By Chetan Gupta, NII Consulting A supposedly nightmarish tool for the investigator community! Recently this tool was released at the metasploit anti-forensics site and is available here. Like the website mentions, this tool can be a headche for any forensic investigator and a handy tool for any mischevious since it has the ability to change all the four timestamps of NTFS and not only that, it has an option to change the timestamps in such Read More…
by Chetan Gupta, NII Consulting A small experiment…Create a new text file. Edit it using Notepad and type “Hello” in it. save and exit the editor. Right click the file and check its properties. Did you notice the two attributes “Size” and “Size on disk”. It looks something like this on my Windows XP system Size: 5 bytes (5 bytes) Size on disk: 4.00 KB (4,096 bytes) Have you ever wondered why this difference? If Read More…
by Chetan Gupta, NII Consulting I was looking for a utility which allows me to remotely access running processes’ list of a suspect machine running Windows OS. I found this wonderful utility which allows to not only view the processses and their PIDs but also filter the processes according to the certain criteria such as username, memory usage, loaded modules, services, status of the services and even Windows title!