-Does your computer fail to bootup?
-Does your computer freeze and reboot?
-Cannot access your data due to the lost password?
-Does your computer contain critical data?
-Don't have a recent backup?
-Reformatted your harddrive?
-Accidentally deleted files?

Our blog will provide the relevant information on free tools, techniques, and approaches to recover your computer and get your valuable data back.

PlainSight: Open Source Computer Forensics Software

PlainSight is a versatile computer forensics environment that allows inexperienced forensic practitioners perform common tasks using powerful open source tools.

Image and video hosting by TinyPic

We have taken the best open source forensic/security tools, customized them, and combined them with an intuitive user interface to create an incredibly powerful forensic environment.

With PlainSight you can perform operations such as:
·         Get hard disk and partition information
·         Extract user and group information
·         View Internet histories
·         Examine Windows firewall configuration
·         Discover recent documents
·         Recover/Carve over 15 different file types
·         Discover USB storage information
·         Examine physical memory dumps
·         Examine UserAssist information
·         Extract LanMan password hashes
·         Preview a system before acquiring it


Tools on the site are organized into the following categories:

·         Bootable Environments: Use to boot a suspect system into a trusted state.
·         Data Acquisition: Use to collect data from a dead or live suspect system.
·         Volume System: Use to examine the data structures that organize media, such as partition tables and disk labels.
·         File System: Use to examine a file system or disk image and show the file content and other meta data.
·         Application: Use to analyze the contents of a file (i.e. at the application layer).
·         Network: Use to analyze network packets and traffic. This does not include logs from network devices.
·         Memory: Use to analyze memory dumps from computers.
·         Frameworks: Frameworks used to build custom tools.


Device Information
·         Use hdparm and disktype to view hard disk and partition details.
·         Use RegRipper to extract USB storage information from registry.
·         Use RegRipper to extract Device Class information from registry.

Operating System
·         Use RegRipper to retrieve current Windows version from registry.
·         Use RegRipper to retrieve computer name version from registry.
·         Use RegRipper to extract UserAssist information from registry.
·         Use RegRipper to retrieve recent documents from registry.
·         Use RegRipper to extract User and Group information from registry.
·         Use BKhive and Samdump2 to extract XP/2000/NT Passwords via SAM and SYSKEY.

·         Use RegRipper to extract Windows firewall configuration from registry.

Internet Histories
·         Use Pasco to recover Internet Explorer histories.
·         Use Mork to recover FireFox/Netscape histories.
·         Use RegRipper to view typed URLs.

Volatile Memory Examination
Use The Volatility Framework to extract the below information from physical memory samples:
·         Image date and time
·         Running processes
·         Open network sockets
·         Open network connections
·         DLLs loaded for each process
·         Open files for each process
·         Open registry handles for each process
·         A process' addressable memory
·         OS kernel modules
·         Mapping physical offsets to virtual addresses (strings to process)
·         Virtual Address Descriptor information
·         Scanning examples: processes, threads, sockets, connections, modules
·         Transparently supports a variety of sample formats (ie, Crash dump, Hibernation, DD)

File Recovery / Carving
Use Foremost to recover file types. Including the below:
·         jpg
·         png
·         gif
·         bmp
·         mpg
·         wav
·         avi
·         wmv
·         mov
·         pdf
·         htm
·         ole
·         zip
·         rar
·         exe

Sensitive Data Audit
·         Use Spider to scan a system for sensitive data.

·         Run from CD or USB.
·         Save results in HTML and/or plain text.
·         Run against a disk image or local disks.

Related Posts Plugin for WordPress, Blogger...

Data Recovery Techniques © 2008. Template by Dicas Blogger.