-----Original Message----- From: dtabone [mailto:dtab...@gmail.com] Sent: Wednesday, February 27, 2008 04:08 AM To: 'Forensic Ideas' Subject: Re: Forensic Trends
You might want to readup some latest news here: http://www.eweek.com/c/a/Security/Researchers-Crack-BitLocker-FileVault/ "The issue is described as a design limitation that could allow practical attacks against laptops in "sleep" or "hibernation" mode" On Feb 8, 4:39 pm, GavanS wrote: > I am trying to gather information on Bitlocker and the problems it > creates for forensic analysis on encrypted drives. Based on my initial > research, it appears as though there is no backdoor solution. > Therefore, you either have the key or you don't. Does anyone have any > information on emerging trends, whether by law enforcement agencies or > underground groups? Thanks. > > On Feb 7, 11:38 pm, "Brett Shavers" wrote: > [...] > > > > > -Vista BitLocker and whole disk encryption is creating problems by > > 'pulling the plug' > [...] > > Brett Shavers > > > On Feb 7, 2008 8:17 PM, liusiguang wrote: > > > > I have been reading this forum for some time and it seems to be > > > winding down. In the interest of gathering momentum again, I would > > > like to start a thread on forensic trends. > > > > What do you see as the 'next big thing' in forensics? There is > > > considerable movement in the direction of small scale digital device > > > forensics, for example. > > > > Another question: what tools would you like to see developed? > > > > What are your needs? > > > > Regards, > > > > Sam Norris- Hide quoted text - > > > - Show quoted text -- Hide quoted text - > > - Show quoted text -
On Tue, Mar 25, 2008 at 12:35 PM, <helpd...@nataxe-logistics.com> wrote: > Can someone help me in finding a way to a open messenger log files? The > file extention is: sqm.
> I need to verify the contents of this sqm files for a forensic > investigation.
> Please if you have any idea or tools I may use to display the content, > i'll appreciate. Thanks
> You might want to readup some latest news here: > http://www.eweek.com/c/a/Security/Researchers-Crack-BitLocker-FileVault/"The issue is described as a design limitation that could allow practical > attacks against laptops in "sleep" or "hibernation" mode" On Feb 8, 4:39 pm, > GavanS wrote: > I am trying to gather information on Bitlocker and the > problems it > creates for forensic analysis on encrypted drives. Based on my > initial > research, it appears as though there is no backdoor solution. > > Therefore, you either have the key or you don't. Does anyone have any > > information on emerging trends, whether by law enforcement agencies or > > underground groups? Thanks. > > On Feb 7, 11:38 pm, "Brett Shavers" wrote: > > [...] > > > > > -Vista BitLocker and whole disk encryption is creating > problems by > > 'pulling the plug' > [...] > > Brett Shavers > > > On Feb 7, > 2008 8:17 PM, liusiguang wrote: > > > > I have been reading this forum for > some time and it seems to be > > > winding down. In the interest of > gathering momentum again, I would > > > like to start a thread on forensic > trends. > > > > What do you see as the 'next big thing' in forensics? There > is > > > considerable movement in the direction of small scale digital > device > > > forensics, for example. > > > > Another question: what tools > would you like to see developed? > > > > What are your needs? > > > > > Regards, > > > > Sam Norris- Hide quoted text - > > > - Show quoted text -- > Hide quoted text - > > - Show quoted text -
Open the file with Notepad, copy & paste the content into Word or similar, select recurrent strings of garbage and 'Replace All' with a string of symbols (8888 works well) and re-run replacing the dummy code with a space.
Many kinds of unreadable data can be straightened out using this technique.
Sorry to those who use this all the time, I suppose I'm showing my limitations but it's the only suggestion I can come up with.
I haven't any sqm files on my machine so can't experiment.
> From: helpd...@nataxe-logistics.com > To: ForensicIdeas@googlegroups.com > Date: Tue, 25 Mar 2008 19:35:07 +0000 > Subject: Re: Forensic Trends
> Can someone help me in finding a way to a open messenger log files? The file extention is: sqm.
> I need to verify the contents of this sqm files for a forensic investigation.
> Please if you have any idea or tools I may use to display the content, i'll appreciate. Thanks
> F. Theodora
> -----Original Message----- > From: dtabone [mailto:dtab...@gmail.com] > Sent: Wednesday, February 27, 2008 04:08 AM > To: 'Forensic Ideas' > Subject: Re: Forensic Trends
> You might want to readup some latest news here: http://www.eweek.com/c/a/Security/Researchers-Crack-BitLocker-FileVault/ "The issue is described as a design limitation that could allow practical attacks against laptops in "sleep" or "hibernation" mode" On Feb 8, 4:39 pm, GavanS wrote:> I am trying to gather information on Bitlocker and the problems it> creates for forensic analysis on encrypted drives. Based on my initial> research, it appears as though there is no backdoor solution.> Therefore, you either have the key or you don't. Does anyone have any> information on emerging trends, whether by law enforcement agencies or> underground groups? Thanks.>> On Feb 7, 11:38 pm, "Brett Shavers" wrote:> [...]>>>>> -Vista BitLocker and whole disk encryption is creating problems by>> 'pulling the plug'> [...]>> Brett Shavers>>> On Feb 7, 2008 8:17 PM, liusiguang wrote:>>>> I have been reading this forum for some time and it seems to be>>> winding down. In the interest of gathering momentum again, I would>>> like to start a thread on forensic trends.>>>> What do you see as the 'next big thing' in forensics? There is>>> considerable movement in the direction of small scale digital device>>> forensics, for example.>>>> Another question: what tools would you like to see developed?>>>> What are your needs?>>>> Regards,>>>> Sam Norris- Hide quoted text ->>> - Show quoted text -- Hide quoted text ->> - Show quoted text -
_________________________________________________________________ Welcome to the next generation of Windows Live http://www.windowslive.co.uk/get-live
> > You might want to readup some latest news here: > > http://www.eweek.com/c/a/Security/Researchers-Crack-BitLocker-FileVault/"The issue is described as a design limitation that could allow practical > > attacks against laptops in "sleep" or "hibernation" mode" On Feb 8, 4:39 pm, > > GavanS wrote: > I am trying to gather information on Bitlocker and the > > problems it > creates for forensic analysis on encrypted drives. Based on my > > initial > research, it appears as though there is no backdoor solution. > > > Therefore, you either have the key or you don't. Does anyone have any > > > information on emerging trends, whether by law enforcement agencies or > > > underground groups? Thanks. > > On Feb 7, 11:38 pm, "Brett Shavers" wrote: > > > [...] > > > > > -Vista BitLocker and whole disk encryption is creating > > problems by > > 'pulling the plug' > [...] > > Brett Shavers > > > On Feb 7, > > 2008 8:17 PM, liusiguang wrote: > > > > I have been reading this forum for > > some time and it seems to be > > > winding down. In the interest of > > gathering momentum again, I would > > > like to start a thread on forensic > > trends. > > > > What do you see as the 'next big thing' in forensics? There > > is > > > considerable movement in the direction of small scale digital > > device > > > forensics, for example. > > > > Another question: what tools > > would you like to see developed? > > > > What are your needs? > > > > > > Regards, > > > > Sam Norris- Hide quoted text - > > > - Show quoted text -- > > Hide quoted text - > > - Show quoted text -
Did someone work on a case in the past regarding investigating if a suspect has been the one that has been using his PC with internet connection for around 3 hours. But the problem is to prove that he has been the one that really has been using the computer including internet connection (modem) for the 3 hours. He has been convicted because the judge said that it could also someone else that has been working with computer during the 3 hours. The crime took place during that time.
Any suggestions how to approach this case. I have already been working on it, but up to know it has been hard to get the necesarry data, although I have some.
On Tue, Mar 25, 2008 at 12:35 PM, <helpd...@nataxe-logistics.com> wrote: Can someone help me in finding a way to a open messenger log files? The file extention is: sqm.
I need to verify the contents of this sqm files for a forensic investigation.
Please if you have any idea or tools I may use to display the content, i'll appreciate. Thanks
F. Theodora
-----Original Message----- From: dtabone [mailto:dtab...@gmail.com] Sent: Wednesday, February 27, 2008 04:08 AM To: 'Forensic Ideas' Subject: Re: Forensic Trends
You might want to readup some latest news here: http://www.eweek.com/c/a/Security/Researchers-Crack-BitLocker-FileVault/ "The issue is described as a design limitation that could allow practical attacks against laptops in "sleep" or "hibernation" mode" On Feb 8, 4:39 pm, GavanS wrote: > I am trying to gather information on Bitlocker and the problems it > creates for forensic analysis on encrypted drives. Based on my initial > research, it appears as though there is no backdoor solution. > Therefore, you either have the key or you don't. Does anyone have any > information on emerging trends, whether by law enforcement agencies or > underground groups? Thanks. > > On Feb 7, 11:38 pm, "Brett Shavers" wrote: > [...] > > > > > -Vista BitLocker and whole disk encryption is creating problems by > > 'pulling the plug' > [...] > > Brett Shavers > > > On Feb 7, 2008 8:17 PM, liusiguang wrote: > > > > I have been reading this forum for some time and it seems to be > > > winding down. In the interest of gathering momentum again, I would > > > like to start a thread on forensic trends. > > > > What do you see as the 'next big thing' in forensics? There is > > > considerable movement in the direction of small scale digital device > > > forensics, for example. > > > > Another question: what tools would you like to see developed? > > > > What are your needs? > > > > Regards, > > > > Sam Norris- Hide quoted text - > > > - Show quoted text -- Hide quoted text - > > - Show quoted text -
-----Original Message----- From: Geoffrey Alexander [mailto:h1ever1b...@hotmail.com] Sent: Friday, March 28, 2008 07:15 AM To: forensicideas@googlegroups.com Subject: Forensic Trends: SQM files
Have you tried Notepad? Open the file with Notepad, copy & paste the content into Word or similar, select recurrent strings of garbage and 'Replace All' with a string of symbols (8888 works well) and re-run replacing the dummy code with a space. Many kinds of unreadable data can be straightened out using this technique. Sorry to those who use this all the time, I suppose I'm showing my limitations but it's the only suggestion I can come up with. I haven't any sqm files on my machine so can't experiment. Let us know if you find the answer please. Geoffrey. ________________________________ > From: helpd...@nataxe-logistics.com > To: ForensicIdeas@googlegroups.com > Date: Tue, 25 Mar 2008 19:35:07 +0000 > Subject: Re: Forensic Trends > > Can someone help me in finding a way to a open messenger log files? The file extention is: sqm. > > I need to verify the contents of this sqm files for a forensic investigation. > > Please if you have any idea or tools I may use to display the content, i'll appreciate. Thanks > > F. Theodora > > -----Original Message----- > From: dtabone [mailto:dtab...@gmail.com] > Sent: Wednesday, February 27, 2008 04:08 AM > To: 'Forensic Ideas' > Subject: Re: Forensic Trends > > You might want to readup some latest news here: http://www.eweek.com/c/a/Security/Researchers-Crack-BitLocker-FileVault/ "The issue is described as a design limitation that could allow practical attacks against laptops in "sleep" or "hibernation" mode" On Feb 8, 4:39 pm, GavanS wrote:> I am trying to gather information on Bitlocker and the problems it> creates for forensic analysis on encrypted drives. Based on my initial> research, it appears as though there is no backdoor solution.> Therefore, you either have the key or you don't. Does anyone have any> information on emerging trends, whether by law enforcement agencies or> underground groups? Thanks.>> On Feb 7, 11:38 pm, "Brett Shavers" wrote:> [...]>>>>> -Vista BitLocker and whole disk encryption is creating problems by>> 'pulling the plug'> [...]>> Brett Shavers>>> On Feb 7, 2008 8:17 PM, liusiguang wrote:>>>> I have been reading this forum for some time and it seems to be>>> winding down. In the interest of gathering momentum again, I would>>> like to start a thread on forensic trends.>>>> What do you see as the 'next big thing' in forensics? There is>>> considerable movement in the direction of small scale digital device>>> forensics, for example.>>>> Another question: what tools would you like to see developed?>>>> What are your needs?>>>> Regards,>>>> Sam Norris- Hide quoted text ->>> - Show quoted text -- Hide quoted text ->> - Show quoted text - > _________________________________________________________________ Welcome to the next generation of Windows Live http://www.windowslive.co.uk/get-live
From my viewpoint only multi-factor authentication using biometrics requirements could help in proving anything that would require it to be in the users possession and knowledge at any particular moment in time... other than that anyone could type in someone's password they left on a sticky somewhere or smartcard with a pin written on it... of course anything can be spoofed. It is my understanding that such granularity currently doesn't exist in proving that the owner is the user of the machine at any point in time... which I may also note why the RIAA is failing in their proceedings.
> Did someone work on a case in the past regarding investigating if a > suspect has been the one that has been using his PC with internet connection > for around 3 hours. But the problem is to prove that he has been the one > that really has been using the computer including internet connection > (modem) for the 3 hours. He has been convicted because the judge said that > it could also someone else that has been working with computer during the 3 > hours. The crime took place during that time.
> Any suggestions how to approach this case. I have already been working on > it, but up to know it has been hard to get the necesarry data, although I > have some.
> > > You might want to readup some latest news here: > > > http://www.eweek.com/c/a/Security/Researchers-Crack-BitLocker-FileVault/"The issue is described as a design limitation that could allow practical > > > attacks against laptops in "sleep" or "hibernation" mode" On Feb 8, 4:39 pm, > > > GavanS wrote: > I am trying to gather information on Bitlocker and the > > > problems it > creates for forensic analysis on encrypted drives. Based on my > > > initial > research, it appears as though there is no backdoor solution. > > > > Therefore, you either have the key or you don't. Does anyone have any > > > > information on emerging trends, whether by law enforcement agencies or > > > > underground groups? Thanks. > > On Feb 7, 11:38 pm, "Brett Shavers" wrote: > > > > [...] > > > > > -Vista BitLocker and whole disk encryption is creating > > > problems by > > 'pulling the plug' > [...] > > Brett Shavers > > > On Feb 7, > > > 2008 8:17 PM, liusiguang wrote: > > > > I have been reading this forum for > > > some time and it seems to be > > > winding down. In the interest of > > > gathering momentum again, I would > > > like to start a thread on forensic > > > trends. > > > > What do you see as the 'next big thing' in forensics? There > > > is > > > considerable movement in the direction of small scale digital > > > device > > > forensics, for example. > > > > Another question: what tools > > > would you like to see developed? > > > > What are your needs? > > > > > > > Regards, > > > > Sam Norris- Hide quoted text - > > > - Show quoted text -- > > > Hide quoted text - > > - Show quoted text -
This person insisted that he has been chatting during these 3 hours with at least 2 persons. The only way that we can have the case re-open again is to proof that he has e.g. been chatting. But up to now it is very difficult to find any log (artificats) or part of a log that I can analyse to see if it contents any chat data/info of that particular night.
-----Original Message----- From: Israel Torres [mailto:vfenrygbe...@gmail.com] Sent: Monday, March 31, 2008 02:01 PM To: ForensicIdeas@googlegroups.com Subject: Re: Forensic Trends
From my viewpoint only multi-factor authentication using biometrics requirements could help in proving anything that would require it to be in the users possession and knowledge at any particular moment in time... other than that anyone could type in someone's password they left on a sticky somewhere or smartcard with a pin written on it... of course anything can be spoofed. It is my understanding that such granularity currently doesn't exist in proving that the owner is the user of the machine at any point in time... which I may also note why the RIAA is failing in their proceedings.
Israel Torres
2008/3/31 <helpd...@nataxe-logistics.com>: Did someone work on a case in the past regarding investigating if a suspect has been the one that has been using his PC with internet connection for around 3 hours. But the problem is to prove that he has been the one that really has been using the computer including internet connection (modem) for the 3 hours. He has been convicted because the judge said that it could also someone else that has been working with computer during the 3 hours. The crime took place during that time.
Any suggestions how to approach this case. I have already been working on it, but up to know it has been hard to get the necesarry data, although I have some.
Regards, Franklin
-----Original Message----- From: cf5 org [mailto:cf5....@gmail.com] Sent: Monday, March 31, 2008 09:11 AM To:ForensicIdeas@googlegroups.com Subject: Re: Forensic Trends
On Tue, Mar 25, 2008 at 12:35 PM, <helpd...@nataxe-logistics.com> wrote: Can someone help me in finding a way to a open messenger log files? The file extention is: sqm.
I need to verify the contents of this sqm files for a forensic investigation.
Please if you have any idea or tools I may use to display the content, i'll appreciate. Thanks
F. Theodora
-----Original Message----- From: dtabone [mailto:dtab...@gmail.com] Sent: Wednesday, February 27, 2008 04:08 AM To: 'Forensic Ideas' Subject: Re: Forensic Trends
You might want to readup some latest news here: http://www.eweek.com/c/a/Security/Researchers-Crack-BitLocker-FileVault/ "The issue is described as a design limitation that could allow practical attacks against laptops in "sleep" or "hibernation" mode" On Feb 8, 4:39 pm, GavanS wrote: > I am trying to gather information on Bitlocker and the problems it > creates for forensic analysis on encrypted drives. Based on my initial > research, it appears as though there is no backdoor solution. > Therefore, you either have the key or you don't. Does anyone have any > information on emerging trends, whether by law enforcement agencies or > underground groups? Thanks. > > On Feb 7, 11:38 pm, "Brett Shavers" wrote: > [...] > > > > > -Vista BitLocker and whole disk encryption is creating problems by > > 'pulling the plug' > [...] > > Brett Shavers > > > On Feb 7, 2008 8:17 PM, liusiguang wrote: > > > > I have been reading this forum for some time and it seems to be > > > winding down. In the interest of gathering momentum again, I would > > > like to start a thread on forensic trends. > > > > What do you see as the 'next big thing' in forensics? There is > > > considerable movement in the direction of small scale digital device > > > forensics, for example. > > > > Another question: what tools would you like to see developed? > > > > What are your needs? > > > > Regards, > > > > Sam Norris- Hide quoted text - > > > - Show quoted text -- Hide quoted text - > > - Show quoted text -
Have you checked with the server, perhaps they have logs of the connections and or conversations? It wasn't made clear to which chat client they were using and if it is a commercial or private one. If the client logs aren't enabled by default (and most aren't) and if they weren't enabled then you pretty much are going to have to hope that either 1. someone installed a keylogger on their machine and recorded the information you seek and it is somewhere on the drive. 2. the server has a log of the connections and disconnections and/or record of the conversations. Other than the logs or evidence of these artifacts existing can't the parties involved testify that they were indeed chatting with this individual during this window of time?
> This person insisted that he has been chatting during these 3 hours with > at least 2 persons. The only way that we can have the case re-open again is > to proof that he has e.g. been chatting. But up to now it is very > difficult to find any log (artificats) or part of a log that I can analyse > to see if it contents any chat data/info of that particular night.
> From my viewpoint only multi-factor authentication using biometrics > requirements could help in proving anything that would require it to be in > the users possession and knowledge at any particular moment in time... other > than that anyone could type in someone's password they left on a sticky > somewhere or smartcard with a pin written on it... of course anything can be > spoofed. It is my understanding that such granularity currently doesn't > exist in proving that the owner is the user of the machine at any point in > time... which I may also note why the RIAA is failing in their proceedings.
> > Did someone work on a case in the past regarding investigating if a > > suspect has been the one that has been using his PC with internet connection > > for around 3 hours. But the problem is to prove that he has been the one > > that really has been using the computer including internet connection > > (modem) for the 3 hours. He has been convicted because the judge said that > > it could also someone else that has been working with computer during the 3 > > hours. The crime took place during that time.
> > Any suggestions how to approach this case. I have already been working > > on it, but up to know it has been hard to get the necesarry data, although I > > have some.
> > > > You might want to readup some latest news here: > > > > http://www.eweek.com/c/a/Security/Researchers-Crack-BitLocker-FileVault/"The issue is described as a design limitation that could allow practical > > > > attacks against laptops in "sleep" or "hibernation" mode" On Feb 8, 4:39 pm, > > > > GavanS wrote: > I am trying to gather information on Bitlocker and the > > > > problems it > creates for forensic analysis on encrypted drives. Based on my > > > > initial > research, it appears as though there is no backdoor solution. > > > > > Therefore, you either have the key or you don't. Does anyone have any > > > > > information on emerging trends, whether by law enforcement agencies or > > > > > underground groups? Thanks. > > On Feb 7, 11:38 pm, "Brett Shavers" wrote: > > > > > [...] > > > > > -Vista BitLocker and whole disk encryption is creating > > > > problems by > > 'pulling the plug' > [...] > > Brett Shavers > > > On Feb 7, > > > > 2008 8:17 PM, liusiguang wrote: > > > > I have been reading this forum for > > > > some time and it seems to be > > > winding down. In the interest of > > > > gathering momentum again, I would > > > like to start a thread on forensic > > > > trends. > > > > What do you see as the 'next big thing' in forensics? There > > > > is > > > considerable movement in the direction of small scale digital > > > > device > > > forensics, for example. > > > > Another question: what tools > > > > would you like to see developed? > > > > What are your needs? > > > > > > > > Regards, > > > > Sam Norris- Hide quoted text - > > > - Show quoted text -- > > > > Hide quoted text - > > - Show quoted text -
If the chat system was MSN Messenger (under any of its various names) then it uses the MSN Password login system (shared with Hotmail) and the login time will be have recorded on the Microsoft US servers. The logout time and the reason for logout (e.g. timeout) should be recorded as well.
If there is a three hour interval between login and logout and little or no other relevant use (essentially Hotmail use) in that period then this is consistent with the user chatting for that time.
If the user knows the hotmail addresses of the people with whom he was chatting then you could try to find their login/logout times as well.
I presume that you have evidence to demonstrate the start and end of the telephone call via the modem (lucky to be using old technology). If these times match the MSN login/logout times then you have supporting evidence not only that someone was using the computer at these times but that he had knew the Hotmail account's password. You also have confirmatory evidence from the other users even without logs of the chat contents.
You could also look at last modified times of files fsr*.log
-----Original Message----- From: ForensicIdeas@googlegroups.com [mailto:ForensicIdeas@googlegroups.com]On Behalf Of Israel Torres Sent: 31 March 2008 22:34 To: ForensicIdeas@googlegroups.com Subject: Re: Forensic Trends
Have you checked with the server, perhaps they have logs of the connections and or conversations? It wasn't made clear to which chat client they were using and if it is a commercial or private one. If the client logs aren't enabled by default (and most aren't) and if they weren't enabled then you pretty much are going to have to hope that either 1. someone installed a keylogger on their machine and recorded the information you seek and it is somewhere on the drive. 2. the server has a log of the connections and disconnections and/or record of the conversations. Other than the logs or evidence of these artifacts existing can't the parties involved testify that they were indeed chatting with this individual during this window of time?
This person insisted that he has been chatting during these 3 hours with at least 2 persons. The only way that we can have the case re-open again is to proof that he has e.g. been chatting. But up to now it is very difficult to find any log (artificats) or part of a log that I can analyse to see if it contents any chat data/info of that particular night.
Franklin -----Original Message----- From: Israel Torres [mailto:vfenrygbe...@gmail.com] Sent: Monday, March 31, 2008 02:01 PM To: ForensicIdeas@googlegroups.com Subject: Re: Forensic Trends
From my viewpoint only multi-factor authentication using biometrics requirements could help in proving anything that would require it to be in the users possession and knowledge at any particular moment in time... other than that anyone could type in someone's password they left on a sticky somewhere or smartcard with a pin written on it... of course anything can be spoofed. It is my understanding that such granularity currently doesn't exist in proving that the owner is the user of the machine at any point in time... which I may also note why the RIAA is failing in their proceedings.
Did someone work on a case in the past regarding investigating if a suspect has been the one that has been using his PC with internet connection for around 3 hours. But the problem is to prove that he has been the one that really has been using the computer including internet connection (modem) for the 3 hours. He has been convicted because the judge said that it could also someone else that has been working with computer during the 3 hours. The crime took place during that time.
Any suggestions how to approach this case. I have already been working on it, but up to know it has been hard to get the necesarry data, although I have some.
Regards, Franklin -----Original Message----- From: cf5 org [mailto:cf5....@gmail.com] Sent: Monday, March 31, 2008 09:11 AM To: ForensicIdeas@googlegroups.com Subject: Re: Forensic Trends
On Tue, Mar 25, 2008 at 12:35 PM, <helpd...@nataxe-logistics.com> wrote:
Can someone help me in finding a way to a open messenger log files? The file extention is: sqm.
I need to verify the contents of this sqm files for a forensic investigation.
Please if you have any idea or tools I may use to display the content, i'll appreciate. Thanks
F. Theodora
-----Original Message----- From: dtabone [mailto:dtab...@gmail.com] Sent: Wednesday, February 27, 2008 04:08 AM To: 'Forensic Ideas' Subject: Re: Forensic Trends
You might want to readup some latest news here: http://www.eweek.com/c/a/Security/Researchers-Crack-BitLocker-FileVault/ "The issue is described as a design limitation that could allow practical attacks against laptops in "sleep" or "hibernation" mode" On Feb 8, 4:39 pm, GavanS wrote: > I am trying to gather information on Bitlocker and the problems it > creates for forensic analysis on encrypted drives. Based on my initial > research, it appears as though there is no backdoor solution. > Therefore, you either have the key or you don't. Does anyone have any > information on emerging trends, whether by law enforcement agencies or > underground groups? Thanks. > > On Feb 7, 11:38 pm, "Brett Shavers" wrote: > [...] > > > > > -Vista BitLocker and whole disk encryption is creating problems by > > 'pulling the plug' > [...] > > Brett Shavers > > > On Feb 7, 2008 8:17 PM, liusiguang wrote: > > > > I have been reading this forum for some time and it seems to be > > > winding down. In the interest of gathering momentum again, I would > > > like to start a thread on forensic trends. > > > > What do you see as the 'next big thing' in forensics? There is > > > considerable movement in the direction of small scale digital device > > > forensics, for example. > > > > Another question: what tools would you like to see developed? > > > > What are your needs? > > > > Regards, > > > > Sam Norris- Hide quoted text - > > > - Show quoted text -- Hide quoted text - > > - Show quoted text -
I'am trying to get to know the contents of not only the chat logs but also the sqm log files.
As I get to know the the sqm log files do have info regarding start en end time and other info important for Microsoft. These info can be key evidence for the case together with the chat log files.
Up to now the info regarding the facts that he has been chatting with to other persons has not been accepted during the trial and also the fact that he has been using the computer for 3 hours.
That's why I need "hard" evidence to make it possible to re-open the case.
-----Original Message----- From: Nigel Young [mailto:nigel.yo...@computer-expert.co.uk] Sent: Monday, March 31, 2008 07:50 PM To: ForensicIdeas@googlegroups.com Subject: RE: Forensic Trends
If the chat system was MSN Messenger (under any of its various names) then it uses the MSN Password login system (shared with Hotmail) and the login time will be have recorded on the Microsoft US servers. The logout time and the reason for logout (e.g. timeout) should be recorded as well.
If there is a three hour interval between login and logout and little or no other relevant use (essentially Hotmail use) in that period then this is consistent with the user chatting for that time.
If the user knows the hotmail addresses of the people with whom he was chatting then you could try to find their login/logout times as well.
I presume that you have evidence to demonstrate the start and end of the telephone call via the modem (lucky to be using old technology). If these times match the MSN login/logout times then you have supporting evidence not only that someone was using the computer at these times but that he had knew the Hotmail account's password. You also have confirmatory evidence from the other users even without logs of the chat contents.
You could also look at last modified times of files fsr*.log
Nigel Young -----Original Message----- From: ForensicIdeas@googlegroups.com [mailto:ForensicIdeas@googlegroups.com]On Behalf Of Israel Torres Sent: 31 March 2008 22:34 To: ForensicIdeas@googlegroups.com Subject: Re: Forensic Trends
Have you checked with the server, perhaps they have logs of the connections and or conversations? It wasn't made clear to which chat client they were using and if it is a commercial or private one. If the client logs aren't enabled by default (and most aren't) and if they weren't enabled then you pretty much are going to have to hope that either 1. someone installed a keylogger on their machine and recorded the information you seek and it is somewhere on the drive. 2. the server has a log of the connections and disconnections and/or record of the conversations. Other than the logs or evidence of these artifacts existing can't the parties involved testify that they were indeed chatting with this individual during this window of time?
This person insisted that he has been chatting during these 3 hours with at least 2 persons. The only way that we can have the case re-open again is to proof that he has e.g. been chatting. But up to now it is very difficult to find any log (artificats) or part of a log that I can analyse to see if it contents any chat data/info of that particular night.
Franklin
-----Original Message----- From: Israel Torres [mailto:vfenrygbe...@gmail.com] Sent: Monday, March 31, 2008 02:01 PM To:ForensicIdeas@googlegroups.com Subject: Re: Forensic Trends
From my viewpoint only multi-factor authentication using biometrics requirements could help in proving anything that would require it to be in the users possession and knowledge at any particular moment in time... other than that anyone could type in someone's password they left on a sticky somewhere or smartcard with a pin written on it... of course anything can be spoofed. It is my understanding that such granularity currently doesn't exist in proving that the owner is the user of the machine at any point in time... which I may also note why the RIAA is failing in their proceedings.
Israel Torres
2008/3/31 <helpd...@nataxe-logistics.com>: Did someone work on a case in the past regarding investigating if a suspect has been the one that has been using his PC with internet connection for around 3 hours. But the problem is to prove that he has been the one that really has been using the computer including internet connection (modem) for the 3 hours. He has been convicted because the judge said that it could also someone else that has been working with computer during the 3 hours. The crime took place during that time.
Any suggestions how to approach this case. I have already been working on it, but up to know it has been hard to get the necesarry data, although I have some.
Regards, Franklin
-----Original Message----- From: cf5 org [mailto:cf5....@gmail.com] Sent: Monday, March 31, 2008 09:11 AM To:ForensicIdeas@googlegroups.com Subject: Re: Forensic Trends
On Tue, Mar 25, 2008 at 12:35 PM, <helpd...@nataxe-logistics.com> wrote: Can someone help me in finding a way to a open messenger log files? The file extention is: sqm.
I need to verify the contents of this sqm files for a forensic investigation.
Please if you have any idea or tools I may use to display the content, i'll appreciate. Thanks
F. Theodora
-----Original Message----- From: dtabone [mailto:dtab...@gmail.com] Sent: Wednesday, February 27, 2008 04:08 AM To: 'Forensic Ideas' Subject: Re: Forensic Trends
You might want to readup some latest news here: http://www.eweek.com/c/a/Security/Researchers-Crack-BitLocker-FileVault/ "The issue is described as a design limitation that could allow practical attacks against laptops in "sleep" or "hibernation" mode" On Feb 8, 4:39 pm, GavanS wrote: > I am trying to gather information on Bitlocker and the problems it > creates for forensic analysis on encrypted drives. Based on my initial > research, it appears as though there is no backdoor solution. > Therefore, you either have the key or you don't. Does anyone have any > information on emerging trends, whether by law enforcement agencies or > underground groups? Thanks. > > On Feb 7, 11:38 pm, "Brett Shavers" wrote: > [...] > > > > > -Vista BitLocker and whole disk encryption is creating problems by > > 'pulling the plug' > [...] > > Brett Shavers > > > On Feb 7, 2008 8:17 PM, liusiguang wrote: > > > > I have been reading this forum for some time and it seems to be > > > winding down. In the interest of gathering momentum again, I would > > > like to start a thread on forensic trends. > > > > What do you see as the 'next big thing' in forensics? There is > > > considerable movement in the direction of small scale digital device > > > forensics, for example. > > > > Another question: what tools would you like to see developed? > > > > What are your needs? > > > > Regards, > > > > Sam Norris- Hide quoted text - > > > - Show quoted text -- Hide quoted text - > > - Show quoted text -
They are Windows Live Messenger Log Files(Stands for *S*ervice *Q*uality *M*onitoring files). They are safe to delete, but it is unsure on how to stop them from appearing.
I think if you use the final version, and not a beta. They may stop producing? also try unchecking the customer experience program option that can be found under Tools->Options Software Quality *Metrics* data collection files are not nessecairly related to Windows Live Messenger. They can be made by other MS related products too.
On Tue, Mar 25, 2008 at 12:35 PM, <helpd...@nataxe-logistics.com> wrote: > Can someone help me in finding a way to a open messenger log files? The > file extention is: sqm.
> I need to verify the contents of this sqm files for a forensic > investigation.
> Please if you have any idea or tools I may use to display the content, > i'll appreciate. Thanks
> You might want to readup some latest news here: > http://www.eweek.com/c/a/Security/Researchers-Crack-BitLocker-FileVault/"The issue is described as a design limitation that could allow practical > attacks against laptops in "sleep" or "hibernation" mode" On Feb 8, 4:39 pm, > GavanS wrote: > I am trying to gather information on Bitlocker and the > problems it > creates for forensic analysis on encrypted drives. Based on my > initial > research, it appears as though there is no backdoor solution. > > Therefore, you either have the key or you don't. Does anyone have any > > information on emerging trends, whether by law enforcement agencies or > > underground groups? Thanks. > > On Feb 7, 11:38 pm, "Brett Shavers" wrote: > > [...] > > > > > -Vista BitLocker and whole disk encryption is creating > problems by > > 'pulling the plug' > [...] > > Brett Shavers > > > On Feb 7, > 2008 8:17 PM, liusiguang wrote: > > > > I have been reading this forum for > some time and it seems to be > > > winding down. In the interest of > gathering momentum again, I would > > > like to start a thread on forensic > trends. > > > > What do you see as the 'next big thing' in forensics? There > is > > > considerable movement in the direction of small scale digital > device > > > forensics, for example. > > > > Another question: what tools > would you like to see developed? > > > > What are your needs? > > > > > Regards, > > > > Sam Norris- Hide quoted text - > > > - Show quoted text -- > Hide quoted text - > > - Show quoted text -
http://msnshadow.blogspot.com/ MSN Shadow is a instant messaging forensics tool to analyze and to inject traffic in the MSN protocol. It has features such as: * Decoding of text conversations * Decoding of video conversations * Spoofing messages * Hijacking sessions * Shutdown users * Reports in HTML format * Save video stream in AVI format * Capture of contacts list * Reading of pcap files
On Sat, Apr 12, 2008 at 11:07 AM, JAY <jay.ja...@gmail.com> wrote: > They are Windows Live Messenger Log Files(Stands for *S*ervice *Q*uality * > M*onitoring files). They are safe to delete, but it is unsure on how to > stop them from appearing.
> I think if you use the final version, and not a beta. They may stop > producing? > also try unchecking the customer experience program option that can be > found under Tools->Options > Software Quality *Metrics* data collection files are not nessecairly > related to Windows Live Messenger. They can be made by other MS related > products too.
> On Tue, Mar 25, 2008 at 12:35 PM, <helpd...@nataxe-logistics.com> wrote:
>> Can someone help me in finding a way to a open messenger log files? The >> file extention is: sqm.
>> I need to verify the contents of this sqm files for a forensic >> investigation.
>> Please if you have any idea or tools I may use to display the content, >> i'll appreciate. Thanks
>> You might want to readup some latest news here: >> http://www.eweek.com/c/a/Security/Researchers-Crack-BitLocker-FileVault/"The issue is described as a design limitation that could allow practical >> attacks against laptops in "sleep" or "hibernation" mode" On Feb 8, 4:39 pm, >> GavanS wrote: > I am trying to gather information on Bitlocker and the >> problems it > creates for forensic analysis on encrypted drives. Based on my >> initial > research, it appears as though there is no backdoor solution. > >> Therefore, you either have the key or you don't. Does anyone have any > >> information on emerging trends, whether by law enforcement agencies or > >> underground groups? Thanks. > > On Feb 7, 11:38 pm, "Brett Shavers" wrote: > >> [...] > > > > > -Vista BitLocker and whole disk encryption is creating >> problems by > > 'pulling the plug' > [...] > > Brett Shavers > > > On Feb 7, >> 2008 8:17 PM, liusiguang wrote: > > > > I have been reading this forum for >> some time and it seems to be > > > winding down. In the interest of >> gathering momentum again, I would > > > like to start a thread on forensic >> trends. > > > > What do you see as the 'next big thing' in forensics? There >> is > > > considerable movement in the direction of small scale digital >> device > > > forensics, for example. > > > > Another question: what tools >> would you like to see developed? > > > > What are your needs? > > > > >> Regards, > > > > Sam Norris- Hide quoted text - > > > - Show quoted text -- >> Hide quoted text - > > - Show quoted text -
-- Use Public Key: 0xDFA6126C ... laughing and licking and sleeping! Dancing hax0rs in lust!
http://msnshadow.blogspot.com/ MSN Shadow is a instant messaging forensics tool to analyze and to inject traffic in the MSN protocol. It has features such as: * Decoding of text conversations * Decoding of video conversations * Spoofing messages * Hijacking sessions * Shutdown users * Reports in HTML format * Save video stream in AVI format * Capture of contacts list * Reading of pcap files
On Sat, Apr 12, 2008 at 11:07 AM, JAY <jay.ja...@gmail.com> wrote: > They are Windows Live Messenger Log Files(Stands for *S*ervice *Q*uality * > M*onitoring files). They are safe to delete, but it is unsure on how to > stop them from appearing.
> I think if you use the final version, and not a beta. They may stop > producing? > also try unchecking the customer experience program option that can be > found under Tools->Options > Software Quality *Metrics* data collection files are not nessecairly > related to Windows Live Messenger. They can be made by other MS related > products too.
> On Tue, Mar 25, 2008 at 12:35 PM, <helpd...@nataxe-logistics.com> wrote:
>> Can someone help me in finding a way to a open messenger log files? The >> file extention is: sqm.
>> I need to verify the contents of this sqm files for a forensic >> investigation.
>> Please if you have any idea or tools I may use to display the content, >> i'll appreciate. Thanks
>> You might want to readup some latest news here: >> http://www.eweek.com/c/a/Security/Researchers-Crack-BitLocker-FileVault/"The issue is described as a design limitation that could allow practical >> attacks against laptops in "sleep" or "hibernation" mode" On Feb 8, 4:39 pm, >> GavanS wrote: > I am trying to gather information on Bitlocker and the >> problems it > creates for forensic analysis on encrypted drives. Based on my >> initial > research, it appears as though there is no backdoor solution. > >> Therefore, you either have the key or you don't. Does anyone have any > >> information on emerging trends, whether by law enforcement agencies or > >> underground groups? Thanks. > > On Feb 7, 11:38 pm, "Brett Shavers" wrote: > >> [...] > > > > > -Vista BitLocker and whole disk encryption is creating >> problems by > > 'pulling the plug' > [...] > > Brett Shavers > > > On Feb 7, >> 2008 8:17 PM, liusiguang wrote: > > > > I have been reading this forum for >> some time and it seems to be > > > winding down. In the interest of >> gathering momentum again, I would > > > like to start a thread on forensic >> trends. > > > > What do you see as the 'next big thing' in forensics? There >> is > > > considerable movement in the direction of small scale digital >> device > > > forensics, for example. > > > > Another question: what tools >> would you like to see developed? > > > > What are your needs? > > > > >> Regards, > > > > Sam Norris- Hide quoted text - > > > - Show quoted text -- >> Hide quoted text - > > - Show quoted text -
-- Use Public Key: 0xDFA6126C ... laughing and licking and sleeping! Dancing hax0rs in lust!
http://msnshadow.blogspot.com/ MSN Shadow is a instant messaging forensics tool to analyze and to inject traffic in the MSN protocol. It has features such as: * Decoding of text conversations * Decoding of video conversations * Spoofing messages * Hijacking sessions * Shutdown users * Reports in HTML format * Save video stream in AVI format * Capture of contacts list * Reading of pcap files
On Sat, Apr 12, 2008 at 11:07 AM, JAY <jay.ja...@gmail.com> wrote: > They are Windows Live Messenger Log Files(Stands for *S*ervice *Q*uality * > M*onitoring files). They are safe to delete, but it is unsure on how to > stop them from appearing.
> I think if you use the final version, and not a beta. They may stop > producing? > also try unchecking the customer experience program option that can be > found under Tools->Options > Software Quality *Metrics* data collection files are not nessecairly > related to Windows Live Messenger. They can be made by other MS related > products too.
> On Tue, Mar 25, 2008 at 12:35 PM, <helpd...@nataxe-logistics.com> wrote:
>> Can someone help me in finding a way to a open messenger log files? The >> file extention is: sqm.
>> I need to verify the contents of this sqm files for a forensic >> investigation.
>> Please if you have any idea or tools I may use to display the content, >> i'll appreciate. Thanks
>> You might want to readup some latest news here: >> http://www.eweek.com/c/a/Security/Researchers-Crack-BitLocker-FileVault/"The issue is described as a design limitation that could allow practical >> attacks against laptops in "sleep" or "hibernation" mode" On Feb 8, 4:39 pm, >> GavanS wrote: > I am trying to gather information on Bitlocker and the >> problems it > creates for forensic analysis on encrypted drives. Based on my >> initial > research, it appears as though there is no backdoor solution. > >> Therefore, you either have the key or you don't. Does anyone have any > >> information on emerging trends, whether by law enforcement agencies or > >> underground groups? Thanks. > > On Feb 7, 11:38 pm, "Brett Shavers" wrote: > >> [...] > > > > > -Vista BitLocker and whole disk encryption is creating >> problems by > > 'pulling the plug' > [...] > > Brett Shavers > > > On Feb 7, >> 2008 8:17 PM, liusiguang wrote: > > > > I have been reading this forum for >> some time and it seems to be > > > winding down. In the interest of >> gathering momentum again, I would > > > like to start a thread on forensic >> trends. > > > > What do you see as the 'next big thing' in forensics? There >> is > > > considerable movement in the direction of small scale digital >> device > > > forensics, for example. > > > > Another question: what tools >> would you like to see developed? > > > > What are your needs? > > > > >> Regards, > > > > Sam Norris- Hide quoted text - > > > - Show quoted text -- >> Hide quoted text - > > - Show quoted text -
-- Use Public Key: 0xDFA6126C ... laughing and licking and sleeping! Dancing hax0rs in lust!
Dear Forensic Ideas,
Can anyone answer this question: is there such a thing as a programme that can track an IP address across the Internet, showing all the sites that a particular computer has visited?
Many thanks,
Geoffrey Alexander
If you are looking at a particular computer you can view the Index.dat file
determine where the user visited. As far as following an IP address, you
would run into issues at the gateway where the packet leaves the network
because the internal IP may be changed to reflect that of the gateway
router.
On Mon, Apr 6, 2009 at 11:00 AM, Geoffrey Alexander <h1ever1b...@hotmail.com
> wrote:
> Dear Forensic Ideas,
> Can anyone answer this question: is there such a thing as a programme that
> can track an IP address across the Internet, showing all the sites that a
> particular computer has visited?
> Many thanks,
> Geoffrey Alexander
> Dear Forensic Ideas,
> Can anyone answer this question: is there such a thing as a programme that
> can track an IP address across the Internet, showing all the sites that a
> particular computer has visited?
> Many thanks,
> Geoffrey Alexander
Is it possible to bypass/or retrieve a windows password, without changing, or resetting?
Date: Mon, 6 Apr 2009 23:33:14 +0200
Subject: Re: IP tracking software
From: maxime.spam...@gmail.com
To: ForensicIdeas@googlegroups.com
there is no such thing Big Brother !
Unless you hack the guy's computer but I'm pretty sure it's not legal... ;)
On Mon, Apr 6, 2009 at 6:00 PM, Geoffrey Alexander <h1ever1b...@hotmail.com> wrote:
Dear Forensic Ideas,
Can anyone answer this question: is there such a thing as a programme that can track an IP address across the Internet, showing all the sites that a particular computer has visited?
Many thanks,
Geoffrey Alexander
Share your photos with Windows Live Photos – Free. Try it Now!
There are a number of ways - the method is straight forward, your reasons for doing so may quickly cross over into the illegal area. Please provide more information.
lsg
________________________________
From: amy hyche <amyde...@live.com>
To: forensicideas@googlegroups.com
Sent: Tuesday, April 28, 2009 10:20:02 PM
Subject: RE: IP tracking software
HELLO,
Is it possible to bypass/or retrieve a windows password, without changing, or resetting?
________________________________
Date: Mon, 6 Apr 2009 23:33:14 +0200
Subject: Re: IP tracking software
From: maxime.spam...@gmail.com
To: ForensicIdeas@googlegroups.com
there is no such thing Big Brother !
Unless you hack the guy's computer but I'm pretty sure it's not legal... ;)
On Mon, Apr 6, 2009 at 6:00 PM, Geoffrey Alexander <h1ever1b...@hotmail.com> wrote:
Dear Forensic Ideas,
Can anyone answer this question: is there such a thing as a programme that can track an IP address across the Internet, showing all the sites that a particular computer has visited?
Many thanks,
Geoffrey Alexander
________________________________
Share your photos with Windows Live Photos – Free. Try it Now!
According to this search result, iOpus Password Recovery should do the trick:
iopus.com/password_recovery.htm
There are other tools too:
loginrecovery.com windowspasswordforgot.com
about.com:
Ophcrack Windows password cracker "is by far the best free Windows password recovery tool available"
about.com (cont):
"Offine NT Password & Registry Editor works basically the same as PC Login Now
in that it erases your Windows password instead of recovering it. You
can then simply log in to your account without entering a password."
The question is, can anyone use these programmes on any computer?
Geoffrey.
From: amyde...@live.com
To: forensicideas@googlegroups.com
Subject: RE: IP tracking software
Date: Tue, 28 Apr 2009 22:20:02 -0400
HELLO,
Is it possible to bypass/or retrieve a windows password, without changing, or resetting?
Date: Mon, 6 Apr 2009 23:33:14 +0200
Subject: Re: IP tracking software
From: maxime.spam...@gmail.com
To: ForensicIdeas@googlegroups.com
there is no such thing Big Brother !
Unless you hack the guy's computer but I'm pretty sure it's not legal... ;)
On Mon, Apr 6, 2009 at 6:00 PM, Geoffrey Alexander <h1ever1b...@hotmail.com> wrote:
Dear Forensic Ideas,
Can anyone answer this question: is there such a thing as a programme that can track an IP address across the Internet, showing all the sites that a particular computer has visited?
Many thanks,
Geoffrey Alexander
Share your photos with Windows Live Photos – Free. Try it Now!
I think someone has been on my laptop. I have a desk top I use most of the time, the laptop is mostly for use when I'm out of town. Mysteriously, I cannot locate the windows cd, which I thought was in a locked file drawer, in my home office, and I don't remember creating a backup disk. There is a new user account I don't remember creating, or have access to. But my orignal password works, but I don't remember the admin-password, so that's why I was wondering if someone could bypass, or somehow retrieve my windows password without changing it.
Date: Wed, 29 Apr 2009 04:55:26 -0700
From: liusigu...@yahoo.com
Subject: Re: IP tracking software
To: ForensicIdeas@googlegroups.com
There are a number of ways - the method is straight forward, your reasons for doing so may quickly cross over into the illegal area. Please provide more information.
lsg
From: amy hyche <amyde...@live.com>
To: forensicideas@googlegroups.com
Sent: Tuesday, April 28, 2009 10:20:02 PM
Subject: RE: IP tracking software
HELLO,
Is it possible to bypass/or retrieve a windows password, without changing, or resetting?
Date: Mon, 6 Apr 2009 23:33:14 +0200
Subject: Re: IP tracking software
From: maxime.spam...@gmail.com
To: ForensicIdeas@googlegroups.com
there is no such thing Big Brother !
Unless you hack the guy's computer but I'm pretty sure it's not legal... ;)
On Mon, Apr 6, 2009 at 6:00 PM, Geoffrey Alexander <h1ever1b...@hotmail.com> wrote:
Dear Forensic Ideas,
Can anyone answer this question: is there such a thing as a programme that can track an IP address across the Internet, showing all the sites that a particular computer has visited?
Many thanks,
Geoffrey Alexander
Share your photos with Windows Live Photos – Free. Try it Now!
> I think someone has been on my laptop. I have a desk top I use most of the time, the laptop is mostly for use when I'm out of town. Mysteriously, I cannot locate the windows cd, which I thought was in a locked file drawer, in my home office, and I don't remember creating a backup disk. There is a new user account I don't remember creating, or have access to. But my orignal password works, but I don't remember the admin-password, so that's why I was wondering if someone could bypass, or somehow retrieve my windows password without changing it.
> Date: Wed, 29 Apr 2009 04:55:26 -0700
> From: liusigu...@yahoo.com
> Subject: Re: IP tracking software
> To: ForensicIdeas@googlegroups.com
> There are a number of ways - the method is straight forward, your reasons for doing so may quickly cross over into the illegal area. Please provide more information.
> lsg
> From: amy hyche <amyde...@live.com>
> To: forensicideas@googlegroups.com
> Sent: Tuesday, April 28, 2009 10:20:02 PM
> Subject: RE: IP tracking software
> HELLO,
> Is it possible to bypass/or retrieve a windows password, without changing, or resetting?
> Date: Mon, 6 Apr 2009 23:33:14 +0200
> Subject: Re: IP tracking software
> From: maxime.spam...@gmail.com
> To: ForensicIdeas@googlegroups.com
> there is no such thing Big Brother !
> Unless you hack the guy's computer but I'm pretty sure it's not legal... ;)
> On Mon, Apr 6, 2009 at 6:00 PM, Geoffrey Alexander <h1ever1b...@hotmail.com> wrote:
> Dear Forensic Ideas,
> Can anyone answer this question: is there such a thing as a programme that can track an IP address across the Internet, showing all the sites that a particular computer has visited?
> Many thanks,
> Geoffrey Alexander
> Share your photos with Windows Live Photos – Free. Try it Now!
Do read the FAQ and other available support pages before attempting this because the software boots into a minimal Command Line Linux environment and could be a little scary if you have not used DOS in the past. Lots of luck
Dan
From: amyde...@live.com
To: forensicideas@googlegroups.com
Subject: RE: IP tracking software
Date: Thu, 30 Apr 2009 15:24:43 -0400
I think someone has been on my laptop. I have a desk top I use most of the time, the laptop is mostly for use when I'm out of town. Mysteriously, I cannot locate the windows cd, which I thought was in a locked file drawer, in my home office, and I don't remember creating a backup disk. There is a new user account I don't remember creating, or have access to. But my orignal password works, but I don't remember the admin-password, so that's why I was wondering if someone could bypass, or somehow retrieve my windows password without changing it.
Do read the FAQ and other available support pages before attempting this because the software boots into a minimal Command Line Linux environment and could be a little scary if you have not used DOS in the past. Lots of luck
Dan
From: amyde...@live.com
To: forensicideas@googlegroups.com
Subject: RE: IP tracking software
Date: Thu, 30 Apr 2009 15:24:43 -0400
I think someone has been on my laptop. I have a desk top I use most of the time, the laptop is mostly for use when I'm out of town. Mysteriously, I cannot locate the windows cd, which I thought was in a locked file drawer, in my home office, and I don't remember creating a backup disk. There is a new user account I don't remember creating, or have access to. But my orignal password works, but I don't remember the admin-password, so that's why I was wondering if someone could bypass, or somehow retrieve my windows password without changing it.
|
