AUTHOR NAME

Max

22 POSTS
0 COMMENTS

Reading the Notepad Tab Cache

This software will gather notepad.exe tab cache data and print it to standard output in json format. Notepad keeps a cache of open tabs, meaning it remembers which files or documents you have open in the editor even if you close Notepad and reopen it later.

Disabling UserAssist in Registry

UserAssist registry forensics is a method used to investigate the activity of users on a Windows operating system.

Simple C# Timestomp

SharpTimestomp.exe is a simple proof-of-concept timestomp application that modifies date/time values for the file indicated in the arguments.

SimpleWiper Suite – Wiping Files With C#

The SimpleWiper suite of tools includes a SimpleFileWiper application. This application will calculate the size of the file to be deleted. It will then overwrite the file with random data.

C# – Kill Process (FTK Imager)

Simple C# application demonstrating how to kill running processes. In this case, the Digital Forensics software. C# Kill Process

sprung – Reboot Operating System (Linux) When a Thumbdrive is Removed

sprung is a simple script that scans for a device ID and the serial number for a particular device. If the device is removed or malfunctions so that either the device ID or the serial number change or become unreadable, a forced system reset occurs using a Magic SysRq Key routine.

shkval – Remote Wiping Software for Linux

shkval is an example of a remote wiping software that can be used on any Linux system utilizing nftables. nft rules are setup on the server so that packet data, including TCP options, are stored in entries logged to dmesg. This means we do not need to bind to a socket to send commands to the system.

C# AES-256 CBC Encryption and Decryption (SimpleEncryptor) Source Code/GitHub

Learn to encrypt files with C# CSharp AES-256 CBC Mode Encryption Github Source Code

FBI: Blind Faith Program

The Blind Faith Program is an analytical program which provides a technical countermeasures profile for targets of investigative interest to the FBI.

Disk Wiping One Pass is Enough – part 2: this time with screenshots

It seems that there are still many people who do not understand what happens when storage media such as a  hard drive or flash based thumb drive is wiped with a single pass. There were many comments left about my last article on other websites where people were still spreading the myth that a single pass is insufficient. So I’ve created yet another article, this time with screenshots.

Latest news