November 14, 2019
Arsenal is unlike other digital forensics software vendors in the sense that we are consultants involved in casework first and software developers second. We build tools when we find valuable information being left behind by existing tools and techniques. In other words, if existing tools and techniques could deliver what we needed from our electronic evidence, we would happily buy or otherwise leverage them rather than launch ourselves into (often frustrating) software development. We are in a good position to know that our tools offer powerful and unique functionality, and we are doing what we can to make maximum exploitation of electronic evidence more accessible to our customers.
I once heard an interview with Todd McFarlane in which he said his company McFarlane Toys was not in competition with major toy manufacturers, but living in the gaps they left behind. For example, a major toy company might have a large number of requirements for their designers such as only applying a certain number of colors or a certain level of detail to a model. He explained that the models created by his company were not constrained by the same requirements, and were targeted at a different kind of consumer… a consumer who wanted more complex and authentic models. This interview left an impression on me, as he was describing what we do at Arsenal. We don’t build a “does everything” suite, we live in the gaps left by other digital forensics vendors and build surgical tools that expose information we could not have otherwise… which has proven incredibly valuable in our casework, and we hope in yours as well.
If you practice digital forensics and are familiar with the powerful and unique things our tools can do, please let others know… you will be helping us with our mission, as we work hard to help you with yours.
BitLocker is a Full Volume Encryption (FVE) technology introduced by Microsoft in the Ultimate and Enterprise versions of Windows Vista. BitLocker has come a very long way since Vista, becoming quite flexible (some of our colleagues might prefer the word complicated) and secure if used properly.
Microsoft’s “Office Document Cache” (hereafter, ODC) is complex, infuriating, and misunderstood. For years there have been digital forensics practitioners who knew how valuable information within ODCs was (especially within FSD files), but they were essentially left with scraps after throwing existing tools and techniques against them. After many of the proverbial late nights and early mornings, Arsenal has now drastically improved the situation for our colleagues in digital forensics.
Just a month after we published the Insights post “Digging into Gmail URLs”, Google made the use of their new Gmail interface mandatory. The old Gmail interface (let’s call it the “legacy” interface) had been in use for years, so even though it is no longer available online we expect to be dealing with it within our electronic evidence for years to come. The new Gmail interface includes not only considerable visual changes, but changes in URLs which impacted the Gmail URL decoding we discussed in our previous Insights pos
Stay Up to Date With The Latest News & Updates
Join Our Newsletter
Signup for the latest news on Registry, Hibernation Files, and other Digital Investigations related news.
or (617) 277-3625
Terms & Conditions