Category Forensics

Email Header Analyzer

The website mxtoolbox.com has an email header analyzer that makes headers easily readable. Visit http://mxtoolbox.com/EmailHeaders.aspx and try submitting a header to see if it makes it a bit easier to decipher.

Yahoo! Email Headers

Open the desired email, select More, and then select View Raw Message. A new tab will open with the full header (the example below is only a portion of the what would be present). To copy the header: click on the text, select Ctrl+A to select all the text, Ctrl+C to copy the text, open […]

Microsoft Outlook 2013 Email Headers

This may also work for different versions of Outlook. Open the desired message in a separate window by double clicking on it. Once the message has been opened, select File at the upper left. Select on Properties You may now view the header information in the Internet headers box. I recommend highlighting and copying all […]

Microsoft Outlook.com Webmail Email Headers

Select the email with the header you want to view and select the down arrow next to the right of Reply. Select View message source from the dropdown menu. The header, titled Message source, will be displayed in a scrollable window. To copy the header: click on the text, select Ctrl+A to select all the […]

Greenshot – Great [Free] Screenshot Utility

Greenshot is a great [and free] screenshot utility. What I really like about this program is it will name the screenshot after the window that is captured. I was testing the program HDD Low Level Format Tool and took a screenshot, which resulted in “2015-09-03 14_41_10-Device Selection – HDD Low Level Format Tool 4.40 Home License.png.” […]

Data Destruction: CCleaner

CCleaner is a free cleanup utility with Windows or Mac. This program is available as an installable or portable application. In addition to deleting temporary internet files, CCleaner will delete other content selected by the user. CCleaner can also be used to securely erase free space. This test will focus on just free space wiping feature. […]

Data Destruction: Deleting and Quick Formatting Partitions

This was a very brief test to show the difference in data destruction when deleting and formatting a partitions. This is a very basic subject, but I performed this test to recreate something I saw in a recent examination. This was the equipment and software involved: The test computer was running Windows 7 Professional 64-bit with […]

Solid State Drives Will Lose Data When Unplugged

I love SSDs and use them in almost all of my computers. I had never considered using SSDs for long term cold storage (unplugged) because of the cost, capacity, and the way they store data. According to the article below, the rate at which SSDs will lose data can depend on the environment. It’s still […]

Memory Forensics: Volatility Introduction

UPDATE 11/29/2018 If you want something a lot simpler than the command line steps below, check out Volatility Workbench. It is free and has a very simple to use GUI. ORIGINAL POST If you have not yet performed memory forensics, you are missing valuable information (i.e., TrueCrypt passwords). If you are like me, you do […]

Forensic Software: Windows

I was working on the list of free programs that my coworkers and I like and use, but then I ran across this website. I am still listing programs I like and use in this post, but the previously mentioned website is also worth a look. Free Windows Software The programs below are worth a look, […]