Dump password of application pool user from IIS >= 6.0
IIS Application pools are used to separate sets of IIS worker processes that share the same configuration and application boundaries. […]
Category: Disk Forensics
Data Carving Issues
by Chetan Gupta, NII Consulting Many a times as an investigator, I have to deal with the issue of carving […]
Bad Superblock, corrupt inode tables and loads of bad luck!
by Chetan Gupta, NII Consulting Well, last week was abuzz with activity when we had to recover data from a […]
Hiding data with Host Protected Area (HPA) in Linux
By Kush Wadhwa, NII Consulting Have you ever thought of hiding data in such a manner that it cannot be […]
Computer Forensics Volunteer Project
by Bhushan Shah, NII Consulting Mrs Carol L. Stimmel has taken upon her to start a Computer Forensic Volunteer Project […]
Understanding Index.dat (Internet History Data File in Windows)
by Bhushan Shah, NII Consulting The index.dat is a file which contains the list of the websites that one has […]
LINReS – An open source Linux Incident Response Tool!
By Chetan Gupta, NII Consulting In accordance with NII’s mantra of innovation and research, we have developed our own tool […]
Article on Dissecting NTFS Hidden Streams
NII Consulting’s Chetan Gupta (GCFA) has published an article at ForensicFocus on the Alternate Data Streams in NTFS, and how […]
Rainbow Tables Simplified (Password Cracking for Windows)
By Bhushan Shah, NII Consulting Windows passwords are stored in the registry (encrypted) in the form of a hash. LMHash […]
UserAssist Revisited!
By Chetan Gupta, NII Consulting In my previous article on Userassist, I had mentioned how UserAssist records user access of […]