|
|
Article DetailsBrief introduction into the Windows Media Player program and analysis of currentdatabase_372.wmdb file and how to extract the content for review. This article may serve as an aid to forensic examiners or data recovery technicians.
Using FTK forensic software to detect SQLite Database Files for processing in SQLite Forensic Reporter
Processing SQLite Databases using Templates (applicable to forensic analysis and data recovery). This article covers the processing of SQLite database files for forensic analysis, security auditing and data recovery purposes.
SQLite Forensic Reporter is the most powerful tool available for analysing and reporting on the contents of SQLite database files on the market to date. With batch processing, advanced identification, decoding and reporting this is a perfect solution for computer & mobile phone examiners and data recovery technicians.
These days, catching a criminal involves the use of highly sophisticated technologies which can generate vital evidence good enough to prove whether a person is really guilty or not. One of the known applications that can be taken under consideration in such cases is the forensic software or data recovery software.
- Active Links: 13
- Pending Links: 1
- Todays Links: 0
- Total Articles: 26
- Total Categories: 3
- Sub Categories: 0
How to gather file signatures from your case |
| Date Added: November 10, 2009 03:02:01 PM |
| Author: admin |
| Category: Documents |
This short article covers how to gather all file signatures / headers from all files within a case for review and/or research purposes. This article may serve as an aid to forensic examiners or data recovery technicians. Gathering file identification is an important process for future identification and classification of file data or for data recovery purposes. Processing a mounted volume? If processing a mounted volume the tool Header Grab Advanced, part of Simple Carver Suite is invaluable as it allows you to quickly gather all header and file extension information which is stored with a single Access Database for processing and filtering or exported to CSV. This information can be used to assist in identifying file types in future cases or recovery of deleted data.
Processing a volume using Encase? If processing a case using the forensic software Encase, an enscript is available on the guidance forensic forum or available in the members area of www.filesig.co.uk - the encase header gather script will read all headers from selected entries within a case and export to CSV format for review. For more information on Header Grab Adv.: HERE |
