|
|
#1
April 3rd, 2012, 04:04 PM
|
|||
|
|||
Forensics Bonanza in Facebook Case
http://m.wired.com/threatlevel/2012/...hip-forensics/
Be sure to grab the .pdf and read the forensic examiners full report. Eye-opening. |
|
#3
April 4th, 2012, 11:13 AM
|
|||
|
|||
|
Re: Forensics Bonanza in Facebook Case
Interesting indeed.
|
|
#4
April 14th, 2012, 07:21 PM
|
|||
|
|||
|
Re: Forensics Bonanza in Facebook Case
What I found most interesting in the paper is the fact that the forensics experts were able to extract metadata from files that were erased and overwritten by new data. I thought that doing that without employing very expensive means is not possible?
__________________
My setup |
|
#5
April 14th, 2012, 09:38 PM
|
|||
|
|||
|
Re: Forensics Bonanza in Facebook Case
Some metadata is stored in the Windows file system and not in the file itself.
|
|
#6
April 15th, 2012, 12:46 AM
|
|||
|
|||
|
Re: Forensics Bonanza in Facebook Case
Ah, I see!
Do you know of any free (or trial) software that can be used to analyze metadata from specific files? They mentioned one in the paper, but it is paid and has no trial. I'd like to see just how much information you can extract this way.
__________________
My setup |
|
#7
April 15th, 2012, 01:47 AM
|
|||
|
|||
|
Re: Forensics Bonanza in Facebook Case
I can't recommend one, but a search on 'metadata removal tool' showed many.
|
|
#8
April 15th, 2012, 10:13 AM
|
|||
|
|||
|
Re: Forensics Bonanza in Facebook Case
Yeah I already found this yesterday: http://www.forensicswiki.org/wiki/Do...ata_Extraction
a huge list. Exiftool seems really nice - it's under the "Images" category but it actually works with all file types. And this is the one they referenced in the paper: http://www.payneconsulting.com/products/metadataretail/ - 80$ license. From what I can tell though it seems far less functional than the free Exiftool I mentioned above; except it has a friendly GUI.
__________________
My setup Last edited by syncmaster913n : April 15th, 2012 at 10:18 AM. |
|
#9
April 24th, 2012, 02:26 AM
|
|||
|
|||
|
Re: Forensics Bonanza in Facebook Case
It looks like this guy tried to hide his tracks by reinstalling Windows. He obviously doesn't understand that does nothing to hide most of the data that was on the drive.
|
|
#10
April 25th, 2012, 12:15 PM
|
||||
|
||||
|
Re: Forensics Bonanza in Facebook Case
Quote:
Eye-opening, Indeed ! Thanks for posting  Quote:
It appears he only reinstalled, Without deleting the partions first = Big No No 
__________________
. Malware = You don't scare me  A different perspective https://rt.com - https://rt.com/on-air |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
