forensics Archives

Profiles

What’s in a name? That which we call a profile By any other name would still let us log in. I […]

Registry Overview

The first step to forensic analysis of the Registry is knowing where to find the files. The short answer is go look […]

MRU

There are a plethora of keys in the Registry dedicated to telling you where you’ve been. Known as MRU (Most Recently Used) […]

Bulk Extract EXIF

I was asked not too long ago about how to extract metadata from inside a file. Easy, I said. I then proceeded […]

Plists

Plist files are found sprinkled throughout OS X and iOS and contain the various configuration settings and other information of use to the OS and applications.

Autoruns

This is an EnCase EnScript I wrote a few years back. The original design goal was to implement Sysinternals Autoruns.exe inside EnCase […]