Monthly Archives: February, 2018

Unique Windows Registry data in Fast Boot hibernation and hive transaction logs

February 27th, 2018 Posted by Uncategorized 0 thoughts on “Unique Windows Registry data in Fast Boot hibernation and hive transaction logs”

I was asked to take a recent flurry of Tweets and turn them into an Insights post with more detail. So, here goes!

We have spent some time at Arsenal looking at particularly important Windows Registry keys which are sometimes only found, in their most recent state, within Fast Boot hibernation and/or Registry hive transaction logs. In other words, these are important Registry keys that you may not find in their most recent state within active hives. We focused on important keys because it makes the situation more relatable to our colleagues in digital forensics. In this Insights post, we are further focusing on the following key from the SOFTWARE hive:

Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles

(more…)

Integrating Arsenal Image Mounter Source Code and APIs

February 21st, 2018 Posted by Uncategorized 0 thoughts on “Integrating Arsenal Image Mounter Source Code and APIs”

Arsenal Image Mounter was born when we found existing disk image mounting technology lacking during the development of our premier digital forensics tool Registry Recon. Since we now have quite a bit of experience being in a position where a powerful disk image mounter would take our project to the next level, we offer the Arsenal Image Mounter source code and APIs to commercial projects with an appropriate license and to open source projects royalty free.

(more…)

Case Study in Successful Dash Cam Video Repair

February 16th, 2018 Posted by Uncategorized 0 thoughts on “Case Study in Successful Dash Cam Video Repair”

In late December 2017 I was alerted to someone looking for help to repair a damaged video from a dash cam, a video which may have captured a horrible accident.

(more…)

Arsenal Consulting’s President Selected to Open the OverDrive Hacking Conference

February 13th, 2018 Posted by Uncategorized 0 thoughts on “Arsenal Consulting’s President Selected to Open the OverDrive Hacking Conference”

Attendees Will Learn About Electronic Evidence Tampering that Evaded Detection by Digital Forensics Experts

Mark Spencer, President of Arsenal Consulting (ArsenalExperts.com) has been selected to open the OverDrive hacking conference in Spain with the most recent version of his award-winning presentation “High Stakes Evidence Tampering and the Failure of Digital Forensics” on April 18. The OverDrive conference is focused on enhancing the camaraderie of the worldwide hacker community by connecting people involved in many different aspects of computer security.

(more…)

Windows Hibernation Infographic

February 6th, 2018 Posted by Uncategorized 0 thoughts on “Windows Hibernation Infographic”

Why did we design the Windows hibernation infographic?

You can imagine how many emails we get about Windows hibernation files since we released Hibernation Recon. We noticed some misconceptions being repeated in these emails, so we decided to address them in an infographic that the digital forensics community could use as a resource and help us improve. We consider the infographic we are launching today to be the first version, as we already have more than enough interesting information to include on the reverse side of our second version.

(more…)