Computer Tips
X-WAYS FORENSICS
What | Link - |
Prefetch folder Each time you turn on your computer, Windows keeps track of the way your computer starts and which programs you commonly open. ... The prefetch folder is a subfolder of the Windows system folder. The prefetch folder is self-maintaining, and there's no need to delete it or empty its contents. | C:\Windows\Prefetch |
Potpourri I,II,III,IV,V | |
Whois (IP adressen opzoeken) | |
Spyderweb (vanalles opzoeken ... e-mail, | |
Convert files (OCR) via Google Documents | |
Google location | |
GSM (Mobile) number belongs to which provider (welke provider op basis van GSM nummer | |
Identifcation of a mobile via an IMEI number | |
Position of the Mobile antennas (GSM masten positie en coordinaten) | |
Compare mobile networks (signaalsterkte meten van Base Proximus Mobistar) | |
Find your Ipad Iphone or Ipod via Icloud (IPhone zoeken vinden via Icloud) | |
Find your Android device (Android toestel zoeken vinden via Google account) | |
Verify e-mail address (kijken of e-mail adres nog bestaat) | |
FACEBOOK custom Tools (Facebook speciale opzoekingen) | |
FACEBOOK ID Go to the Facebook user profile of the target. Right-click on an empty area of the page and select "view source code". You will get a new page with the source code. Search for the term profile_owner. The number located next to profile_owner is the unique Facebook ID. | |
TWITTER search | |
Social Media Checker (kan ik nog registreren met een naam op bepaade sociale media) | |
Privacy | |
Google image search (Foto zoeken via Google) | |
Reverse image search (Foto opzoeken via TinEye) Reverse image search (Foto opzoeken via TinEye) | |
Stolen camera finder (gebruik foto's om via de metadata foto's op het internet terug te vinden die met dezelfde camera werden getrokken) | |
E-mail header analysis (e-mai headers analyseren) | |
Website copier (volledige website kopieren) | |
Video to JPG converter (video omzetten in JPG) | |
Nirsoft (veel gratis programma's | |
FoneFunShop (allerhande tools voor GSM ) | |
Mac address finder (Mac adres opzoeken) | |
Mac address changing | |
RAM (Random Access Memory) investigation | |
GPS coordinaten ingeven in Google Maps | |
Reverse engineering | |
Which files are encrypted? (ransomware geëncrypteerde bestanden identificeren | |
Ransomware identification (ransomware identificeren) | |
All kind of tools to use for system analysis Download for the suite here | |
Computer Forensics Tutorials | |
Hoe lost u boot en opstart problemen op met UEFI | |
Device configuration overlay (DCO) changer Detection tools[edit] HDAT2 a free software program can be used to create/remove Host Protected Area (HPA) (using command SET MAX) and create/remove DCO hidden area (using command DCO MODIFY). It also can do other functions on the DCO. Data Synergy's free ATATool utility can be used to detect a DCO from a Windows environment. The current version does not allow a DCO to be removed.[3] | |
What is DCO (harddisk verborgen gebied) ook HPA | |
HPA (Host Protected Area) Verborgen gedeelte op harddisk | |
X-Ways lessons with video | |
X‐Ways Forensics (v15.4) QuickStart Guide | |
X-Ways Forensics manual (handleiding) | |
X-Ways Forensics extended File Type Categories | |
X-Ways Operating system info | Right click on partition (not the whole disk) and go to "properties" |
Regular expressions ( Grep ) - long list (Master Card, Bitcoin, e-mail.......) | |
How to Pull Passwords from a Memory Dump | |
Windows File Encryption (former to Windows Bitlocker) | |
Wiki FCCU | |
Created: 12 Aug 2006 11:34:14 - this is when the file was created at that location. Here 'created' doesn't necessarily mean made. Modified: 14 July 2006 09:05:45 - this is when the file content was last changed and then saved. Accessed: 12 Aug 2006 12:05:34 - this was when the file was last touched in some way. Be careful because this could include an AV application checking the file and doesn't necessarily infer user interaction. | |
What is ARP cache | |
Petya ransomware outbreak: Here’s what you need to know | |