Posts by bgerdon

Digging into Gmail URLs

August 22nd, 2018 Posted by Uncategorized 0 thoughts on “Digging into Gmail URLs”

A little curiosity can go a long way in digital forensics!

One of our recent cases involved an ongoing dispute between two executives who we’ll call Alice and Eve. Their dispute escalated when Alice returned after a day out of the office and noticed that her Gmail account was open on a shared computer they both used. Alice became suspicious that someone had accessed her Gmail account (she had forgotten to log out of it when she was last in the office) while she was gone. One of Alice’s coworkers told her that Eve had been using the shared computer on the day in question. Alice took a quick look at the Chrome web browser’s history, which seemed to confirm her suspicion — she saw activity which appeared to be related to her account while she was away. Alice reached out to her lawyer with her concerns, and her lawyer reached out to us.

(more…)

An Adventure in Cached Windows Domain Password Recovery

July 11th, 2018 Posted by Uncategorized 0 thoughts on “An Adventure in Cached Windows Domain Password Recovery”

Who in DFIR doesn’t like a good challenge?

 

We had a case recently in which modifications made to a Windows XP Registry, and the impact of those changes on the environment of a particular domain account, were quite important. Digital forensics practitioners on the other side of our case developed their findings on this issue by virtualizing a forensic image obtained from the computer and logging into it with a local account, rather than the domain account in question. Why?

(more…)