Highest Voted 'forensics' Questions - Server Fault Stack Exchange

0

votes

2 answers

FTK Image to VMDK

It seems that most of the posts I can find show me how to take a VMDK and convert it to an FTK Image for processing. I'd like to go the other way, and get a bootable VMWare image. I've found the Virtual Forensic Computing tool, but I'm just a…

virtual-machines forensics

asked Jul 03 '13 at 17:18

omghai2u

315
1
6
15

0

votes

2 answers

Network shares that a Computer has connected to

I know that Windows 7 (Registry) stores the shares that a machine has connected to. Can anybody tell me what the registry location is ? According to : Forensic Focus, it should be under…

forensics

asked Apr 16 '12 at 19:19

thugzclub

61
1
2
4

0

votes

2 answers

Strange Items in Hosts File and Netstat

I ran a netstat -a on a computer and there were a number of strange items: Proto Local Address Foreign Address State TCP netgym:epmap virusin:0 LISTENING TCP netgym:microsoft-ds virusin:0 …

hosts forensics security

asked Dec 05 '10 at 20:30

JMC

496
6
21

0

votes

0 answers

The date modified of a deleted file in a disk image is having a later date than the last system Log On date

I am analyzing a disk image for a forensic investigation and I see deleted files having a later date for last modified date than the last system log on date. Does this means someone has created a raw image file and delete those files from the…

forensics

asked May 07 '21 at 06:12

ragn3r

1

0

votes

1 answer

Does azure VM disk contain information about the subscription?

I'm creating Azure VM with a single drive (IS drive) and creating an image (EO1) of the drive for some testing I am doing. I need to share the image with the client. Will the image contain any information about the subscription? the VMs are Windows…

azure virtual-machines forensics subscription

asked Oct 31 '20 at 14:17

Parsifal15

17
2

0

votes

1 answer

azure attach read only disk

i am running forensic experiment on azure and need to use one machine for the experiment and a different machine for the looking at the content. the experiments rely on registry and other elements and i am worried as soon as i attached the new host…

azure diskmanagement forensics

asked Oct 25 '20 at 16:13

Parsifal15

17
2

0

votes

1 answer

cloning NTFS disk

I need to clone a failing 2TB disk that contains a NTFS partition, using Debian GNU/Linux. The disk has a number of non-relocatable bad sectors, so I know that part of the data is already lost; however I need to clone the the disk in order to try to…

linux ntfs clone forensics

asked Jul 21 '20 at 11:05

Lucio Crusca

330
2
10
31

-1

votes

1 answer

Retrieving the search keywords from a search result entry (Google)

Is it possible to go back to the actual google query string given one or more URL results? for example, if I do a search using the keyword "pippo" I get this first…

url google search-engine forensics

asked Jul 09 '15 at 13:01

Niugeo

1

Questions tagged [forensics]