Latest News

SSN Database Updated

Tuesday, 26 May 2009 14:04

The SSN search and validation tool database has been updated for May 2009. This update contains all of the changes posted by the Social Security Administration for the high group numbers. You must be logged-in to the site in order to download it.

DOWNLOAD

CEIC 2009

Thursday, 23 April 2009 16:00

42 LLC will be speaking at Guidance Software's Computer Enterprise Investigations Conference in Orlando, FL. Anyone interested in attending one of the 42 LLC sessions should register through the conference website, http://www.ceicconference.com/. Here is a list of the sessions that 42 LLC will be giving:

Malware Reloaded

(Yogesh Khatri)

The revolution of Web 2.0 has brought with it the evolution of malware to the next level. Last year we hacked away at simple web based malware. This year we will do a refresher of those techniques and tools, as well as cover some more advanced analysis methods and focus on newer attack vectors. This session will be advanced for most, but those with experience reverse-engineering malware and preforming incident response may find it intermediate.

*NIX Environments

(Chris Pavan & Gordon Stephens)

Unix and Linux (*NIX) environments have been around for quite some time, but are starting to become more popular. There is an ever growing number of products, servers, and systems that run some form of *NIX operating system. To someone who does not have any experience with these systems, conducting and examination of one can be quite difficult. With a little background and some info to get you started you will find *NIX examinations significantly easier than that of a Windows computer.

We will discuss some of the major versions like Solaris, Debian, Red Hat, and Darwin, differences between them, and issues you may run into. We will also cover imaging techniques using LinEn and dd over a network. This is a basic to intermediate session directed towards those with little to no *NIX experience. Experienced *NIX users should consider another session as this one will most likely repeat what you already know.

EnCase Tips and Tricks

(Chris Pavan & Nick Ringold)

Back by popular demand and overwhelmingly positive feedback is the Tips and Tricks lab. This year we are going to dive deeper into Windows and EnCase environment settings, as well as covering some often overlooked functionality of EnCase. Overall the session is designed to make the Examiner’s life easier when using EnCase. We will also be including a quick reference sheet that covers the key information presented in the session, as well as some EnScripts.

This is a basic to intermediate session that will repeat some, but not all, of the information from last year. If you are new to using EnCase, need a refresher on optimizing Windows and EnCase performance, or just want to see EnCase from our perspective, then this is the session for you. For those of you who are advanced Windows users and EnCase Ninjas you may find this session repetitive.

Digital Forensic Examiner's Power Pack - v1.0 Released

Monday, 02 March 2009 15:10

Digital Forensic Examiner's Power Pack - Limited introductory price of $350

The Digital Forensic Examiner's Power Pack is a software solution built upon Guidance Software, Inc. (GSI) forensic application EnCase designed from the working examiner's perspective. The development of this solution has come from many years of experience of practitioners in the field and the many issues encountered.

The Power Pack is being sold as a subscription service, which will include updates throughout the subscription year. Updates will include updates to the current scripts as well as entirely new scripts. The current expectation is to releasing two (2) new scripts per subscription year, but that could change as we want to ensure that each script is up to our standards before they are released. Any of these new releases will be available as long as your subscription is current.

All scripts received during a subscription year will be perpetual, including major bug fixes, but continued subscription will be required to receive updated versions and new scripts. This means that what you get as a part of your subscription year is yours forever.

Power Pack Presale Ends March 1st

Friday, 20 February 2009 12:43

The Digital Examiner's Power Pack is currently in beta and still freely available for download via the forums. The beta period will end on March 1 2009, as well as the presale price. Currently, you can purchase the solution for $250, but that will go to $350 on March 1 which is our introductory offering. You can purchase the Power Pack with a major credit card from our online store.

Digital Forensic Examiner’s Power Pack - Beta Release

Tuesday, 16 December 2008 21:42

Digital Forensic Examiner’s Power Pack -

Beta Release

Power Pack Discussion

We would like to thank you in advance should you decide to participate in our first beta release!

Our first endeavor, the "Digital Forensic Examiner's Power Pack" is a combination of EnScripts which are designed to make our lives a bit easier as we sift through ever growing hard drives. After many, many months of work and over 300+ revisions we have something that we think you will be happy with.

Our new website with a forum and knowledgebase, where we will be posting documentation (please excuse the current mess, it will be up again shortly.) Please create an account on the site and you will receive access to download the beta. Please use the Power Pack forum to discuss the applications and post any bugs or feature requests.

Our goal is to have a truly peer-reviewed solution that everyone can rely on. We will be documenting the applications and updating the website throughout the beta period, so if anybody has any input please post it in Power Pack forum. This beta is expected to last until the end of January with an introductory price that will be announced in the coming weeks.

The following is a quick list of the scripts and their features:

INFO2 Parser

Parses allocated INFO2 files and their slack space
Searches unallocated space and parses identified INFO2 records
Output to tab delimited file for use in spreadsheets or databases
All INFO2 metadata is parsed

Advanced Link File Parser

Parses *.LNK files
Performs signature analysis on all files if selected
Parses all data found in valid Link Files
Verifies if the target file still exists
Searches for “potential” target file matches based on metadata
Searches unallocated space for Link Files
Output to tab delimited file for use in spreadsheets or databases

Slack Space Search

Searches the slack space of files without needing to use hash sets
Utilizes both Case and Global keywords as selected

True SSN

Searches for Social Security Numbers
Validates hits utilizing information periodically published by the Social Security Administration
Can utilize pre-run searches
Can be run against a single file or manually entered SSN
Output to tab delimited file for use in spreadsheets and databases
Logical File Collection of potentially valid hits (with full file content or just file metadata)

Context Carver

Carves data from evidence based off of keyword search results
Can be run against pre-run keyword results
Exports blocks of data specified by user (sectors, clusters, bytes, KB, MB)
Analyzes drive fragmentation to filter into contiguous runs of unallocated space
Can filter out non-human-readable and redundant control characters (i.e. multiple lines of page breaks) resulting in text files that only contain ASCII (low and high) human-readable text
Can export exact binary data to text files

As we get closer to the end of the beta we will be posting full documentation on our site. As a part of the scripts we have included help dialogs as a quick-reference.

Thank you again for participating, we look forward to receiving your feedback. If you have any questions please feel free to contact us via our Forums.

More Articles...

«
Start
Prev
1
2
Next
End
»

Page 1 of 2

42 LLC