Dump password of application pool user from IIS >= 6.0
IIS Application pools are used to separate sets of IIS worker processes that share the same configuration and application boundaries. Application pools used to isolate […]
Category: Disk Forensics
Data Carving Issues
by Chetan Gupta, NII Consulting Many a times as an investigator, I have to deal with the issue of carving data from unallocated spaces in […]
Bad Superblock, corrupt inode tables and loads of bad luck!
by Chetan Gupta, NII Consulting Well, last week was abuzz with activity when we had to recover data from a corrupt Linux hard disk. Thought […]
Hiding data with Host Protected Area (HPA) in Linux
By Kush Wadhwa, NII Consulting Have you ever thought of hiding data in such a manner that it cannot be deleted even after the hard […]
Computer Forensics Volunteer Project
by Bhushan Shah, NII Consulting Mrs Carol L. Stimmel has taken upon her to start a Computer Forensic Volunteer Project to provide low-cost services to […]
Understanding Index.dat (Internet History Data File in Windows)
by Bhushan Shah, NII Consulting The index.dat is a file which contains the list of the websites that one has visited. It comes from “indexing” […]
LINReS – An open source Linux Incident Response Tool!
By Chetan Gupta, NII Consulting In accordance with NII’s mantra of innovation and research, we have developed our own tool to conduct initial response on […]
Article on Dissecting NTFS Hidden Streams
NII Consulting’s Chetan Gupta (GCFA) has published an article at ForensicFocus on the Alternate Data Streams in NTFS, and how these can be detected. This […]
Rainbow Tables Simplified (Password Cracking for Windows)
By Bhushan Shah, NII Consulting Windows passwords are stored in the registry (encrypted) in the form of a hash. LMHash was the first hash function […]
UserAssist Revisited!
By Chetan Gupta, NII Consulting In my previous article on Userassist, I had mentioned how UserAssist records user access of specific objects on the system […]