Virtual Machine disk forensics with DFF

For several years, virtual technologies have become more accessible and are now used in both professional and personal environments. Whatsoever free, Open Source tools or commercial softwares, people can in one click create one or many virtual systems within a physical computer. As a traditional computer these virtual machines can contain evidences of suspicious activities. […]

Time filtering

During a digital analysis, times information can have a major importance. Performing filtering based on timestamps can help reducing the scope of an analysis, and eliminate part of the elements who are not related to the investigation. These temporal data can come from a lot of different sources, such as: File systems timestamps EXIF metadata […]

Concatenate dd split images

It is recurrent to have to concatenate dd splitted images and DFF provides a way to achieve it easily. The demonstation of this functionnality will be based on dumps provided by [1] and more precisely the nps-2009-canon2 images set [2]. There are six RAW splitted images named nps-2009-canon2-gen*.raw (with * ranging from 1 to […]