Author Archives: george

FTK Windows Server 2008 SYSTEM Filter

I recently found it necessary to quickly grab a large amount of SYSTEM registry files to determine the current control set and time zone information. FTK displays this information upon clicking the SYSTEM registry file. However, when you have a … Continue reading

Posted in Uncategorized | Leave a comment

More FTK Filters

In my last post, I mentioned two useful FTK filters for quickly finding files of interest. Below are two more that may be helpful to a digital investigator examining a Microsoft Windows Server 2008 R2 server (may work on others, … Continue reading

Posted in Forensics | Tagged , | Leave a comment

FTK Filters are Your Friend

I have been working on a forensic investigation of about 20 Windows Server 2008 R2 VMs using FTK 4.2. FTK makes examining many systems manageable. One feature that has saved me a tremendous amount of time is the Filters feature. … Continue reading

Posted in Forensics | Tagged , , , | Leave a comment

Going Paperless: Where Paper Meets Bits and Bytes

A client consulted me about going to a paperless environment. His company utilizes several different forms and numerous other documents through the course of daily business. These documents were typically filed in file cabinets after their initial use, never to … Continue reading

Posted in Uncategorized | Tagged , , , | Comments Off

Logging User Activities within Linux with bash scripts

I am just starting to learn the power of bash scripting. So, this script below may not be the best way of doing this, but hear me out. I often find myself trying to figure out what commands I executed in … Continue reading

Posted in Linux | Tagged , , , | Leave a comment