Multimedia
JPEGsnoop Version 1.2.0
JPEGsnoop by Calvin Hass provides a deep insight into the internals of JPEG files. Also the program identifies digital cameras and image editing software by their characteristic quantization tables.
« February 2008 | Main | April 2008 »
FTK 2
FTK 2.0 - Installation
Recently the new version of AcessData's Forensic Toolkit arrived in the mail. Of course I felt a strong urge to try it out. Here is what I experienced so far.
Side notes
More about the Rich Header
About two years ago I wrote about the Rich header which can be found in most executable files for the Microsoft Windows platform. Now Daniel Pistelli went on a thorough investigation into that matter.
Memory analysis
A Small RAM Dumper
When freezing RAM (the Princeton way) or rapidly powercycling a machine (The Guillotine) you will need a small tool to obtain the memory image, like msramdmp by Robert Wesley McGrew.
Search
Deutsch
Deutschsprachige Ausgabe
Categories
- Lab (39)
- FTK 2 (5)
- Library (20)
- Side notes (47)
- Topics
- Carving (8)
- File Systems (1)
- Multimedia (7)
- Network forensics (2)
- Windows (1)
- Memory analysis (96)
- NT event log (8)
- Vista event log (20)
Archives
- December 2009
- November 2009
- October 2009
- May 2009
- April 2009
- March 2009
- February 2009
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- December 2005
- November 2005
- October 2005
Latest articles
Subscribe
Imprint
This blog is a project of
Andreas Schuster
Im Äuelchen 45
D-53177 Bonn
Germany
impressum@forensikblog.de
Copyright © 2005-2010 by
Andreas Schuster
All rights reserved.