Hex Editing

The Risks of Windows Hibernation – The hiberfil.sys and Web Browsing

By Max on February 1, 2010

You can use Windows Hibernate to conserve batteries, electricity, save the environment, the world and the polar bears. However, did you know that by putting your computer into “hibernation” mode that you are essentially creating a snapshot of the contents of your computers RAM which is then saved to the root of the hard drive as “hiberfil.sys”?

Posted in Hex Editing, Windows | Tagged hiberfil, hiberfil.sys, hibernate, hibernation, hxd, windows hibernation | 5 Responses

Beat EnCase File Signature Analysis on a Windows System

By Max on September 13, 2009

Use a hex editor to modify the file signature of a WinRAR archive to that of an executable file to beat the EnCase forensic software’s file signature analysis.

Posted in EnCase, Hex Editing | Tagged EnCase, file signature analysis, hex editing, hex editor, timestomp, winrar | 8 Responses

Modify NTFS Timestamps and Cover Your Tracks With Timestomp.exe

By Max on March 5, 2009

There have been a million articles written on using timestomp.exe. However, the goal of this article is to give some ideas on how to use timestomp and avoid leaving evidence behind that would point to its use.

Posted in Anti-Forensics Software, Hex Editing | Tagged compression, hex editor, packing, timestomp, timestomp.exe, upx, windows xp | 5 Responses

Modify TrueCrypt Encryption Boot Loader Strings

By Max on March 1, 2009

In a previous post I mentioned that TrueCrypt leaves behind a string in its boot loader (that identifies it as a TrueCrypt boot loader) when using the full disk encryption feature. As you can see in the screenshot below I have modified the original “TrueCrypt Boot Loader” string to read “Windows Boot Loader.”

Posted in Encryption, Hex Editing | Tagged Encryption, hex editing, TrueCrypt, winhex | 16 Responses

Modify TrueCrypt Encryption Boot Loader Strings (16)
- sub: If an expert hacker access my drive whether in person or over the net,...
How to Delete Google History – Clear Google Toolbar History (5)
- Sailesh Thaosen: I would like to ask you to deleat my all google history...
Full Disk Encryption With TrueCrypt on Windows XP (4)
- Jessica: TrueCrypt is especially nice being that it was redesigned and...
Leave No Artifacts Behind – Linux Live CDs (6)
- Olivia Graves: by the way, this Windows boot CD is easy to use and works
Saudi Arabia Bans BlackBerry’s (8)
- Alex Dimitrov: “HOL Y FUCK SHUT UP DON’T YOU BITCHES TALK ABOUT ANYTH...
- rabbit: I hate to ever defend Apple but I don’ t think the iPhone...
- HaPa: I would DIE without my blackberry . I’m an addict.
The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System by Bill Blunden (3)
- Jeff: Thanks for the link and the book review. It looks very interestin g and...

Hex Editing

The Risks of Windows Hibernation – The hiberfil.sys and Web Browsing

Beat EnCase File Signature Analysis on a Windows System

Modify NTFS Timestamps and Cover Your Tracks With Timestomp.exe

Modify TrueCrypt Encryption Boot Loader Strings

Subscribe to Anti-Forensics

Links

Recent Comments

Tags

Archives

Writers

Site Pages

Site Links

Anti-Forensics