Stack Overflow
Stack Overflow

Questions tagged [computer-forensics]

Examining digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the information.

Computer forensics is a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the information.

Read more at the Wikipedia article Computer forensics.

177 questions
41
votes
13 answers

Find Programming Language Used

Whats the easiest way to find out what programming language an application was written in? I would like to know if its vb or c++ or delphi or .net etc from the program exe file.
veagles
  • 465
  • 1
  • 5
  • 8
25
votes
7 answers

Mounting VMDK disk image

I have a single vmware disk image file with vmdk extension I am trying to mount this and explore all of the partitions (including hidden ones). I've tried to follow several guides, such as :…
Without Me It Just Aweso
  • 3,745
  • 10
  • 30
  • 52
19
votes
8 answers

How Can I Find Out *HOW* My Site Was Hacked? How Do I Find Site Vulnerabilities?

One of my custom developed ASP.NET sites was hacked today: "Hacked By Swan (Please Stop Wars !.. )" It is using ASP.NET and SQL Server 2005 and IIS 6.0 and Windows 2003 server. I am not using Ajax and I think I am using stored procedures everywhere…
Imageree
  • 4,303
  • 5
  • 24
  • 33
15
votes
9 answers

Text editor capable of viewing invisibles?

A recent problem* left me wondering whether there is a text editor out there that lets you see every single character of the file, even if they are invisible? Specifically, I'm not looking for hex editing capabilities, I am interested in a text…
Timo
  • 4,126
  • 6
  • 26
  • 40
10
votes
3 answers

Windows Spanned Disks (LDM) restoration with Linux?

Is it possible to read Windows 2008 LDM partitions in Linux? We have five 512GB LUNS exported through ISCSI to a dead Windows 2008 and this box doesn't want them anymore. Windows believes they are now raw devices... So I'd like to read the…
Thomas
  • 2,601
  • 2
  • 14
  • 20
7
votes
1 answer

Determine which computer a git commit came from

Lately I've been exploring the vast and terrible world of intellectual property law and people seem to think that if you create something(software) on your time, with your equipment, it typically belongs to you. I know there are many exclusions to…
James
  • 3,139
  • 2
  • 17
  • 22
5
votes
5 answers

Extracting jpegs from a disk dump

I've got a 16GB memory card off someone that won't load properly (asks to be reformatted). I'm trying to get jpegs off it. I've run dd to dump the contents to a file, which worked splendidly. The file won't mount and be read, so the contents are…
Rich Bradshaw
  • 67,265
  • 44
  • 170
  • 236
5
votes
1 answer

Finding a modified image - image forensics

I have a couple of standard ways of detecting a modified image such as Luminance gradient Copy move detection Metadata Extraction Histogram analysis ELA(Error level analysis) Quantization matrix analysis Thumbnail analysis are there any other…
Sundeep Pidugu
  • 1,966
  • 2
  • 13
  • 35
5
votes
3 answers

Malicious PHP files detected by Host

I don't know if this is the right place to ask this question, if it isn't please let me know. I recently got a project to move a website from one host (don't know which) to a new one (hostgator). I did that, and within one day got a mail from…
VeeK
  • 1,207
  • 12
  • 33
5
votes
1 answer

Search strings in a large MEMORY.DMP file

How can I search a string in a large MEMORY.DMP file generated by Windows BSOD (Windows 8.1 64 bit)? On 32-bit Windows, the command s -a 0 ffffffff "my pattern" seems to work. But for 64-bit windows, s -a 0 ffffffff`ffffffff "my pattern" takes…
murali
  • 59
  • 4
4
votes
1 answer

Internet Explorer AutoComplete Form Data

I am looking to load, display and have the user remove stored AutoComplete data from Internet Explorer using c#. I am looking specifically for form data and not stored credentials. Not sure if IE version matters, but I do believe Windows version…
Remy
  • 212
  • 3
  • 10
3
votes
1 answer

How to extract content between tags in html using grep command

I want to write a grep command which will extract content between h1 tags irrespective of class and other attributes I tried grep -o '>.*' Email.txt But gave only three elements
Eswar Saladi
  • 89
  • 5
3
votes
1 answer

How long do dirty database pages usually stay inside memory before getting flushed back to disk in InnoDB MySQL?

By database pages i mean : https://dev.mysql.com/doc/internals/en/innodb-page-structure.html Now these pages get loaded to memory when we issue a query against it, and it gets changed there only and get marked as dirty I'm not sure whether this…
OneAndOnly
  • 466
  • 3
  • 15
3
votes
1 answer

How can I get timestamps on previously connected USB devices?

I'm trying to get an old PowerShell script to show the times of previously connected USB devices. After having read a few forensics blogs like this, I found this script from this blog. (Script by Jason Walker.) Unfortunately it doesn't show any…
not2qubit
  • 10,014
  • 4
  • 72
  • 101
3
votes
2 answers

Encase forensics .dd

I used Mandiant Intelligent Response to acquire a disk image of a window 7 computer. After it finished it gave me a .dd file. I have been trying to used Encase to analyse the file but when I add the evidence it does not give me the full file…
JamesGreen64
  • 39
  • 2
1
2 3
11 12