.0xfffffa800f7632d0.0xf0000.dmp from my malfind Process: svchost.exe Pid: 5808
    Lay, James
    Jun 19
    #9742
     
    9741

    Re: Volatility help

    James make sure you run ascii and unicode strings on your exported files cmds on linux strings -a -td [sample] > out.txt strings -a -el td [sample] >> out.txt
      dnardoni
      Jun 19
      #9741
      This message has attachments
      9740

      Re: Volatility help

      1) procmemdump is now just procdump in 2.4 2) memdump output will be large as its all pages accessible by the process and the process's view of the kernel
      Andrew Case
      Jun 19
      #9740
       
      9739

      Re: Volatility help

      So more on this. I had the drive image and found the file that was doing this, it’s actually cryptowall (safe link below)
        Lay, James
        Jun 19
        #9739
        This message has attachments
        View First Topic Go to View Last Topic
        Loading 1 - 15 of total 9,753 messages