PaulDotCom mailing list archives
Forensic File Analysis
From: wally at tamu.edu (Strzelec, Wally)
Date: Fri, 12 Dec 2008 17:03:17 -0600
If this is for "evidentiary purposes", document everything that you do and why you did it. That way once the files are modified you can remember/explain how and why. --- Wally Strzelec, GCFA, GCWN Sr. IT Manager Computing & Information Services Texas A&M University From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Kevin Shortt Sent: Friday, December 12, 2008 12:06 PM To: pauldotcom at pdc-mail.pauldotcom.com Subject: Re: [Pauldotcom] Forensic File Analysis Thanks for all the replies. I learned of some new tools. I love lists like this for that reason. I am using systernals.com for most of my info gathering and checksums to validate the file in question. I have one more trolling question but will open a new thread. Thanks to all. -Kevin On Wed, Dec 10, 2008 at 4:30 PM, Kevin Shortt <kevin.shortt at gmail.com> wrote: Any free tools out there that will preserve a windows file properties (access time, creator, etc..) for evidentiary purposes? Any and all leads/suggestions appreciated. Thanks.. -Kevin -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20081212/8d2250c5/attachment.htm
Current thread:
- Gonzor / Themiddler / PEScrambler, (continued)
- Gonzor / Themiddler / PEScrambler Paul Asadoorian (Dec 16)
- Gonzor / Themiddler / PEScrambler Nathan Sweaney (Dec 16)
- Gonzor / Themiddler / PEScrambler Tim Mugherini (Dec 16)
- Gonzor / Themiddler / PEScrambler Nils (Dec 16)
- Gonzor / Themiddler / PEScrambler Paul Asadoorian (Dec 16)
- Gonzor / Themiddler / PEScrambler Joel Esler (Dec 16)
- Gonzor / Themiddler / PEScrambler Adrian Crenshaw (Dec 16)
- Forensic File Analysis Strzelec, Wally (Dec 12)