Insights
The Interesting Case of Windows Hibernation and BitLocker
Digital forensics practitioners may not be aware of the nuances of what happens when introducing various BitLocker activities into the mix of hibernation and in-file TRIM.
An Inside View of Office Document Cache Exploitation
Once you think through the implications of what can be done not only with multiple document versions extracted from FSD files as ODC Recon has always done, but what can be done with the granular revision information that can be found within FSD files and temporary collaboration data, you should be having a “lean back in the chair” moment.
Quick Tour of New Features in Arsenal Image Mounter v3.1.101
The workflow for launching virtual machines has been significantly improved in Arsenal Image Mounter v3.1.101! You will now see a single dialog box (rather than a series of prompts) which consolidates important options related to launching virtual machines.
Accessing Protected Content using Windows Domain Controllers and Workstations
So, if you need to access EFS-encrypted files, you do not have the user’s Windows password, and you may even be dealing with an “IT gone rogue” (i.e. you cannot rely on help from IT – e.g. one or more may be suspects!) scenario, what are your options?
A Brief Note About Our Mission
Arsenal is unlike other digital forensics software vendors in the sense that we are consultants involved in casework first and software developers second. We build tools when we find valuable information being left behind by existing tools and techniques.
BitLocker for DFIR – Part II
In “BitLocker for DFIR – Part I” we provided a quick summary of BitLocker, details regarding the various “states” of BitLocker volumes that we see most often in our casework, and some thoughts on things that are particularly relevant to digital forensics and incident response practitioners. We will now discuss launching virtual machines from BitLockered disk images.
Arm Yourself!
Join our mailing list to arm yourself with updates about Arsenal tools, training, and research. Our mailing list is double opt-in so you will need to check your email and confirm your subscription before receiving our mailings.
Chelsea, Massachusetts
sales@ArsenalRecon.com
(617) ARSENAL
or (617) 277-3625
Site Map
Home
Products
Pricing
Training
Testimonials
Insights
Contact
FAQ
Legal
Privacy Policy
Terms & Conditions
Cookie Policy
Follow Us
