Saturday, September 5, 2015

Android SQLite Database Forensics: A Tip to Digital Archeology

Mobile forensics is one of the fastest growing digital forensics discipline. This is due to the rapid growth in the usage of mobile phones by the people. One of the most significant breakthrough in the development of mobile phone industry is the emergence of android smartphones.

Wednesday, August 12, 2015

Carving Out Opera Browser Forensics

With the coming up of Internet era, the way of finding information has become much easier. There are many web browsers available in the way for searching the information and one such browser is Opera Mini. Opera Mini is the faster browser found in Smartphones, Mobile phones and in PDAs. It is of free and available along with the mobile phones and is found as the most used web browser in phones. 

Tuesday, August 4, 2015

Getting Acquainted With The Structure of Outlook PST File

MS Outlook, one of the components of MS Office suite, is the most popular Personal Information Manager and desktop based email client. It is a standalone application and also works efficiently with organizational level server systems like Exchange server and SharePoint Server. The data stored in it is maintained in a storage file referred as PST or Personal Storage Table. The PST file maintains the data of Outlook in a systematic and hierarchical form.




In this write up we will shed some light on the structure of the Outlook PST files. The PST file follows both Logical and Physical structure, which will remain the highlights of this blog.

Monday, July 20, 2015

Looking Into The Structure of MBOX File

MBOX stands for Mailbox, which is a file format that holds a collection of email messages in plain text format. All the messages are stored in individual, long text format and the new messages are appended to the end of the file. MBOX stores the messages in RFC 2822, original Internet Message format, making it easily accessible.


Wednesday, February 18, 2015

Dig Out Evidences Through Control Panel Forensics

Windows Operating System Control Panel is implemented as a series of applets and each of these applets is represented by .cpl file. These applets are usually stored in %system root%\System32 folder and can be opened through system binary ‘control.exe’ a control panel application. There are various ways available to access it and each of these methods can destine you with different artifacts which are also stored in varied places depending on the version of Windows.





Friday, February 6, 2015

An Introduction To Virtual Machine Forensics

The virtual machine is a software application using which one can create separate OS environments. Each environment limits the use of its hardware and software resources. In an ideal case, an individual virtual machine behaves as an independent system possessing its personal operating system and hardware. The control over each environment is provided to the user independently.







Wednesday, January 21, 2015

Tricks To Simplify Exchange Email Forensics

Microsoft Exchange Server has provided a secure messaging environment and offers a database to store the communication information. The user database gets saved in two forms: mailboxes and the public folders that gets saved as priv.edb and pub.edb file respectively and for simplification it required Exchange email analysis.
For Exchange email forensics, most of the investigators prefer using third party tools that helps to analyze Outlook data but Microsoft has embedded options in this server applications for eDiscovery and compliance purpose.