SQLite Forensics Book, now available on Amazon

More information here

 

Software

Articles related to software we write

  1. SQLite Recovery

    Many recent applications and even operating systems, particularly on mobile phones, have embraced the SQLite database as a standard. This means that as forensic investigators we need to be able to find and parse these databases as part of almost every case.

    While there are tools that can examine specific SQLite databases such as SkypeAlyzer and NetAnalysis and these tools provide functionality to parse databases to look for deleted records and carve records from unallocated space. ...
    Categories
    Software
  2. MFTView

    Quote Originally Posted by sandy771 View Post
    I have just uploaded a beta version of the software for you to play with. version 1.1.0

    This version has an inbuilt hex editor (based on RevEnge and the same as that seen in LinkAlyzer and PmExplorer) when you select a file entry from the file list the MFT is displayed raw in the hex view and the decoded fields are displayed in the vertical list to the right of the screen. When a value in the vertical list is selected (say the created date) the relevant bytes in the raw data are highlighted.
    ...
    Categories
    Software
  3. KaZAlyzer

    Quote Originally Posted by sandy771 View Post
    I have decided to release my old program KaZAlyser as unsupported software as I still get the very occasional request for it.

    you can download the software from here

    http://www.sandersonforensics.com/fi...lysersetup.exe
    the password for which is power attitude trim

    When prompted you will need to enter the following information to fully enable KaAzlyser

    In the top box enter the following single line

    Free software - no
    ...
    Categories
    Software
  4. MFTView

    A little application I knocked up a while ago to look at the additional dates recorded in an MFT entry.

    You need to extract the MFT from an image and then point MFTView at it - it then loads the complete MFT into a database (this can take a few minutes) and allows you to navigate it as you would any file system.

    www.sandersonforensics.com/Files/MFTView.zip
    Categories
    Software