Wednesday, August 12, 2015

Carving Out Opera Browser Forensics

With the coming up of Internet era, the way of finding information has become much easier. There are many web browsers available in the way for searching the information and one such browser is Opera Mini. Opera Mini is the faster browser found in Smartphones, Mobile phones and in PDAs. It is of free and available along with the mobile phones and is found as the most used web browser in phones. 

Tuesday, August 4, 2015

Getting Acquainted With The Structure of Outlook PST File

MS Outlook, one of the components of MS Office suite, is the most popular Personal Information Manager and desktop based email client. It is a standalone application and also works efficiently with organizational level server systems like Exchange server and SharePoint Server. The data stored in it is maintained in a storage file referred as PST or Personal Storage Table. The PST file maintains the data of Outlook in a systematic and hierarchical form.

In this write up we will shed some light on the structure of the Outlook PST files. The PST file follows both Logical and Physical structure, which will remain the highlights of this blog.

Monday, July 20, 2015

Looking Into The Structure of MBOX File

MBOX stands for Mailbox, which is a file format that holds a collection of email messages in plain text format. All the messages are stored in individual, long text format and the new messages are appended to the end of the file. MBOX stores the messages in RFC 2822, original Internet Message format, making it easily accessible.

Wednesday, February 18, 2015

Dig Out Evidences Through Control Panel Forensics

Windows Operating System Control Panel is implemented as a series of applets and each of these applets is represented by .cpl file. These applets are usually stored in %system root%\System32 folder and can be opened through system binary ‘control.exe’ a control panel application. There are various ways available to access it and each of these methods can destine you with different artifacts which are also stored in varied places depending on the version of Windows.

Friday, February 6, 2015

An Introduction To Virtual Machine Forensics

The virtual machine is a software application using which one can create separate OS environments. Each environment limits the use of its hardware and software resources. In an ideal case, an individual virtual machine behaves as an independent system possessing its personal operating system and hardware. The control over each environment is provided to the user independently.

Wednesday, January 21, 2015

Tricks To Simplify Exchange Email Forensics

Microsoft Exchange Server has provided a secure messaging environment and offers a database to store the communication information. The user database gets saved in two forms: mailboxes and the public folders that gets saved as priv.edb and pub.edb file respectively and for simplification it required Exchange email analysis.
For Exchange email forensics, most of the investigators prefer using third party tools that helps to analyze Outlook data but Microsoft has embedded options in this server applications for eDiscovery and compliance purpose. 

Wednesday, December 3, 2014

SQL Injection Attack – Injecting Harmful/Malicious SQL Code

SQL Injection Attack & Its Types

 Similar to other things SQL also has two sides, one good and the other bad. On one side the programming language is used for management of relational database whereas on the other it can also be utilized for execution of malicious attacks by attackers. One example is SQL injection attack, by means of which malicious codes are injected into the server and then into the SQL database. This results in extraction of useful and valuable information from the system by backdoor. The attack generally affects the link between a server and client-mostly a web server, where security layers such as SSL, TLS, etc. are not utilized, and the browser. This is because normally data exchanged between web browsers and web servers is in the form of plain text-which leaves users vulnerable to eavesdropping. In such cases attacker are able to intercept all data being shared.