DOCSLIB.ORG

Forensic-Explorer-User-Guide.En.Pdf

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Forensic-Explorer-User-Guide.En.Pdf User Manual Published: 25-Jun-20 at 20:37:10 Chapter Contents Published: 25-Jun-20 at 20:36:59 Quick Start Guide ..................................................................................................................... 11 Wibu CodeMeter Activation Dongle ............................................................................................................... 11 System Requirements ..................................................................................................................................... 11 Download ........................................................................................................................................................ 11 Installation ...................................................................................................................................................... 12 Forensic Explorer Module Overview .............................................................................................................. 12 Live Boot ......................................................................................................................................................... 14 1.2 Introducing Forensic Explorer ............................................................................................................ 16 1.3 Supported file formats ....................................................................................................................... 16 1.4 Supported file systems ...................................................................................................................... 16 1.5 Key program features ........................................................................................................................ 17 Chapter 2 - 30 Day Evaluation Version ...................................................................................... 19 2.1 30 day evaluation version .................................................................................................................. 20 2.2 Activating the 30-DAY evaluation version ......................................................................................... 20 Chapter 3 - Purchase ................................................................................................................ 25 3.1 Purchase ............................................................................................................................................ 26 3.2 License maintenance ......................................................................................................................... 27 Chapter 4 - Installation ............................................................................................................. 29 4.1 System requirements ......................................................................................................................... 30 4.2 Download ........................................................................................................................................... 30 4.3 Installation ......................................................................................................................................... 30 4.4 Uninstall Forensic Explorer ................................................................................................................ 35 Chapter 5 - Dongle Activation................................................................................................... 37 5.1 Dongle activation of the purchased version ...................................................................................... 38 5.2 GetData License Manager.................................................................................................................. 41 4 | P a g e Chapter Contents 5.3 Wibu CodeMeter Runtime for Windows User ................................................................................... 43 5.4 Network Licensing ............................................................................................................................. 45 5.5 Applying maintenance updates to your Wibu dongle ....................................................................... 48 Chapter 6 - Forensic Acquisition ............................................................................................... 49 6.1 Write block ........................................................................................................................................ 50 6.2 GetData’s Forensic Imager................................................................................................................. 51 Chapter 7 - Forensic Explorer Interface ..................................................................................... 61 7.1 Modules ............................................................................................................................................. 62 7.2 Module data views ............................................................................................................................ 64 7.3 Customizing layouts ........................................................................................................................... 66 7.4 Task Processes List ............................................................................................................................. 67 7.5 Process Logging and Priority .............................................................................................................. 68 7.6 Reference Library ............................................................................................................................... 69 Chapter 8 - Data Views............................................................................................................. 73 8.1 Data views summary .......................................................................................................................... 75 8.2 Tree view ........................................................................................................................................... 78 8.3 List view ............................................................................................................................................. 80 8.4 Disk view ............................................................................................................................................ 80 8.5 Gallery view ....................................................................................................................................... 88 8.6 Hex view ............................................................................................................................................ 97 8.7 Text view ............................................................................................................................................ 98 8.8 Info ..................................................................................................................................................... 99 8.9 Display view ....................................................................................................................................... 99 8.10 Byte Plot and Character Distribution ............................................................................................... 102 8.11 Filesystem Record view ................................................................................................................... 105 8.12 File Metadata ................................................................................................................................... 106 8.13 File Extent ........................................................................................................................................ 111 8.14 Permissions ...................................................................................................................................... 112 Copyright GetData Forensics Pty Ltd 2010 - 2020, All rights reserved. Chapter Contents 5 | P a g e Chapter 9 - Working With Data .............................................................................................. 115 9.1 Working with data ........................................................................................................................... 117 9.2 Highlighted and checked items ........................................................................................................ 117 9.3 Add and edit bookmarks .................................................................................................................. 119 9.4 Open with ........................................................................................................................................ 119 9.5 Expand compound file ..................................................................................................................... 120 9.6 Export............................................................................................................................................... 121 9.7 Send to Module ............................................................................................................................... 125 9.8 Columns ........................................................................................................................................... 125 9.9 Sorting .............................................................................................................................................
Load more

Recommended publications
  • Hany Farid [email protected]
    Hany Farid [email protected] APPOINTMENTS University of California, Berkeley 2019 – Professor, Electrical Engineering and Computer Sciences (50%) Professor, School of Information (50%) Member, Berkeley Artificial Intelligence Lab Member, Center for Innovation in Vision and Optics Member, Vision Science Program Dartmouth College, Department of Computer Science 1999 – 2019 Albert Bradley 1915 Third Century Professor 2016 – 2019 Professor 2011 – 2016 William H. Neukom 1964 Distinguished Professor of Computational Science 2008 – 2011 David T. McLaughlin Distinguished Professor of Computer Science 2007 – 2008 Professor 2006 – 2007 Associate Professor 2004 – 2006 Assistant Professor 1999 – 2004 Dartmouth College, Tuck School of Business 2016 – 2019 Adjunct Professor of Business Administration Dartmouth College, Neukom Institute for Computational Science 2008 – 2011 Director PROFESSIONAL AI Foundation 2019 – present Board of Directors & Global AI Council Center for Investigative Reporting 2020 – present Advisory Committee Counter Extremism Project 2016 – present Senior Advisor Cyber Civil Rights Initiative 2019 – present Advisory Committee Fourandsix Technologies, Inc. 2011 – 2018 Chief Technology Officer & Co-founder Human Rights Center, University of California, Berkeley, School of Law 2019 – present Advisory Board Office of the Prosecutor, International Criminal Court 2018 – present Technology Advisory Board TikTok 2020 – present Content Advisory Council Truepic, Inc. 2018 – present Senior Advisor & Board of Advisors EDUCATION Massachusetts Institute of Technology 1997 – 1999 Postdoctoral Fellow, Brain and Cognitive Sciences (advisor: Ted Adelson) University of Pennsylvania 1993 – 1997 Ph.D., Computer Science (advisor: Eero Simoncelli) State University of New York at Albany 1990 – 1992 M.S., Computer Science University of Rochester 1984 – 1988 B.S., Computer Science with Applied Mathematics AWARDS National Academy of Inventors (NAI), Fellow, 2016 John Simon Guggenheim Fellowship, 2006 Alfred P.
    [Show full text]
  • How to Recover Data from a Broken Hard Drive
    How to Recover Data From a Broken Hard Drive Home Index Donate About Contact Us geekyprojects.com Web How to Recover Data From a Broken Hard Drive18. May 2007, 3:09 Uhr Pablo Garcia If you are reading this article you are probably desperate, but before you panic let me tell you that there is hope, and there is probably more hope than you think…. Even if your hard drive has an internal mechanical malfunction, data can be recovered without having to send the hard Data backup and recovery drive to a data recovery service. Yes! you heard right, I’m Data Center Aligns IT Resources To About Business Needs & Gives Good Benefit sure you have come across articles that will tell you how What is GEEKYPROJECTS all about? Cisco.com/in/DataCenter to recover data from a damaged partition, you will find a Geeky Projects is a site conceived in hopes of ton of those on the web, but when your hard drive starts gathering and documenting interesting projects. malfunctioning none of those articles are going to help We focus on creating quality articles that help you solve your problem, This article will. you become more efficient. more about » Feeds Corrupted file system RSS Posts If the hard drive gets detected by Windows and can be accessed but you do not see any data inside, or you get a RSS Comments message saying that the drive needs to be formatted. You probably have a corrupted file system in you hands. The solution for this is a good file recovery software.
    [Show full text]
  • (Literary) Special Effect: (Inter)Mediality in the Contemporary US-American Novel and the Digital Age
    The (Literary) Special Effect: (Inter)Mediality in the Contemporary US-American Novel and the Digital Age Dissertation zur Erlangung des philosophischen Doktorgrades an der Philosophischen Fakultät der Georg-August-Universität Göttingen vorgelegt von Bogna Kazur aus Lodz, Polen Göttingen 2018 Contents 1 Introduction ......................................................................................................................... 3 2 The Question of Medium Specificity in the Digital Age .................................................. 29 3 House of Leaves (2000) and the Uncanny Dawn of the Digital........................................ 39 3.1 Digital Paranoia: Arriving on Ash Tree Lane ........................................................... 39 3.2 Writing about House of Leaves ................................................................................. 43 3.3 Intermedial Overabundance: Taming House of Leaves ............................................. 49 3.4 An “Explicit” Approach to the Digital Age ............................................................... 54 3.5 What Kind of Movie is THE NAVIDSON RECORD? ..................................................... 68 4 In the Midst of the Post-Cinematic Age: Marisha Pessl’s Night Film (2013) .................. 88 4.1 Meant for Adaptation: Night Film and the Fallacy of First Impressions ................... 88 4.2 The Post-Cinematic Reception of Film ..................................................................... 96 4.3 The Last Enigma: Cordova’s Underworld ..............................................................
    [Show full text]
  • A Study of Hard Drive Forensics on Consumers' Pcs: Data
    A Study of Hard Drive Forensics on Consumers’ PCs: Data Recovery and Exploitation B. Dawn Medlin Appalachian State University Joseph A. Cazier Appalachian State University One of the first actions to take when getting rid of an old personal computer is to remove all of the files that contain identifying and personal information. Individuals can be surprisingly negligent in this effort. Many individuals may also believe that by simply moving their files to the recycle bin and then emptying that bin that all of their programs and files are permanently erased. If personal information is not totally deleted, acts of identity theft can easily occur. Our research study identified the types of information found and/or recovered from hard disk drives on computers that have been donated to charity, sold second-hand, or otherwise donated to other organizations for reuse. Of the fifty-five hard drives studied approximately 300,000 files contained identifiable information. Results showed the need for further training in relation to total file erasure from a hard drive as well as the negative results such as identity theft that can occur due to this lack of training or knowledge. INTRODUCTION Wiping a computer clean is not as easy as it may appear. Just deleting the personal files and emptying the recycle bin is essentially next to useless. The delete function only removes file names from a directory list and makes the sectors the files occupy on the hard drive available for future use. Meanwhile, these files actually continue to exist. To positively prevent data from recovery, disks can be removed from disk drives and broken up, or even ground to microscopic pieces.
    [Show full text]
  • Attribute-Based, Usefully Secure Email
    Dartmouth College Dartmouth Digital Commons Dartmouth College Ph.D Dissertations Theses and Dissertations 8-1-2008 Attribute-Based, Usefully Secure Email Christopher P. Masone Dartmouth College Follow this and additional works at: https://digitalcommons.dartmouth.edu/dissertations Part of the Computer Sciences Commons Recommended Citation Masone, Christopher P., "Attribute-Based, Usefully Secure Email" (2008). Dartmouth College Ph.D Dissertations. 26. https://digitalcommons.dartmouth.edu/dissertations/26 This Thesis (Ph.D.) is brought to you for free and open access by the Theses and Dissertations at Dartmouth Digital Commons. It has been accepted for inclusion in Dartmouth College Ph.D Dissertations by an authorized administrator of Dartmouth Digital Commons. For more information, please contact [email protected]. Attribute-Based, Usefully Secure Email A Thesis Submitted to the Faculty in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science by Christopher P. Masone DARTMOUTH COLLEGE Hanover, New Hampshire August, 2008 Examining Committee: (chair) Sean W. Smith, Ph.D. David F. Kotz, Ph.D. Christopher J. Bailey-Kellogg, Ph.D. Denise L. Anthony, Ph.D. M. Angela Sasse, Ph.D. Charles K. Barlowe, PhD Dean of Graduate Studies Abstract A secure system that cannot be used by real users to secure real-world processes is not really secure at all. While many believe that usability and security are diametrically opposed, a growing body of research from the field of Human-Computer Interaction and Security (HCISEC) refutes this assumption. All researchers in this field agree that focusing on aligning usability and security goals can enable the design of systems that will be more secure under actual usage.
    [Show full text]
  • Performance of Android Forensics Data Recovery Tools
    This is author accepted copy; for final version please refer to: B.C. Ogazi-Onyemaechi, Ali Dehghantanha, Kim-Kwang Raymond Choo, “Performance of Android Forensics Data Recovery Tools”, Pages 91-110, Chapter 7, (Elsevier) Contemporary Digital Forensic Investigations Of Cloud And Mobile Applications Performance of Android Forensics Data Recovery Tools Bernard Chukwuemeka Ogazi-Onyemaechi1, Ali Dehghantanha1; Kim-Kwang Raymond Choo2 1School of Computing, Science and Engineering, University of Salford, Manchester, United Kingdom 2 Information Assurance Research Group, University of South Australia, Australia [email protected]; [email protected]; [email protected] Abstract- Recovering deleted or hidden data is among most important duties of forensics investigators. Extensive utilisation of smartphones as subject, objects or tools of crime made them an important part of residual forensics. This chapter investigates the effectiveness of mobile forensic data recovery tools in recovering evidences from a Samsung Galaxy S2 i9100 Android phone. We seek to determine the amount of data that could be recovered using Phone image carver, Access data FTK, Foremost, Diskdigger, and Recover My File forensic tools. The findings reflected the difference between recovery capacities of studied tools showing their suitability in their specialised contexts only. Keywords: Data recovery, digital forensics, deleted file recovery, mobile forensics, Android forensics. 1 1.0 INTRODUCTION Smart mobile devices, particularly smartphones, are increasingly popular in today’s Internet-connected society (1–4). For example, few years ago in 2010, shipments of smartphone grew by 74 percent to 295 million units (3,4). Unsurprisingly, sales of smartphones have been increasing since then (5,6), and it has been estimated that 1.5 billion smartphones will be sold by 2017 and 1 billion mobile subscribers by 2022 (7–15).
    [Show full text]
  • Building Realistic Forensic Corpora to Enable Undergraduate Education and Research
    Building Realistic Forensic Corpora to Enable Undergraduate Education and Research Simson L. Garfinkel Associate Professor, Naval Postgraduate School July 27, 2010 — 9:00am - 9:45am http://digitalcorpora.org/ NSF Award DUE-0919593: "Creating Realistic Forensic Corpora for Undergraduate Education and Research" 1 NPS is the Navyʼs Research University. Location: !Monterey, CA Campus Size: !627 acres Students: 1500 . US Military (All 5 services) . US Civilian (Scholarship for Service & SMART) . Foreign Military (30 countries) Digital Evaluation and Exploitation: . Research computer forensics. Develop “corpora” for use in research & education. Identify limitations of current tools & opportunities for improvement. http://domex.nps.edu/deep/ “The views expressed in this presentation are those of the author and do not necessarily reflect those of the Department of Defense or the US Government.” 2 Digital Forensics Research is at a turning point. Yesterdayʼs work was primarily reverse engineering. Key technical challenges: . Evidence preservation. File recovery (file system support); Undeleting files . Encryption cracking. Keyword search. 3 Digital Forensics Research is at a turning point. Todayʼs work is increasingly scientific. Evidence Reconstruction . Files (fragment recovery carving) . Timelines (visualization) Clustering and data mining Social network analysis Same Community College Drives #74 x #77 25 CCNS in common Same Car Dealership Sense-making Drives #179 & #206 Drives #171 & #172 13 CCNS 13 CCNS in common in common Same Medical Center 4 Science requires the scientific process. Hallmarks of Science: . Controlled and repeatable experiments. No privileged observers. Why repeat some other scientist"s experiment? . Validate that an algorithm is properly implemented. Determine if your new algorithm is better than someone elseʼs old one.
    [Show full text]
  • Windows 7 Recovery Files Free Download Recover My Files 32-Bit for Windows
    windows 7 recovery files free download Recover My Files 32-bit for Windows. Recover My Files is a data recovery application that can recover deleted files emptied from the Windows Recycle Bin, lost due to formatting or re-installing a hard drive, or files that have been removed by a virus, Trojan infection, unexpected system shutdown or a software failure. Recover from hard drive, camera card, USB, Zip, floppy disk, iPod, Android device, and other media. Recycle Bin recovery support. File recovery after accidental format, even if you have reinstalled the Windows OS. Disk recovery after a hard disk crash. Partitioning error file recovery support. RAW hard drives file recovery support. Recover documents, photos, video music and email. Supports NTFS, FAT(12/16/32), exFAT, HFS, HFS+ . Recover My Files is a good recovery application, which gives you a safety net in case you mistakenly delete important data from your PC. It has a basic interface, but it does include some solid search and recovery tools. The application guides you through the file recovery process by allowing you to select drives and folders to scan.You can search for any type of file on a local or external drive, and you can specifically search for graphics, documents, archives, emails, or databases in order to speed up the process. You can also refine your search by choosing to scan dates and certain keywords. Overall, Recover My Files is a rapid and comprehensive search and recover tool for all users, from novice to expert. The downside is that the interface is standard and not really intuitive and there is no filter for search results.
    [Show full text]
  • Recover My Files V5
    Recover My Files v6 Copyright GetData 2002 - 2017, All rights reserved. Recover My Files v6 Chapter Contents Published: 30 January 2017 at 09:35:42 Frequently Asked questions ....................................................................................................... 7 Data Recovery Fundamentals ................................................................................................... 11 Hardware Recovery ........................................................................................................................................ 12 Software Recovery ......................................................................................................................................... 13 Chapter 1 – Introducing Recover My Files v6 ............................................................................. 19 1.1 Whats new in Recover My Files v6? .................................................................................................. 20 1.2 Introducing Recover My Files v6 ....................................................................................................... 20 1.3 When can Recover My Files be used? ............................................................................................... 21 1.4 On what type OF media can Recover My Files be used? ................................................................... 22 1.5 Supported file-systems ...................................................................................................................... 22 1.6 Supported
    [Show full text]
  • Recover My Files V4 Supports Recovery from a Wide Range of Filesystems
    Recover My Files Data Recovery Software | English V4 ___________________________________________________ License Agreement This document is a legally binding agreement between you and GetData Pty Ltd ABN 79 100 297 149 ("GetData"), the developer of the software program "Recover My Files" ("Software"). Permission to use the Software and any documentation included with the Software ("Documentation") is conditional upon you agreeing to the terms set out below. By installing or otherwise using the Software you agree to be bound by the terms of this agreement. If you do not wish to accept the terms, do not install or use the Software and (if using a CD-ROM) return the Software and Documentation to GetData in its original packaging within 14 days of receiving the Software. In consideration of the payment by you of the applicable fees, GetData grants to you, and you accept, a non exclusive non-transferable license to use the Software and Documentation . GetData is and remains the exclusive owner of the Software and the Documentation. You acknowledge that copyright in the Software and Documentation remains at all times with GetData. Unauthorized copying or modification of the Software and/or Documentation will entitle GetData to immediately terminate this Agreement. GetData shall have the right to check license details at any time in any reasonable manner. You may freely distribute the unregistered "trial" version of the Software. The "Standard License" permits you to install and use the Software on a single computer or, in the event that you have purchased multiple licenses, to install the Software concurrently on multiple computers equivalent to the number of licenses that you have purchased.
    [Show full text]
  • Ec-Council 312-49
    EC-COUNCIL 312-49 EC-Council CHFI Certification Questions & Answers Exam Summary – Syllabus –Questions 312-49 EC-Council Computer Hacking Forensic Investigator (CHFI) 150 Questions Exam – 70% Cut Score – Duration of 240 minutes 312-49 Exam Questions Table of Contents: Know Your 312-49 Certification Well: ................................ 2 EC-Council 312-49 Certification Details: .......................... 2 312-49 Syllabus: ................................................................ 3 EC-Council 312-49 Sample Questions: ........................... 14 Study Guide to Crack EC-Council 312-49 Exam: ............ 18 EC-Council CHFI Certification Practice Exam 1 312-49 Exam Questions Know Your 312-49 Certification Well: The 312-49 is best suitable for candidates who want to gain knowledge in the EC- Council Cyber Security. Before you start your 312-49 preparation you may struggle to get all the crucial materials like 312-49 syllabus, sample questions, study guide. But don't worry the 312-49 PDF is here to help you prepare in a stress free manner. The PDF is a combination of all your queries like- What is in the 312-49 syllabus? How many questions are there in the 312-49 exam? Which Practice test would help me to pass the 312-49 exam at the first attempt? Passing the 312-49 exam makes you EC-Council Computer Hacking Forensic Investigator (CHFI). Having the certification opens multiple opportunities for you. You can grab a new job, get a higher salary or simply get recognition within your current organization. EC-Council 312-49 Certification
    [Show full text]
  • User Guide.Nsr 2
    Norton Save and Restore Norton Save and Restore User's Guide The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Documentation version 7.0 Legal Notice Copyright © 2007 Symantec Corporation. All rights reserved. Federal acquisitions: Commercial Software - Government Users Subject to Standard License Terms and Conditions. Symantec, the Symantec Logo, Norton, LiveUpdate, and Symantec pcAnywhere are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. Microsoft, Windows, Windows NT, Windows Vista, MS-DOS, .NET, and the Windows logo are registered trademarks or trademarks of Microsoft Corporation in the United States and other countries. VeriSign® is a registered trademark of Verisign, Inc. Gear Software is a registered trademark of GlobalSpec, Inc. Maxtor OneTouch is a trademark of Maxtor Corporation The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING PERFORMANCE, OR USE OF THIS DOCUMENTATION.
    [Show full text]