If you have ever been looking for a way to access your computer disk without having to deal with user permissions and constrains the operating system enforces then this is the series to read. David Cowen is working on an excellent series called “Automating DFIR” (Digital Forensics Incident Response) on his blog “Hacking Exposed Computer
If you are at all familiar with the Python programming language you will know that one of the nice things is the simplicity of writing scripts. The other great thing about Python is the considerable collection of modules that do the heavy lifting for you. In this example I want to share a script I
If you are a python developer you are probably accustomed to coding in notepad++ or Idle… You may want to try using Py Tools (PYVS) with Visual Studio. You ask why? Well first you will be able to take full advantage of Intellisence (intelligent code completion) in Visual Studio which really helps with the development
Following my talk on SQLite Forensics at the CEIC conference I want to share the scripts I wrote but did not get the opportunity to demo during the talk! I talked about using Python to export data from the Favicon database in the Chrome web browser, any SQLite database using python. In this post I’m going
David A Dym I am the owner of Red Rock Solutions, LLC and EasyMetaData.com. I am a Texas Licensed Private Investigator. I am a Computer Forensics investigator with G-C Partners, a top notch Computer Forensics company based in Dallas and licensed by the Texas board of Private Investigators. Publications I am a contributing author for
There is a new forensic viewer in town called “Pancake Viewer”. It’s being developed by our good friend Forensicmatt known for the Triforce journal parser. Pancake viewer is there to review forensic artifacts interactively in a simple interface, for free. Its familiar and based fully on opensource libraries. If your curious about the backend it’s
Putting together EXE’s has become common practice to simplify script deployments and satisfy dependencies on client systems no matter what the programming language be it perl, python or.NET code. Packing dependencies for the script into native code you don’t have to worry about pesky dependencies. Now there is a tool to turn PowerShell scripts from
Today I’m posting some research I did early last year related to querying Chrome Web Browser SQLite databases which is how Chrome stores most of the useful information that makes for a great browsing experience. A byproduct of course is useful information for an examiner. In this post I’m going to talk about two databases
Over the weekend I finally took the time to dig through the source code from Arsenal for mounting forensic images. It’s been on my list for a long time so I was excited to do some hacking and see what I could come up with. Although the documentation is not good I was able to
Computer Forensics and DFIR Resources Links and references Databases Posts on easymetadata.com SQLite Documentation at sqlite.org Coding Python I have some posts on Python here on my blog. The python docs are very helpful and simple to understand A Byte of Python ebook