Recently I relocated easymetadata.com to a new hosting provider. It turns out I missed some links that broke in the move. Those issues should now be fixed! If you continue to run across broken links such as linking back to ip’s people contact me. Thanks!
Author Archives: Dave
Announcing the initial 1.0 release of MDViewer and MDViewerCLI. Powered purely by Apache TIKA for parsing metadata. MDViewer A viewer for viewing file metadata (parsed by Apache TIKA) similar to MetaDiver review window. Review metadata, strings, hex and more. It supports drag and drop and windows file-open support. MDViewerCLI A simple command line tool for
I thought I’d share some holiday command line cheer. If you have Windows 10 then you also have a command line package manager named “choco”. Many tools can be installed just like in Linux from a command prompt. Exiftool is a great command line tool for looking at document metadata. Much of this metadata may
It’s been a while since I have written a post. I need to write something so I figured I’d write about what takes up most of my days… Honestly, a lot has happened in my personal life. I got married, purchased a house and I’m expecting a baby. So it doesn’t take much imagination to
Sarah Edwards (mac4n6) has a nice quick write up with the latest techniques for mounting various disk images when you are using a macOS computer. I’ve dealt with many of these issues including core storage and encrypted FileVault disk images. It’s great to see more info out there! Link to mac4n6 article http://www.mac4n6.com/blog/2017/11/26/mount-all-the-things-mounting-apfs-and-4k-disk-images-on-macos-1013
I’ve updated FindUSBMSC to allow it to handle corrupted gzip files. You can find the latest version on my GitHub page at the link below. Download Here’s where you can get version v20171030 Change log # v20171026 – Fixes issue with gzipped logs not being processed due to wrong variable being returned. # v20171030 –
FindUSBMSC is a script to parse the system logs on macos. It looks for USBMSC storage device plugins and links them back to the product information. This release includes some important fixes and improvements. # v20171016 – Logic cleanup. Improve pid and vid parsing. Added list of unique devices. Added options parser. # v20171017 –
Welcome back to a review of Visual Studio registry artifacts. In Part 1 I discussed “Find & Replace” as well as the Visual Studio 2017 registry hive that is separate from the NTUSER.DAT (HKLU). In this post I want to briefly show you that Visual Studio keeps its own Most Recently Used Item lists. Below
When you use Visual Studio it leaves a lot behind that is valuable to an investigator. A valuable trove of information may exist. We are going to review briefly the “Find and Replace” history that gets left behind. Find and Replace Registry location “…\Software\Microsoft\VisualStudio\<version #>\Find” Below you can my see Find history.