I’ve updated FindUSBMSC to allow it to handle corrupted gzip files. You can find the latest version on my GitHub page at the link below. Download Here’s where you can get version v20171030 Change log # v20171026 – Fixes issue with gzipped logs not being processed due to wrong variable being returned. # v20171030 –
Category Archives: coding
FindUSBMSC is a script to parse the system logs on macos. It looks for USBMSC storage device plugins and links them back to the product information. This release includes some important fixes and improvements. # v20171016 – Logic cleanup. Improve pid and vid parsing. Added list of unique devices. Added options parser. # v20171017 –
Welcome back to a review of Visual Studio registry artifacts. In Part 1 I discussed “Find & Replace” as well as the Visual Studio 2017 registry hive that is separate from the NTUSER.DAT (HKLU). In this post I want to briefly show you that Visual Studio keeps its own Most Recently Used Item lists. Below
When you use Visual Studio it leaves a lot behind that is valuable to an investigator. A valuable trove of information may exist. We are going to review briefly the “Find and Replace” history that gets left behind. Find and Replace Registry location “…\Software\Microsoft\VisualStudio\<version #>\Find” Below you can my see Find history.
The latest version of MetaDiver is available for download. Download: Metadiver 3.1.1 Numerous improvements from previous release. Using the latest version is highly recommended! Changelog v3.1.1 (build 1623) -bugfixes to paging in Review window -fix to keyword search not pulling back hits in some cases -prevent empty line in keywords on save -performance optimizations -resized
I’m happy to announce that MetaDiver 2.5.0 is available for download. This is a big release with some fun new stuff. If you are not familiar with MetaDiver and want to understand what it can do for you, put simply it allows you to review meta-data stored in many files such as pictures, office documents
Introducing a simple console app to find the outlook bitness and version information. Works with oem and office365 installs. You can get the source from my GitHub page at https://github.com/easymetadata/DetectOutlook.NET Enjoy!
I’m excited to announce that MetaDiver 2.1 has been released! This is close to a full rewrite with better scalability. The ability to review metadata in MetaDiver has been greatly improved. The back-end has been rewritten to use SQLite. Many new documents are now handled including email archives, Windows Shortcuts including lnk and jumplists, legacy
The next alpha release of MetaDiver is coming together nicely. Lots of new features in the works. Major new features being added. I’m still coding, plus better testing on various Windows environments before I put it out there for you to break further. I plan to post open source projects relied upon to github in
Github account created with open source projects being added. https://github.com/easymetadata