I’ve updated FindUSBMSC to allow it to handle corrupted gzip files. You can find the latest version on my GitHub page at the link below. Download Here’s where you can get version v20171030 Change log # v20171026 – Fixes issue with gzipped logs not being processed due to wrong variable being returned. # v20171030 –
Category Archives: Uncategorized
Welcome back to a review of Visual Studio registry artifacts. In Part 1 I discussed “Find & Replace” as well as the Visual Studio 2017 registry hive that is separate from the NTUSER.DAT (HKLU). In this post I want to briefly show you that Visual Studio keeps its own Most Recently Used Item lists. Below
When you use Visual Studio it leaves a lot behind that is valuable to an investigator. A valuable trove of information may exist. We are going to review briefly the “Find and Replace” history that gets left behind. Find and Replace Registry location “…\Software\Microsoft\VisualStudio\<version #>\Find” Below you can my see Find history.
The latest version of MetaDiver is available for download. Download: Metadiver 3.1.1 Numerous improvements from previous release. Using the latest version is highly recommended! Changelog v3.1.1 (build 1623) -bugfixes to paging in Review window -fix to keyword search not pulling back hits in some cases -prevent empty line in keywords on save -performance optimizations -resized
In the past week I moved the websites to vps from shared hosting for www.easymetadata.com and www.redrocktx.com. I’m noticing a huge difference for $4/m more. I know I’m stubborn for not ditching the whole website thing and moving to medium.. I’m just not that hipster. I like having a shell and control. Anyway, hopefully you
I decided I needed to put out a simple command line program for dumping metadata. It’s been sitting on my todo list for too long. I’ve been using Tika for a long time now and it’s amazing how many file format’s it supports. The file formats it supports keeps grows with every new release. This
There is a new forensic viewer in town called “Pancake Viewer”. It’s being developed by our good friend Forensicmatt known for the Triforce journal parser. Pancake viewer is there to review forensic artifacts interactively in a simple interface, for free. Its familiar and based fully on opensource libraries. If your curious about the backend it’s
I’m happy to announce that MetaDiver 2.5.0 is available for download. This is a big release with some fun new stuff. If you are not familiar with MetaDiver and want to understand what it can do for you, put simply it allows you to review meta-data stored in many files such as pictures, office documents
Putting together EXE’s has become common practice to simplify script deployments and satisfy dependencies on client systems no matter what the programming language be it perl, python or.NET code. Packing dependencies for the script into native code you don’t have to worry about pesky dependencies. Now there is a tool to turn PowerShell scripts from
Introducing a simple console app to find the outlook bitness and version information. Works with oem and office365 installs. You can get the source from my GitHub page at https://github.com/easymetadata/DetectOutlook.NET Enjoy!