Today was something else. When I woke up this morning I was confronted with the horror of horrors. The chambermaid had not replenished the in-room coffee. I started to tremble as I stared in disbelief. Snapping out of it I turned to getting a work out in before class. Nope. No love. The gym was packed. This is not starting well. Alright then back to the room. After sending some emails to the office I was on my way to class.
Today was great. I made it on time and I was able to get a cup of coffee from Starchucks downstairs. Yes, not a fan. But, by that point I was jonesin. Today we tackled Enscripts, the EnCase Decryption Suite (EDS), Virtual File System (YFS) and *nix/Mac artifacts. First off we started messing with the Enscripts. These allow an investigator to run ANY type of search on the acquired computer. And I mean ANY search. The EDS allows the investigator to crack passwords, pull out SIDs et cetera (Tired and not long on words this everning). The VFS allows an investigator to load up an evidence file as a VMWare image. So, imagine having to testify in court. You could load up the acquired OS to show the jury exactly what the suspect would have seen. Rather powerful, no? Finally we got to the linux/unix and Mac OSX artifacts. As of this latest version, 5.05a, now has support for Mac. This had traditionally been the hobgoblin of the law enforcement community. No more. All in all my brain was leaking out of my ears again.
All in all, a very good day.
Sir,
Can you please share the training material which includes NTFS and MFT records.
I see that you had attended the training for the same.
Thanks
@Shilpa Sorry, I’m not at liberty to share that out.