Category: Forensics

Cybersecurity, Dfir, Forensics, Windows

MAC(b) times in Windows forensic analysis

Essential information during timeline analysis   During a forensic analysis, especially during timeline analysis, you deal with MAC timestamps, so it’s important to know and understand the concept of time resolution. The MAC(b) times are derived from file system metadata and they stand for: Modified Accessed Changed ($MFT Modified) Birth (file creation time) The (b) is […]

Cybersecurity, Forensics, Windows

PowerForensics: a PowerShell framework for hard drive forensic analysis

Simple to install and with a lot of features The purpose of PowerForensics is to provide an all inclusive framework for hard drive forensic analysis. PowerForensics currently supports NTFS and FAT file systems, and work has begun on Extended File System and HFS+ support. PowerForensics is built on a C# Class Library (Assembly) that provides an […]

Cybersecurity, Forensics, Linux

Linux Distributions for forensics investigation: my own list

A shortlist of six distribution…guess my favorite! During a digital forensics analysis, a lot of different tools can be used, and it could be useful use a dedicated linux distribution with all tools already installed and configured. Here a brief list of my choises. Computer Aided Investigative Environment (CAINE) CAINE offers a complete forensic environment […]