A new version of MDViewer has been released! In this release you can now choose a simple view that is persistent if you only want to review metadata in the user interface. You can then turn off simple view and immediately have full access to the Tika strings, binary strings and hex viewers. In this
Category Archives: coding
The other day I got bored and decided to do a little PowerShell one-liner on my Windows 10 gaming rig. I wanted to see if I have any DLL’s that are unsigned or invalid in my C:\Windows directories. I was surprised to find I did in fact have two odd DLL’s. In PowerShell you can
I’ve updated FindUSBMSC to allow it to handle corrupted gzip files. You can find the latest version on my GitHub page at the link below. Download Here’s where you can get version v20171030 Change log # v20171026 – Fixes issue with gzipped logs not being processed due to wrong variable being returned. # v20171030 –
FindUSBMSC is a script to parse the system logs on macos. It looks for USBMSC storage device plugins and links them back to the product information. This release includes some important fixes and improvements. # v20171016 – Logic cleanup. Improve pid and vid parsing. Added list of unique devices. Added options parser. # v20171017 –
Welcome back to a review of Visual Studio registry artifacts. In Part 1 I discussed “Find & Replace” as well as the Visual Studio 2017 registry hive that is separate from the NTUSER.DAT (HKLU). In this post I want to briefly show you that Visual Studio keeps its own Most Recently Used Item lists. Below
When you use Visual Studio it leaves a lot behind that is valuable to an investigator. A valuable trove of information may exist. We are going to review briefly the “Find and Replace” history that gets left behind. Find and Replace Registry location “…\Software\Microsoft\VisualStudio\<version #>\Find” Below you can my see Find history.
The latest version of MetaDiver is available for download. Download: Metadiver 3.1.1 Numerous improvements from previous release. Using the latest version is highly recommended! Changelog v3.1.1 (build 1623) -bugfixes to paging in Review window -fix to keyword search not pulling back hits in some cases -prevent empty line in keywords on save -performance optimizations -resized
I’m happy to announce that MetaDiver 2.5.0 is available for download. This is a big release with some fun new stuff. If you are not familiar with MetaDiver and want to understand what it can do for you, put simply it allows you to review meta-data stored in many files such as pictures, office documents
Introducing a simple console app to find the outlook bitness and version information. Works with oem and office365 installs. You can get the source from my GitHub page at https://github.com/easymetadata/DetectOutlook.NET Enjoy!
I’m excited to announce that MetaDiver 2.1 has been released! This is close to a full rewrite with better scalability. The ability to review metadata in MetaDiver has been greatly improved. The back-end has been rewritten to use SQLite. Many new documents are now handled including email archives, Windows Shortcuts including lnk and jumplists, legacy