Digital Forensics

Generate an Unlimited Amount of VeraCrypt Containers

The major goal of this software is to frustrate a digital forensics examination by overwhelming an investigator with encrypted containers.

LSB Steganography Password Protect with Encryption in Python using PNG Files

This software implements LSB Steganography password protect, as described and demonstrated in the link above, and in addition, message encryption. This way a user can encrypt their hidden message using Fernet, with a passphrase.

LSB (Least Significate Bit) Steganography in Python using PNG Files

Using LSB Steganography in Python to hide a message in a PNG. Input and extract hidden messages using Least Significant Bit Steganography.

Simple File Wiping on Linux using shred and dd

Use the strings command again, but specify the encoding option strings data01 -e {b,l}. Remember when the "test" file was deleted? The rm command was used, not shred. The file name data still resides in the file table and is recoverable because of this.

Reading the Notepad Tab Cache

This software will gather notepad.exe tab cache data and print it to standard output in json format. Notepad keeps a cache of open tabs, meaning it remembers which files or documents you have open in the editor even if you close Notepad and reopen it later.

Disabling UserAssist in Registry

UserAssist registry forensics is a method used to investigate the activity of users on a Windows operating system.

Disk Wiping One Pass is Enough – part 2: this time with screenshots

It seems that there are still many people who do not understand what happens when storage media such as a  hard drive or flash based thumb drive is wiped with a single pass. There were many comments left about my last article on other websites where people were still spreading the myth that a single pass is insufficient. So I’ve created yet another article, this time with screenshots.

Disk Wiping: One Pass is Enough

Many people are under the impression that hard drives need to be wiped with multiple passes to prevent recovery of data. This is simply untrue with modern hard drives. According to the National Institute for Standards and Technology, “Studies have shown that most of today’s media can be effectively cleared by one overwrite.”

Latest news