A bunch of posting have crept up on Troy Larson's WindowsFE. The build is fairly straight forward, but diskpart isn't the most fun to work with once it's built and one starts working with it.
http://www.twine.com/item/113421dk0-g99/windows-fe
http://blogs.eweek.com/cheap_hack/content/hacking/do_windows_forensics_in_windows_fe.html
http://grandstreamdreams.blogspot.com/2009/02/windows-fe-details-teased-out-of-web.html
Friday, February 20, 2009
Thursday, February 19, 2009
Gmail Offline
I'm not sure if anyone has played with it much yet, but Gmail now has a
offline mode for use when there is no connectivity available. I've
played with it some in Google's Chrome since it needs Google Gears to
work. A decent posting on it is here:
http://news.cnet.com/8301-17939_109-10152019-2.html?tag=mncol;title
What's cool from a forensics standpoint is that as we would expect since
it caches locally it would finally create some decent artifact since
Gmail normally doesn't leave much.
For Chrome at least it creates a series of folders under \Documents and
Settings\%userprofile%\Local Settings\Application
Data\Google\Chrome\User Data\Default\Google Gears\mail.google.com
It will create files titles mail[{some number}] for each email, and then
extract any attachments in the same folders with a reference back to the
original email. Example sompeicture[{some number}].jpg
What I found is the coolest part is it uses the same format as
documented by John McCash's here:
http://sansforensics.wordpress.com/2008/09/19/forensic-gmail-artifact-an
alysis/
Since it follows the format, his scripts work on the cached files also.
offline mode for use when there is no connectivity available. I've
played with it some in Google's Chrome since it needs Google Gears to
work. A decent posting on it is here:
http://news.cnet.com/8301-17939_109-10152019-2.html?tag=mncol;title
What's cool from a forensics standpoint is that as we would expect since
it caches locally it would finally create some decent artifact since
Gmail normally doesn't leave much.
For Chrome at least it creates a series of folders under \Documents and
Settings\%userprofile%\Local Settings\Application
Data\Google\Chrome\User Data\Default\Google Gears\mail.google.com
It will create files titles mail[{some number}] for each email, and then
extract any attachments in the same folders with a reference back to the
original email. Example sompeicture[{some number}].jpg
What I found is the coolest part is it uses the same format as
documented by John McCash's here:
http://sansforensics.wordpress.com/2008/09/19/forensic-gmail-artifact-an
alysis/
Since it follows the format, his scripts work on the cached files also.
Tweeting in an emergency
A really cool concept when you think about it. There are so many ways to access Twitter in addition to the ability to aggregate information from a bunch of people.
Subscribe to:
Posts (Atom)