CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a Digital Forensics project Currently the project manager is Nanni Bassetti. CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface. The main design objectives that CAINE aims …
Tag: USB forensic
Permanent link to this article: https://www.darknessgate.com/2015/01/24/caine-computer-aided-investigative-environment/
UserAssistant
UserAssist keys are method that Microsoft uses to populate a user’s start menu with frequently used applications. They exist on Windows XP, Vista, and 7 and maintain counts of application usage. These values are located in each user’s NTUSER.DAT hive at SoftwareMicrosoftWindowsCurrentVersionExplorerUserAssist and are ROT-13 encoded. Features Extracts SID, User Names, Indexes, Application Names, Run …
Permanent link to this article: https://www.darknessgate.com/2014/11/12/userassistant/
USB Historian
Parse USB Connection History The Microsoft Windows operating systems records artifacts when USB removable storage devices (thumb drives, iPods, digital cameras, external HDD, etc.) are connected. These artifacts can be found in Plug and Play (PnP) log files as well as the Windows Registry. For a forensic investigator dealing with the theft, movement, or access …
Permanent link to this article: https://www.darknessgate.com/2014/11/11/usb-historian/
USBDeviceForensics
USBDeviceForensics is an application to extract numerous bits of information regarding USB devices. It uses the information from a SANS blog posting to retrieve operating system specific information. It now has the ability to process multiple NTUSER.dat registry hives in one go. It should be noted that whilst the information in the blog posting is …
Permanent link to this article: https://www.darknessgate.com/2014/11/11/usbdeviceforensics/
Windows ShellBag Parser (sbag)
sbag is a Windows registry parser that targets the Shellbag subkeys to pull useful directory and file artifacts to help identify user activity. There are binaries available for Windows, Linux and Mac OS-X. The Windows version allows one to parse hives resident from a live system. As background, the ShellBag information is a set of …
Permanent link to this article: https://www.darknessgate.com/2014/11/11/windows-shellbag-parser-sbag/
Data Hiding Techniques in Windows OS
Hands-on guide to understanding, detecting and using today’s most popular techniques in digital data hiding and exploring hidden data under the Windows® OS
Subscribe By Email
Get the news by Email