You can use Windows Hibernate to conserve batteries, electricity, save the environment, the world and the polar bears. However, did you know that by putting your computer into “hibernation” mode that you are essentially creating a snapshot of the contents of your computers RAM which is then saved to the root of the hard drive as “hiberfil.sys”?
Use a hex editor to modify the file signature of a WinRAR archive to that of an executable file to beat the EnCase forensic software’s file signature analysis.
There have been a million articles written on using timestomp.exe. However, the goal of this article is to give some ideas on how to use timestomp and avoid leaving evidence behind that would point to its use.
In a previous post I mentioned that TrueCrypt leaves behind a string in its boot loader (that identifies it as a TrueCrypt boot loader) when using the full disk encryption feature. As you can see in the screenshot below I have modified the original “TrueCrypt Boot Loader” string to read “Windows Boot Loader.”
Recent Comments