Description: In this video we will conduct an examination of the digital evidence files we've created. We will be using the SIFT Workstation, including Autopsy and AnalyseMFT, and also the RegRipper tool. Please leave comments.
Tags: forensics , digital forensics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
In one of the videos, you asked about hex disk editors. Have you looked at WinHex (http://www.winhex.com/winhex/index-m.html) or Active@ HEX Editor (http://www.livecd.com/active_hex_editor.htm)? I don't know if either will allow you to do what you want in the way that you need.
Really cool stuff you showed here. I wasn't aware that ntfs keeps that much info in the background or that files can be stored in the mft - really interesting. And I like your accent mate =)
no need to excuse for potential boring though, if you would have done so I'd just have switched and especially not left you a comment!
I don't quite know what to ask for because I have no idea what's out there but please keep it coming highly appreciate it.
t1d
@Ignatius - Thanks for those! I've seen WinHex, but not Active@ Hex Editor. I shall have a look - will probably need a good hex editor for the next video. Thanks again!
@The1Diko - Thanks very much for watching. Really appreciate it. The next video will hopefully be up in the next few days. It's looking like it's going to be data recovery from unallocated clusters, but that's not definite. I need to sit down and work out a proper course of videos for you all to follow. I'm crap at planning.
I know very little of HEX editors but in various security videos I see around the web OllyDbg is used/recommended. Not sure if it does what you want though.