This post will be covering a feature of the NTFS file system known as the Alternate Data Stream (ADS), focusing on how to properly identify and forensically extract these data streams from an NTFS partition using a Linux host. Continue reading “Extracting ADS using Linux”
Manual Data Carving on Linux
This is a short post covering the topic of manual data carving on Linux systems. Following a brief explanation of the topic itself, I focus on using a command-line tool called xxd to manually specify the start and end offsets of the content I wish to ‘carve’ out of the target data stream. Continue reading “Manual Data Carving on Linux”
Forensic Imaging with DD
This post will be focusing on the usage of the Linux tool ‘dd’ in the forensic imaging process, along with two other tools that have been directly derived from dd and one which is similar in functionality. In addition, this post briefly covers the issue of data completeness when preparing to forensically acquire a device. Continue reading “Forensic Imaging with DD”
Android Forensics with ADB
This post will be covering the use of the Android Debug Bridge (ADB) command-line tool on Linux. Focusing on the extraction of forensically relevant data from mobile devices packaged with the Android Operating System developed by Google.
Forensic Relevance of Vim Artifacts
In this post, I am going to be taking a closer look at the artifacts associated with the popular text-editor software known as ‘Vim’ to see if they have any forensic relevance when conducting a forensic investigation on a machine it has been installed on. Continue reading “Forensic Relevance of Vim Artifacts”