Finding user accounts on a computer running the Windows Operating System (OS) is a standard part of a forensic examination. Local user accounts are found within the SAM Registry Hive, but what about computers connected to a domain?
During an examination, you may see a mismatch between accounts stored in the SAM Registry Hive and
There are many reasons why anyone working in the digital forensics/incident response profession should have the ability to record the screen of their computer. Whether it is recording the actions taken during an investigation so another person can replicate them, recording an adversaries activity on a victim machine, or simply creating some training videos,
URLs visible within the places.sqlite database file when viewing the file in hex view that are not visible when viewing the file in SQLite Manager or FTK’s viewer. The URLs seen in hex view are relevant to the investigation.
Path for Mozilla information (Windows XP): C:\Documents and Settings\%user%\Application Data\Mozilla\Firefox\Profiles\%uniquevalue%.default\
OS: Windows XP SP 3, 32
Peer-to-Peer (P2P) file sharing is one of the fastest and easiest ways for individuals around the world to obtain and trade images and videos of child sexual exploitation. As of October 2007, the Wyoming Internet Crimes Against Children (ICAC) Task Force has captured 377,044 unique computers sharing image and movie files containing child sexual