Forensics: Dates and the $Standard_Information Attribute

May 31, 2009 — 585

Below is a video showing the $Standard_Information Attribute within the MFT

Posted in 0 - Forensics, Video Guides. Tags: , , , , , , . 1 Comment »

Forensics: Wiping a Drive

March 4, 2009 — 585

There is a lot of misleading information on the internet in relation to the deletion and destruction of data. Some of this is due to confusion in language, e.g. the difference between wiping and deletion and some of this is due to urban myth.

Below is a video, taken with the popular computer forensics tool EnCase.This video shows what happens when a single wipe is used on a drive. Not 2, not 8, o32, or any of the other “recommended” number of wipes. Just a single, simple, wipe.

Add to Technorati Favorites

Posted in 0 - Forensics, EnCase, Video Guides. Tags: , , , . 4 Comments »

Video – Locating the First Partiton from the MBR

August 27, 2008 — 585

Following on from the articles on the MBR, the MBR Partition Information,  and the video showing a general examination of the MBR , below is a video showing how the location of first partition can be extracted from a manual examination of the MBR.

Posted in EnCase, File Systems, Video Guides. Tags: , , , , , , , . 2 Comments »