Recently I had to do some testing to see what causes the modified date for a fat32 volume label to get changed. It has been understood for as long as i can remember that the modified date for a volume name is set when you format your thumb-drive or hard disk partition. So I did
I decided I needed to put out a simple command line program for dumping metadata. It’s been sitting on my todo list for too long. I’ve been using Tika for a long time now and it’s amazing how many file format’s it supports. The file formats it supports keeps grows with every new release. This
Intro Metadata is critical to any investigation. So much knowledge can be gleamed from the review of metadata from pictures and documents that it’s a big topic in the news. Look at the DNC hack last month. But for those of us in the digital forensics and the field of information security metadata has always
There is a new forensic viewer in town called “Pancake Viewer”. It’s being developed by our good friend Forensicmatt known for the Triforce journal parser. Pancake viewer is there to review forensic artifacts interactively in a simple interface, for free. Its familiar and based fully on opensource libraries. If your curious about the backend it’s
I’m happy to announce that MetaDiver 2.5.0 is available for download. This is a big release with some fun new stuff. If you are not familiar with MetaDiver and want to understand what it can do for you, put simply it allows you to review meta-data stored in many files such as pictures, office documents
Putting together EXE’s has become common practice to simplify script deployments and satisfy dependencies on client systems no matter what the programming language be it perl, python or.NET code. Packing dependencies for the script into native code you don’t have to worry about pesky dependencies. Now there is a tool to turn PowerShell scripts from
Introducing a simple console app to find the outlook bitness and version information. Works with oem and office365 installs. You can get the source from my GitHub page at https://github.com/easymetadata/DetectOutlook.NET Enjoy!
Inevitably someone is going to have an online account hacked. Someone gets access to your email, cloud or phone using your information through various means. They could have done this because they want something or they just don’t like you, the list is long. Recently someone was in this exact situation and needed some advice.
I am pleased to announce that the latest version of MetaDiver (2.4.0) has been released. In this release there are a lot of nice new features and improvements including a single download with outlook bitness detection, hex viewer, binary strings viewer (thanks to Eric Zimmerman’s excellent bstrings) and many more. The expiration date has been
I have been doing testing with MacOS 10.11, El Capitan. Specifically I wanted to see if erasing a disk or disk partition using DiskUtil would leave a DiskUtil.log as it did in previous versions of MacOS. So far I have been unable to cause a DiskUtil.log to get created. I have read that DiskUtil has