NII Consulting’s Chetan Gupta (GCFA) has published an article at ForensicFocus on the Alternate Data Streams in NTFS, and how these can be detected. This article discusses a “…particular feature of this file system which was designed to offer compatibility with Macintosh Hierarchical File System (HFS) and store additional data called metadata for a file. […]

By Bhushan Shah, NII Consulting Windows passwords are stored in the registry (encrypted) in the form of a hash. LMHash was the first hash function used by Microsoft to secure their passwords. Eventually when the security issues popped up (as LMHash is quite insecure) they had to come up with NLTM and the most recent […]

By Kush Wadhwa, NII Consulting Welcome to the world of log analysis. Log analysis plays a crucial role in intrusion detection. If the compromised system is running on Linux platform one of the first steps which the investigator will perform is the analysis of log files. Linux has an ability to store the logs of […]

By Chetan Gupta, NII Consulting In my previous article on Userassist, I had mentioned how UserAssist records user access of specific objects on the system and how it would greatly aid forensic investigations. Although, I had shown how to decrypt the keys, the important thing that was missing was how to interpret the 16 bytes […]

Penetration Testing Fyodor’s back with his top 100 security tools for 2006. One of the most significant, but not surprising, entries is that of Metasploit Framework at #5 on the list. Since the launch of the 2.0 series, Metasploit has become one of the most popular security tools out there. The 3.0 series is a […]

K K Mookhey, NII Consulting Two recent events bring to light how the lacunae in India’s privacy laws are now hitting where it hurts most – the bottomline. According to this report in the Economic Times, Apple and Powergen have moved their back-office operations out of India. This follows closely on the heels of the […]

By Chetan Gupta, NII Consulting A supposedly nightmarish tool for the investigator community! Recently this tool was released at the metasploit anti-forensics site and is available here. Like the website mentions, this tool can be a headche for any forensic investigator and a handy tool for any mischevious since it has the ability to change […]

by Chetan Gupta, NII Consulting A small experiment…Create a new text file. Edit it using Notepad and type “Hello” in it. save and exit the editor. Right click the file and check its properties. Did you notice the two attributes “Size” and “Size on disk”. It looks something like this on my Windows XP system […]

by Chetan Gupta, NII Consulting I was looking for a utility which allows me to remotely access running processes’ list of a suspect machine running Windows OS. I found this wonderful utility which allows to not only view the processses and their PIDs but also filter the processes according to the certain criteria such as […]

by Chetan Gupta, NII Consulting Windows XP has a built-in feature – UserAssist, that acts as a monitoring tool and greatly aids in the forensic investigation of Windows operating systems. UserAssist records user access of specific objects on the system, such as executables, Control Panel applets, shortcut files, etc. This is stored in the registry […]