MetaDiver is an easy to use solution for extracting and reviewing metadata from files, email and system artifacts on Windows systems. PST, MSG, EML, PDF, Office.. the most popular document formats are all supported, including thousands more file types!
MetaDiver is stand alone and leverages multiple libraries and engines including Apache Tika, OfficeXML, Outlook redemption, among others to retrieve metadata and text from documents, emails, images, media and any number of thousands of file types. Find out who created files, when and where it was created and much, much more. You will often find metadata that you otherwise would not know exists. Available at the download page.
MDViewer
MDViewer is a simple stand alone viewer with a graphical or command line version that allows you to review the metadata and text of documents, images, media and any number of the thousands of file types that are supported by Apache Tika. You can even use OpenWith from Windows Explorer or your favorite forensics tool to view the document in MDViewer and see what you were about to miss. You will often find metadata that you otherwise would not know exists. You can download here.
ShadowKit
A solution for recovering previous versions of files in Windows! You won’t be able to do this with Windows Explorer, but you can with ShadowKit! If you are using Windows 8 or later this may be your only way to recover the previous versions of files you are looking for. Available at the download page.
GitHub Projects
There are more projects and other documents listed on the GitHub repositories page!
Links
Blogs and sites with great information and research.
https://www.easymetadata.com/links/
Social media
Here are a few social resources | |
Forensic Lunch (Video Podcasts) | Learn Forensics is a channel devoted to computer forensics. |
#DFIR | Digital Forensics and Incident Response posts and discussions on Twitter. |
@sansforensics | Sans DFIR for great articles, webcasts and re-tweets. |
@HECFBlog | Our own Hacking Exposed Computer Forensic’s Author Blog by David Cowen. David posts daily!The Hacking Exposed Computer Forensic’s Blog (HECF) is a highly informational blog with very technical posts and discussions about forensics. |
#InfoSec | Information security related posts. |