Throughout this Insights post, we will discuss significant differences between URLs related to the legacy and new Gmail interfaces (hereafter, the legacy and new Gmail URLs) as well as the process of decoding information from the now “obfuscated” URLs. By doing so, we will be able to effectively extract important information from both the legacy and new Gmail URLs.
HiveRecon extracts Registry hives from Windows hibernation and crash dump files, often extracting hives when other solutions have completely failed and extracting healthier (more intact) hives when other solutions have appeared to run successfully. HiveRecon also extracts volatile hives and can incorporate swap files from the same hibernation session to extract even healthier Registry hives than if using a hibernation file alone.
Years ago when I was an adjunct professor teaching digital forensics at Bunker Hill Community College in Boston I very much appreciated both the free and discounted licenses provided by commercial software vendors. I am now working on having Arsenal formalize and publicize our practice of providing free software (beyond the “Free Mode” functionality offered in some of our tools) each semester to digital forensics programs at colleges and universities.
Colleagues in digital forensics, please ask yourselves – do you find Arsenal Image Mounter (“AIM”) useful? Could your consulting, training, or software/hardware organization use great karma and a boost in public relations?
One of our recent cases involved an ongoing dispute between two executives who we’ll call Alice and Eve. Their dispute escalated when Alice returned after a day out of the office and noticed that her Gmail account was open on a shared computer they both used. Alice became suspicious that someone had accessed her Gmail account (she had forgotten to log out of it when she was last in the office) while she was gone.
We launched two new tools with powerful and unique functionality today – HiveRecon and HbinRecon. We are confident that our customers and colleagues, particularly those interested in the maximum exploitation of electronic evidence, will be pleased that we are yet again exposing valuable information that has not been possible previously.
Join our mailing list to arm yourself with updates about Arsenal tools, training, and research. Our mailing list is double opt-in so you will need to check your email and confirm your subscription before receiving our mailings.
or (617) 277-3625
Terms & Conditions