Category: Digital Forensic

dd for windows

This version does not actually do any conversion but it allows the flexible copying of data under in a win32 environment. According to Wikipedia dd means the following “In computing, dd is a common Unix program whose primary purpose is the low-level copying and conversion of raw data. According to the manual page for Version …

Continue reading »

Permanent link to this article: http://www.darknessgate.com/2012/09/13/dd-for-windows/

Encrypted Disk Detector

Encrypted Disk Detector (EDD) is a command-line tool that checks the local physical drives on a system for TrueCrypt, PGP®, or Bitlocker® encrypted volumes. If no disk encryption signatures are found in the MBR, EDD also displays the OEM ID and, where applicable, the Volume Label for partitions on that drive, checking for Bitlocker® volumes. …

Continue reading »

Permanent link to this article: http://www.darknessgate.com/2012/09/11/encrypted-disk-detector/

Paraben's P2 eXplorer

Paraben’s P2 eXplorer allows you to mount almost any forensic image or hard drive and explore it as though it were a drive on your machine while preserving the forensic nature of your evidence. In fact, P2 eXplorer is one of the only programs that mounts images as logical and physical disks. This means all …

Continue reading »

Permanent link to this article: http://www.darknessgate.com/2012/09/11/parabens-p2-explorer/

Paraben’s P2 eXplorer

Paraben’s P2 eXplorer allows you to mount almost any forensic image or hard drive and explore it as though it were a drive on your machine while preserving the forensic nature of your evidence. In fact, P2 eXplorer is one of the only programs that mounts images as logical and physical disks. This means all …

Continue reading »

Permanent link to this article: http://www.darknessgate.com/2012/09/11/parabens-p2-explorer-3/

USB Write blocker

USB Write blocker is an application that will use the windows registry to write block USB devices.  It is a useful tool for those who wish to view the contents of USB drives without making changes to the files metadata or timestamps.  This is a critial feature in the fields of digital and computer forensics …

Continue reading »

Permanent link to this article: http://www.darknessgate.com/2012/09/11/usb-write-blocker/

FoxAnalysis Plus [Commercial App]

FoxAnalysis Plus is a software tool for extracting, viewing and analysing internet history from the Mozilla Firefox web browser. Main Features: Website visits can be viewed in a navigable timeline structure for easily viewing the time and order that websites were visited. The built-in image viewer can be used to view images from the cache. …

Continue reading »

Permanent link to this article: http://www.darknessgate.com/2012/09/11/featuresfoxanalysis-plus/

MFTView (version 1.1.0)

This software is designed to show and decode the contents of an extracted MFT file. It has an inbuilt hex editor (based on RevEnge and the same as that seen in LinkAlyzer and PmExplorer) when you select a file entry from the file list the MFT is displayed raw in the hex view and the …

Continue reading »

Permanent link to this article: http://www.darknessgate.com/2012/09/11/mftview-version-1-1-0/

OSForensics [Commercial Application]

OSForensics allows you to search for files many times faster than the search functionality in Windows. Results can be analyzed in the form of a file listing, a Thumbnail View, or a Timeline View which allows you to determine where significant file change activity has occurred Main Features: Find files quickly Search within Files Search …

Continue reading »

Permanent link to this article: http://www.darknessgate.com/2012/09/11/osforensics-commercial-application/

X-Ways Forensics [Commercial Application]

X-Ways Forensics, the forensic edition of WinHex, is a powerful and affordable integrated computer forensics environment with numerous forensic features, rendering it a powerful disk analysis tool: capturing free space, slack space, inter-partition space, and text, creating a fully detailed drive contents table with all existing and deleted files and directories and even alternate data …

Continue reading »

Permanent link to this article: http://www.darknessgate.com/2012/09/07/x-ways-forensics/