The next alpha release of MetaDiver is coming together nicely. Lots of new features in the works. Major new features being added. I’m still coding, plus better testing on various Windows environments before I put it out there for you to break further. I plan to post open source projects relied upon to github in
Github account created with open source projects being added. https://github.com/easymetadata
The MetaDiver 2.0 Alpha2 has been released and available for download. https://45.76.237.35/Downloads/MetaDiver/MetaDiver_2.0.1_x64-alpha2.zip Resolved crash on Windows Server 2008 due to VisualBasic PowerPack not installed with .Net on servers. Various minor bug fixes and UI changes.
In the DFIR (Digital Forensic and Incident Response) space there are always interesting things happening. Change is constant and sometimes exhausting. I’m taking a quick break from working on my presentation for CEIC 2015 on improving external forensic analysis and finishing up my chapter for the new version of Hacking Exposed Computer Forensic’s book to
MetaDiver 2.0 is finally here. I hope to drop the release the alpha of 2.0 tomorrow in Downloads! This is a huge list of features and changes for MetaDiver. It’s been a LOT of work but a lot of fun and much of the research that has gone into the code has been hugely beneficial
If you have ever been looking for a way to access your computer disk without having to deal with user permissions and constrains the operating system enforces then this is the series to read. David Cowen is working on an excellent series called “Automating DFIR” (Digital Forensics Incident Response) on his blog “Hacking Exposed Computer
Right now a lot of IT admins are running around looking at laptops for a nasty cert that comes pre-installed from a certain manufacturer. You can read what all the uproar is about from the article below. My PowerShell needed a little refresh so this was a fun exercise. Here is a quick way
Microsoft blog has posted a link to PowerShell script for resetting the password to the Kerberos krbtgt service on active directory to deal with the golden ticket issue. Just make sure the password gets changed twice. Post: http://blogs.microsoft.com/cybertrust/2015/02/11/krbtgt-account-password-reset-scripts-now-available-for-customers/ PowerShell Script: https://gallery.technet.microsoft.com/Reset-the-krbtgt-account-581a9e51 Here’s a script to the Kerberos Golden Ticket Check script from Microsoft to help
Today I’m posting some research I did early last year related to querying Chrome Web Browser SQLite databases which is how Chrome stores most of the useful information that makes for a great browsing experience. A byproduct of course is useful information for an examiner. In this post I’m going to talk about two databases
When reviewing activity from a Mac OSX system there are a number of great artifacts to consider in your investigations. In this post I’m going to talk about the Quicklook database that stores metadata for thumbnails of files you view in the Mac Finder. When Finder session renders that thumbnail it tracks the thumbnail information