Every forensic examiner is familiar with hex and text viewers; they are the cornerstone of the most basic forensic examination. If all your tools and scripts fail or don’t support a given artifact, you can always fall back to a hex viewer to dig into an artifact to uncover any evidence within. New with IEF … Continued
As we continue to add analysis features to Magnet IEF, one of the most common pieces of feedback we receive is that we needed a simplified report viewer for sharing IEF results with non-technical stakeholders. These stakeholders may include other investigators, lawyers, analysts, managers, HR, or anyone else who may be involved with an investigation, … Continued
Recently, we released a new free tool that allows investigators to acquire the memory of a live PC. Customers using our IEF Triage module will already be familiar with this tool, as it’s used to acquire evidence from live systems. In realizing that others could benefit from our RAM capture tool, we decided to release … Continued
By: Jad Saliba, Founder & CTO of Magnet Forensics It’s not an issue many like to talk about, or perhaps even know about. But child sex slavery is one of the fastest growing criminal enterprises in the world. A perverse industry that preys on the poor, especially in economically disadvantaged countries, this kind of exploitation … Continued
This is the fifth and final blog post in a series about recovering Business Applications & OS Artifacts for your digital forensics investigations. What are Shellbags? While shellbags have been available since Windows XP, they have only recently become a popular artifact as examiners are beginning to realize their potential value to an investigation. Shellbags … Continued
This is the fourth blog post in a series of five about recovering Business Applications & OS Artifacts for your digital forensics investigations. What are prefetch files? Prefetch files are great artifacts for forensic investigators trying to analyze applications that have been run on a system. Windows creates a prefetch file when an application is … Continued
This is the third blog post in a series of five about recovering Business Applications & OS Artifacts for your digital forensics investigations. What are LNK Files? LNK files are a relatively simple but valuable artifact for the forensics investigator. Shortcut files link to an application or file commonly found on a user’s desktop or … Continued
