I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange
Orlando, FL
Joined November 2008
- Tweets 19,311
- Following 237
- Followers 13,672
- Likes 12
RT @AFoDBlog: A Digital Forensics Innocence Project exforensis.blogspot.com/2011… [Hard for me to do pro bono as an independent, but I'm in favor]
1
@attrc Also, you're a lot smarter than the typical suspect I investigate... :-)
@attrc I would say that it would still appear odd if there was nothing in your standard browser caches.
@DouglasBrush @littlemac042 But it's totally lame when you're dealing with .5T drives and up...
@littlemac042 @DouglasBrush I just wish I didn't have to scan for each artifact type separately. Why can't I select multiple browsers?
1
On a related note, thanks to @DouglasBrush for the recommendation on Digital Detective's HstEx tool for web artifact recovery...
1
1
Pro tip: Going to make extensive use of InPrivate browsing? Put some innocuous stuff in the regular cache. Lack of evidence is also a clue.
3
2
@DouglasBrush mount-ewf or FTK Imager to mount, then dd into qemu-img to produce vmdk?
@ServiceSphere Except they won't do your work for you... Hmmm, never mind, forget I said that...
RT @cpbeefcake: ... I love forensics, and there is still so much to do! [Amen, brother!]
@ChrisJohnRiley I have a "short form" and a "long form" bio and just re-use them. No big deal.
1
RT @brycegalbraith: thinkgeek.com/gadgets/travel… [Oh heck yes!]
4
3
RT @mikeysan On the Effectiveness of Aluminium Foil Helmets: berkeley.intel-research.net/… (via @Forensication)
@DouglasBrush I have a huge foodie nerdcrush on you right now...
@CharlesTBetz @TedCoine follows everybody but then filters out the vast majority. This is largely indistinguishable from @chrisdancy's view.
1
@tcrawford Remember, this is airline logic we're talking here...
1