Understanding Email Headers in Digital Forensics
Emails are an integral part of modern communication, serving as both a personal and professional lifeline. Behind the scenes of every...
top of page
-
Apr 232 min read
Analyzing Email Structures and Forensic Challenges
Emails, a ubiquitous form of communication in the digital age, hold a treasure trove of information for forensic investigators....
51 views0 comments
-
Apr 222 min read
Understanding the Email Forensic
Email forensics is indeed a powerful in the realm of digital investigations. 1. Who sent the email? Identifying the sender is pivotal as...
37 views0 comments
-
Apr 161 min read
Important Update: Temporary Pause in Blog Updates
Dear readers and followers, I hope this message finds you well. I wanted to take a moment to share an important update regarding our...
19 views0 comments
-
Apr 54 min read
Solid-State Drives (SSDs): Acquisition, Analysis, and Best Practices
Introduction: Solid-state drives (SSDs) have revolutionized data storage with their speed, reliability, and lack of moving parts....
15 views0 comments
-
Apr 41 min read
Unveiling File Origins: The Role of Alternate Data Streams (ADS)/(Zone.Identifier) in Forensic Investigations
I will start with asking a question: Ever wonder how Office knows your document was "from the Internet? Understanding Alternate Data...
34 views0 comments
-
Apr 33 min read
Digital Evidence: Techniques for Data Recovery and Analysis
In today's digital age, forensic investigators face the challenge of extracting valuable evidence from various storage devices, including...
32 views0 comments
-
Apr 23 min read
Program Execution : UserAssist Registry Key || Shimcache/Amcache ||BAM/DAM
1. UserAssist Key Understanding the UserAssist Key: The UserAssist key, located within the NTUSER.DAT hive of the Windows registry,...
53 views0 comments
-
Apr 11 min read
Part 2: Windows Registry Artifacts: Insights into User Activity
5. Last Visited MRU/ Open Save MRU When you "save or open a file," Have you ever noticed that it might remember the location you...
36 views0 comments
-
Mar 312 min read
Part 1: Windows Registry Artifacts: Insights into User Activity
1. Search History: The "WordWheelQuery" registry key is a valuable artifact found in the Windows registry of Windows 7 to Windows 10...
34 views0 comments
-
Mar 301 min read
Part 4- Important Registries related to System configuration overview
9. System Boot autostart programs: NTUSER.DAT NTUSER.DAT\Software\Microsoft\ Windows\CurrentVersion\Run NTUSER.DAT\Software\Microsoft\...
31 views0 comments
-
Mar 293 min read
Part 3- Important Registries related to System configuration overview
8. Network profile key: -First and last name connected: Windows XP: The Legacy of Wireless Zero Configuration In the Windows XP era, the...
38 views0 comments
-
Mar 283 min read
Part 2- Important Registries related to System configuration overview
5. NTFS last access time on/off The Misconception: One common misconception about last access timestamps is that they solely indicate the...
24 views0 comments
-
Mar 272 min read
Part 1- Important Registries related to System configuration overview
1. Identify the Microsoft version: An investigator will receive a disk image and have no idea what the specific Windows operating system...
41 views0 comments
-
Mar 262 min read
Understanding Important Registries
1. MRU Lists (Most recent used lists) NTUSER.DAT for particular user (If we use Registry explorer in my case c:\users\user\ntuser.dat)...
37 views0 comments
-
Mar 252 min read
Understanding Registry Hive transaction logs**
The Windows operating system caches writes to the registry in two locations. The first is in memory. The second is on disk in the...
50 views0 comments
-
Mar 243 min read
Understanding Registry:
Windows Registry Overview: The Windows registry is a crucial database storing system, software, hardware, and user configuration data....
57 views0 comments
-
Mar 234 min read
Extracting/Examine Volume Shadow Copies for Forensic Analysis
Introduction: In the realm of digital forensics, gaining insights into the changes made to files and volumes over time can be critical...
98 views0 comments
-
Mar 223 min read
Overview the Core Components of NTFS File System
The $MFT, $J, $LogFile, $T, and $I30 are all important components of the NTFS (New Technology File System) file system used in Windows...
41 views0 comments
-
Mar 211 min read
Understanding, Collecting, Parsing the $I30
Introduction: In the intricate world of digital forensics, every byte of data tells a story. Within the NTFS file system, "$I30" files...
168 views0 comments
bottom of page