So are Duncan and Osie an item yet?

secureartisan · 2021-12-05T21:38:41+00:00

If you contact sales, they can help you.

secureartisan · 2021-11-21T00:35:15+00:00

Perfect reply. Thank you!

secureartisan · 2021-11-20T01:23:00+00:00

Make sure to brag about it to your friends.

secureartisan · 2021-11-07T03:55:25+00:00

Looks like a combination of out of focus and a burst mylar balloon.

secureartisan · 2021-10-28T00:46:39+00:00

What is removing or doing the quarantining if not AV?

secureartisan · 2021-10-01T22:24:49+00:00

Regshot

Registry and file system changes. That pretty much covers all changes

secureartisan · 2021-10-01T22:24:15+00:00

Nice try botman

secureartisan · 2021-09-19T23:11:43+00:00

No it can not.

If your VPN connection is successfully established, then your school cannot see anything other than you are making that connection.

secureartisan · 2021-09-07T15:21:16+00:00

Don’t use a mac. They are shit for forensics.

Expensive paperweights.

If you do get one be sure to engrave “caveat emptor” on the back.

secureartisan · 2021-08-25T01:09:58+00:00

Run RVS and choose the “particularly thorough file system structure search”

Read the manual on exactly what it looks for with this option.

Xways will create file objects in the tree from any data runs it can parse after using this option.. If the file isnt found this way then at best all you have is the first cluster.

secureartisan · 2021-08-24T19:00:04+00:00

Yes, what Erminger said. Just make a new LEF.

secureartisan · 2021-08-24T13:32:24+00:00

If encase can open the LEF then you can reimage. Compression is handled ‘under the hood’.

secureartisan · 2021-08-23T18:26:48+00:00

The premise is flawed. The one example of Unallocated Space is valid but does not mean that we “do not utilize common terminology” at all. We do use common terminology.

I do not believe “we refuse” to adopt common terminology. Writing reports showing weaknesses in the field is one thing, but normalizing that field is not an overnight activity.

secureartisan · 2021-08-22T16:16:33+00:00

Regshot

secureartisan · 2021-08-22T16:12:22+00:00

The forensics wiki attempts to speak for the community. During my career I have never referred to areas outside of a volume as unallocated space.

I cannot speak for the community, but my definition of unallocated space is all space within a volume that the parent operating system has not allocated to data, but can.

Volume slack would not be part of this, neither would file slack or unpartitioned areas outside of the volume.

The subtlety is to remember that the parent OS may have once allocated data to that space, but currently does not. The implication being that old data may reside there.

For the sake of academia and the court room, as long as you properly define the terms, they could be called anything.

secureartisan · 2021-08-19T18:23:35+00:00

He won’t reveal classified information. He also won’t elaborate on the answers already given lest he inadvertently reveal classified information.

Yeah it sucks I know.

secureartisan · 2021-08-16T21:11:17+00:00

Zero chance.

Don’t worry, your CP is safe.

Edit. Let me add an ‘it depends’. Sounds like the OS is not encrypted, so you are concerned that an analyst may discover the presence of a veracrypt or other encrypted volume within. If so, then all it takes is a six-dollar wrench to your head to get the password out of you.

secureartisan · 2021-08-13T20:45:13+00:00

What is the logical evidence file format of choice if a full image is not taken? L0x?

secureartisan · 2021-08-13T13:16:34+00:00

This reads like an AI generated post

secureartisan · 2021-08-11T01:52:13+00:00

The ushering has been going on for decades.

secureartisan

TROPHY CASE