I have been experimenting with creating backups for the raspberry pi. My backup philosophy is to backup everything on these little machines as I have a tendency to install packages…
Category: Forensics
I recently found it necessary to quickly grab a large amount of SYSTEM registry files to determine the current control set and time zone information. FTK displays this information upon…
In my last post, I mentioned two useful FTK filters for quickly finding files of interest. Below are two more that may be helpful to a digital investigator examining a…
I have been working on a forensic investigation of about 20 Windows Server 2008 R2 VMs using FTK 4.2. FTK makes examining many systems manageable. One feature that has saved…