Windows 10 Doesn't Stop Spying You, Even After Disabling It's Creepy Features

In our previous articles, we raised concern about Windows 10 privacy issues, unfortunately, all those efforts got wasted because Microsoft still tracks you, even after you harden your Windows 10 privacy to an extreme level by disabling all privacy-infringing settings.This time the culprits are – Cortana and Bing search.Windows 10 features, including Cortana and Bing search, continue communicating with Microsoft's servers and sending it data, even...

Read More

How to forensically examine an Android device with AFLogical OSE on Santoku Linux

What you will need: Santoku – Alpha 0.1 (or later) AFLogical OSE (already installed in Santoku) An Android device (with adb enabled) AFLogical OSE Background AFLogical OSE was released in December 2011 and is now hosted on GitHub. The app provides a basic framework for extracting data from Android devices using Content Providers and then saves the data to the SD Card of the device including: Contacts Call Logs SMS MMS MMS Parts Device...

Read More

Digital Intelligence and Investigation Tools

By providing operational support to high-profile intrusion, identity theft, and general computer crime investigations, DIID is able to see the current limitations of computer forensics and incident response in the field first hand. Combining applied research with the unique talents, operational experience, research capabilities, and the vast knowledge base of Carnegie Mellon University, we have developed resources, training, and tools to facilitate forensic examinations and assist authorized members of the law enforcement community. Restricted...

Read More

Windows 10 Full Artifacts as Promised

Download the Full Windows 10 Artifacts PDF Windows 10 Artifac...

Read More

Recovering a FAT filesystem directory entry in five phases

This is the last in a series of posts about five phases that digital forensics tools go through to recover data structures (digital evidence) from a stream of bytes. The first post covered fundamental concepts of data structures, as well as a high level overview of the phases. The second post examined each phase in more depth. This post applies the five phases to recovering a directory entry from a FAT file system. The directory entry we’ll be recovering is from the Honeynet Scan of the Month #24. You can download the file...

Read More

A Forensic Analysis Of The Windows Registry

Abstract This paper will introduce the Microsoft Windows Registry database and explain how critically important a registry examination is to computer forensics experts. In essence, the paper will discuss various types of Registry 'footprints' and delve into examples of what crucial information can be obtained by performing an efficient and effective forensic examination. Many of the Registry keys that are imperative and relevant to an examination...

Read More