Posts by mspencer

New Versions of HiveRecon and HbinRecon Launched

October 10th, 2018 Posted by Uncategorized 0 thoughts on “New Versions of HiveRecon and HbinRecon Launched”

What does HiveRecon do?

HiveRecon extracts Registry hives from Windows hibernation and crash dump files, often extracting hives when other solutions have completely failed and extracting healthier (more intact) hives when other solutions have appeared to run successfully. HiveRecon also extracts volatile hives and can incorporate swap files from the same hibernation session to extract even healthier Registry hives than if using a hibernation file alone.

(more…)

Free Arsenal Subscriptions for Colleges and Universities

September 24th, 2018 Posted by Uncategorized 0 thoughts on “Free Arsenal Subscriptions for Colleges and Universities”

Years ago when I was an adjunct professor teaching digital forensics at Bunker Hill Community College in Boston I very much appreciated both the free and discounted licenses provided by commercial software vendors. I am now working on having Arsenal formalize and publicize our practice of providing free software (beyond the “Free Mode” functionality offered in some of our tools) each semester to digital forensics programs at colleges and universities. (more…)

Sponsoring Arsenal Image Mounter

September 24th, 2018 Posted by Uncategorized 0 thoughts on “Sponsoring Arsenal Image Mounter”

Colleagues in digital forensics, please ask yourselves – do you find Arsenal Image Mounter (“AIM”) useful? Could your consulting, training, or software/hardware organization use great karma and a boost in public relations? (more…)

HiveRecon and HbinRecon Launched

August 9th, 2018 Posted by Uncategorized 0 thoughts on “HiveRecon and HbinRecon Launched”

August 9, 2018

How does exposing Windows Registry data you’ve never seen before sound to you?

We launched two new tools with powerful and unique functionality today – HiveRecon and HbinRecon. We are confident that our customers and colleagues, particularly those interested in the maximum exploitation of electronic evidence, will be pleased that we are yet again exposing valuable information that has not been possible previously.

(more…)

New Version (2.6.35) of Arsenal Image Mounter Launched

May 22nd, 2018 Posted by Uncategorized 0 thoughts on “New Version (2.6.35) of Arsenal Image Mounter Launched”

We are very happy to launch a new version (v2.6.35) of Arsenal Image Mounter (AIM) today! You can get the latest version of AIM (and our other tools) here. We know how popular AIM has become in the digital forensics community (and beyond), so we are continuing to add more powerful functionality to both Free and Professional Modes.

(more…)

Unique Windows Registry data in Fast Boot hibernation and hive transaction logs

February 27th, 2018 Posted by Uncategorized 0 thoughts on “Unique Windows Registry data in Fast Boot hibernation and hive transaction logs”

I was asked to take a recent flurry of Tweets and turn them into an Insights post with more detail. So, here goes!

We have spent some time at Arsenal looking at particularly important Windows Registry keys which are sometimes only found, in their most recent state, within Fast Boot hibernation and/or Registry hive transaction logs. In other words, these are important Registry keys that you may not find in their most recent state within active hives. We focused on important keys because it makes the situation more relatable to our colleagues in digital forensics. In this Insights post, we are further focusing on the following key from the SOFTWARE hive:

Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles

(more…)

Integrating Arsenal Image Mounter Source Code and APIs

February 21st, 2018 Posted by Uncategorized 0 thoughts on “Integrating Arsenal Image Mounter Source Code and APIs”

Arsenal Image Mounter was born when we found existing disk image mounting technology lacking during the development of our premier digital forensics tool Registry Recon. Since we now have quite a bit of experience being in a position where a powerful disk image mounter would take our project to the next level, we offer the Arsenal Image Mounter source code and APIs to commercial projects with an appropriate license and to open source projects royalty free.

(more…)

Arsenal Consulting’s President Selected to Open the OverDrive Hacking Conference

February 13th, 2018 Posted by Uncategorized 0 thoughts on “Arsenal Consulting’s President Selected to Open the OverDrive Hacking Conference”

Attendees Will Learn About Electronic Evidence Tampering that Evaded Detection by Digital Forensics Experts

Mark Spencer, President of Arsenal Consulting (ArsenalExperts.com) has been selected to open the OverDrive hacking conference in Spain with the most recent version of his award-winning presentation “High Stakes Evidence Tampering and the Failure of Digital Forensics” on April 18. The OverDrive conference is focused on enhancing the camaraderie of the worldwide hacker community by connecting people involved in many different aspects of computer security.

(more…)

Windows Hibernation Infographic

February 6th, 2018 Posted by Uncategorized 0 thoughts on “Windows Hibernation Infographic”

Why did we design the Windows hibernation infographic?

You can imagine how many emails we get about Windows hibernation files since we released Hibernation Recon. We noticed some misconceptions being repeated in these emails, so we decided to address them in an infographic that the digital forensics community could use as a resource and help us improve. We consider the infographic we are launching today to be the first version, as we already have more than enough interesting information to include on the reverse side of our second version.

(more…)