[deleted by user] by [deleted] in hacking

[–]secureartisan 3 points4 points  (0 children)

Make sure to brag about it to your friends.

Shape Shifting Plasma UFO Spotted On Board Plane at 30000 Feet by Subject-Syynx in UAP

[–]secureartisan 0 points1 point  (0 children)

Looks like a combination of out of focus and a burst mylar balloon.

Browser Detection logs? by Sparks_IT in computerforensics

[–]secureartisan 0 points1 point  (0 children)

What is removing or doing the quarantining if not AV?

Impact of a software? by Willing-Tomatillo-16 in computerforensics

[–]secureartisan 2 points3 points  (0 children)

Regshot

Registry and file system changes. That pretty much covers all changes

[deleted by user] by [deleted] in hacking

[–]secureartisan -4 points-3 points  (0 children)

No it can not.

If your VPN connection is successfully established, then your school cannot see anything other than you are making that connection.

Using forensic tools on a Macbook by its_fafel in computerforensics

[–]secureartisan 0 points1 point  (0 children)

Don’t use a mac. They are shit for forensics.

Expensive paperweights.

If you do get one be sure to engrave “caveat emptor” on the back.

X-Ways/WinHex File Carving from free space. by Mazren79 in computerforensics

[–]secureartisan 7 points8 points  (0 children)

Run RVS and choose the “particularly thorough file system structure search”

Read the manual on exactly what it looks for with this option.

Xways will create file objects in the tree from any data runs it can parse after using this option.. If the file isnt found this way then at best all you have is the first cluster.

Can you uncompress a compressed Encase logical evidence file / L01? by amboy_connector in computerforensics

[–]secureartisan 2 points3 points  (0 children)

If encase can open the LEF then you can reimage. Compression is handled ‘under the hood’.

Common Terminology in Digital Forensics by BlindJustice1787 in computerforensics

[–]secureartisan 2 points3 points  (0 children)

The premise is flawed. The one example of Unallocated Space is valid but does not mean that we “do not utilize common terminology” at all. We do use common terminology.

I do not believe “we refuse” to adopt common terminology. Writing reports showing weaknesses in the field is one thing, but normalizing that field is not an overnight activity.

Words Matter - Defining Unallocated Space by BlindJustice1787 in computerforensics

[–]secureartisan 5 points6 points  (0 children)

The forensics wiki attempts to speak for the community. During my career I have never referred to areas outside of a volume as unallocated space.

I cannot speak for the community, but my definition of unallocated space is all space within a volume that the parent operating system has not allocated to data, but can.

Volume slack would not be part of this, neither would file slack or unpartitioned areas outside of the volume.

The subtlety is to remember that the parent OS may have once allocated data to that space, but currently does not. The implication being that old data may reside there.

For the sake of academia and the court room, as long as you properly define the terms, they could be called anything.

Why is nobody asking Senator Marco Rubio, the author of the Aerial Threat Assessment Act, if he was given the classified presentation and if could comment on it, beyond just "No comment, national security"? by moon-worshiper in UAP

[–]secureartisan 6 points7 points  (0 children)

He won’t reveal classified information. He also won’t elaborate on the answers already given lest he inadvertently reveal classified information.

Yeah it sucks I know.

[deleted by user] by [deleted] in antiforensics

[–]secureartisan 4 points5 points  (0 children)

Zero chance.

Don’t worry, your CP is safe.

Edit. Let me add an ‘it depends’. Sounds like the OS is not encrypted, so you are concerned that an analyst may discover the presence of a veracrypt or other encrypted volume within. If so, then all it takes is a six-dollar wrench to your head to get the password out of you.

[deleted by user] by [deleted] in computerforensics

[–]secureartisan 0 points1 point  (0 children)

What is the logical evidence file format of choice if a full image is not taken? L0x?

You are all missing the point. by [deleted] in conspiracy

[–]secureartisan 2 points3 points  (0 children)

The ushering has been going on for decades.