EnCase v7 Training Videos

Western Digital HDD

EnCase v7 Training Videos

July 31, 2011 |  by  |  Computer Forensics News, EnCase  |   |  2 Comments

The latest and greatest update in Nintendo Forensics is out, EnCase version 7. Watch the free training videos.

Read More
Beat EnCase File Signature Analysis on a Windows System

EnCase - WinRAR Archives

Beat EnCase File Signature Analysis on a Windows System

September 13, 2009 |  by  |  EnCase, Hex Editing  |  , , , , ,  |  9 Comments

Use a hex editor to modify the file signature of a WinRAR archive to that of an executable file to beat the EnCase forensic software's file signature analysis.

Read More
Breaking Forensic Images Booted as a Virtual Machine

Western Digital HDD

Breaking Forensic Images Booted as a Virtual Machine

March 7, 2009 |  by  |  Anti-Forensics Software, Featured Articles  |  , , , , ,  |  10 Comments

I've dug around a bit and found some older examples of software that will detect whether or not the current system is being run in a virtual environment. The main purpose here is to trip up the examiners. Make them waste their time, their clients time and everyone elses. Make the costs of a computer forensics examination even more expensive.

Read More
Modify NTFS Timestamps and Cover Your Tracks With Timestomp.exe

Timestomp Being UPX'd

Modify NTFS Timestamps and Cover Your Tracks With Timestomp.exe

March 5, 2009 |  by  |  Anti-Forensics Software, Hex Editing  |  , , , , , ,  |  7 Comments

There have been a million articles written on using timestomp.exe. However, the goal of this article is to give some ideas on how to use timestomp and avoid leaving evidence behind that would point to its use.

Read More