[Pauldotcom] Forensic File Analysis
Strzelec, Wally
wally at tamu.edu
Fri Dec 12 23:03:17 UTC 2008
If this is for "evidentiary purposes", document everything that you do
and why you did it. That way once the files are modified you can
remember/explain how and why.
---
Wally Strzelec, GCFA, GCWN
Sr. IT Manager
Computing & Information Services
Texas A&M University
From: pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Kevin
Shortt
Sent: Friday, December 12, 2008 12:06 PM
To: pauldotcom at pdc-mail.pauldotcom.com
Subject: Re: [Pauldotcom] Forensic File Analysis
Thanks for all the replies. I learned of some new tools. I love lists
like this for that reason.
I am using systernals.com for most of my info gathering and checksums to
validate the file in question.
I have one more trolling question but will open a new thread.
Thanks to all.
-Kevin
On Wed, Dec 10, 2008 at 4:30 PM, Kevin Shortt <kevin.shortt at gmail.com>
wrote:
Any free tools out there that will preserve a windows file properties
(access time, creator, etc..) for evidentiary purposes?
Any and all leads/suggestions appreciated.
Thanks..
-Kevin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20081212/8d2250c5/attachment-0001.htm
More information about the Pauldotcom
mailing list