Category Archives: Computer Forensic Tools

History Viewer 4.8 – A Windows “Forensic” Tool At Your Fingertips

imageI’ve covered a number of high- end, professional quality forensics computer applications here previously – including SForensics Beta. Which, rightfully deserves the description – “professional”. Generally, this type of application requires an in-depth study, and considerable practice, in order to obtain the best results. Decidedly, not for the average user.

But, here’s a little freeware application – History Viewer – which doesn’t approach the robustness of  SForensics Beta – but nevertheless, will let you take a peek at various Window’s histories – as illustrated in the following screen capture.

Click on any graphic to expand.

image

I’ll wager that you’ve not yet seen the contents of your Windows Index.dat file. Not a problem with History Viewer up and running. Some entries in the following graphic have been blacked out for personal security reasons.

History Viewer 1

The information generated by the application is of such a personal nature that I’m very limited in posting screen shots. The following graphic illustrates the application’s ability to capture and display USB storage history.

With this feature, you will have the ability to chastise those who have connected a USB drive without your permission.   Smile

image

Installation fair warning.

image

System requirements: Windows XP, Vista, Win 7 ( 32 and 64 bit)

Download at: Download Crew

History Viewer is really a simple tool and, I’m not convinced that “Forensics” is appropriate in describing its capabilities. But, it does have value as a quick report tool if you’re interested in scanning a machine for past usage by you – or, other users with access to the machine.

A useful tool for techies perhaps, who run into massively infected machines where a user makes the common disclaimer – I never surf porn sites.  Smile

Note: I’ve come across references which indicate that this application “may” contain malware. This, from some major sites which should know better. Tools of this nature often trigger AVs – since they operate in a way that mimics malware.

The VirusTotal analysis of this file follows –

image

13 Comments

Filed under Computer Forensic Tools, Freeware, Software, System Utilities

Staples Resells Storage Devices Without Wiping Customers’ Personal Information

imageCanada’s privacy watchdog, Jennifer Stoddart, is no slouch when it comes to aggressively enforcing her mandate – providing the strongest possible privacy protection for Canadians, in an era of constantly evolving risks to privacy.

Stoddart has successfully taken on Google, Facebook,  and a multitude of transgressors intent on violating Canada’s federal privacy law – the Personal Information and Electronic Documents Act.

As part of her annual report, released yesterday, Stoddard outlined what she described as a “long-standing problem” – Staples Business Depot’s failure to fully wipe customers’ personal data – including government-issued identification numbers, financial statements, employment histories, medical information, e-mail messages, personal correspondence and photographs – from computers, laptops, USB Hard Drives, and memory cards, prior to resale. A stunning violation of the Personal Information and Electronic Documents Act. 

But why be polite? Rather than a just a violation of the privacy act – what we’re really talking about is; a negligently stupid lack of consideration for the privacy of the people who pay the bills – the customer.

Stoddart’s common sense position: If you (Staples) can’t remove all customer data from a device, then don’t sell it.

In a rather pathetic response, Staples Business Depot tried to weasel out of the blowback from what is clearly an embarrassing and perhaps legally challenging (although, this remains to be seen) situation, by describing the data wipe process as ineffective. Theoretically technically true – but, disingenuous nevertheless.

Short of melting down a Hard Drive’s platter/s, there is always a risk (theoretically), that deleted/overwritten data can be recovered. But, an average user is not up against James Bond, the CIA,  the FBI, or a computer forensic specialist running an application such as OSForensics – which I have reviewed here.

Some practical advice:

If you are ever in a position where you find it necessary to return a storage device for a refund or replacement, do not trust that the merchant will apply proper security precautions. Instead, run a reliable utility designed to erase and overwrite data on the storage device.

To learn how to do this using the freeware application File Shredder 2 – read the companion piece to this article – Delete Data Permanently With Free Free File Shredder 2 – which I posted immediately following this article.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

7 Comments

Filed under Computer Forensic Tools, Freeware, Point of View, Privacy, Secure File Deletion, Software, System Security, Windows Tips and Tools

You Can Be A Computer Detective Too, With OSForensics Beta

imageThe CSI TV franchise is great entertainment – but that’s what it is – entertainment. Nevertheless, the investigative techniques, despite the fact they are, in the main, pure science fiction – are pretty convincing.

One area where television productions, like this, and movies for that matter, generally get it right is – computer forensic investigation. While this type of investigation, with the investigators fingers flying across the keyboard, appears to be complex, in fact – the process is generally driven by software that is well organized, and logically constructed.

If you would like to try your hand at being a computer “Sherlock Holmes”, then checkout OSForensics Beta (latest release February 4, 2011), a menu driven forensic application that will allow you to identify, extract, document, and interpret data, on your computer.

The GUI is laid out in a functional and logical step by step process – easy to understand and navigate.

image

I won’t cover all of the capabilities of OSForensics ( I don’t want to spoil all your investigative fun), but as an example, the application can scan a system for evidence of recent activity, including accessed websites, USB drives, wireless networks, recent downloads, website logins and website passwords.

image

Just one example – in the screen shot below, you can see that the application has captured my login password (blacked out for privacy), for my Hotmail account.

OSF

The deleted file recovery function is particularly powerful and the application provides a graphical view of the allocation of the deleted file clusters on the physical disk.

image

Fast facts:

Search for Emails – An additional feature of being able to search within files is the ability to search email archives. The indexing process can open and read most popular email file formats (including pst) and identify the individual messages.

Recover Deleted Files – After a file has been deleted, even once removed from the recycling bin, it often still exists until another new file takes its place on the hard drive. OSForensics can track down this ghost file data and attempt to restore it back to useable state on the hard drive.

Uncover Recent Activity – Find out what users have been up to. OSForensics can uncover the user actions performed recently on the system, including but not limited to:

Opened Documents

Web Browsing History

Connected USB Devices

Connected Network Shares

Collect System Information – Find out what’s inside the computer. Detailed information about the hardware a system is running on:

CPU type and number of CPUs

Amount and type of RAM

Installed Hard Drives

Connected USB devices, and much more.

View Active Memory – Look directly at what is currently in the systems main memory. Attempt to uncover passwords and other sensitive information that would otherwise be inaccessible. Select from a list of active processes on the system to inspect. OSF can also dump their memory to a file on disk for later inspection.

Extract Logins and Passwords – Recover usernames and passwords from recently accessed websites in common web browsers, including Internet Explorer, Firefox, Chrome and Opera.

While the application is designed as a forensic recovery tool, I can think of a number of uses for this application (since it can be run from USB drive), over and above its expressed purpose. I’m sure you can too.

System requirements: Windows XP, Vista, Win 7, Server 2000, 2003, 2008 (32bit and 64bit support – 64bit recommended). Minimum 1GB of RAM. (4GB+ recommended), 30MB of free disk space – can be run from USB drive.

Download the beta at: PassMark Software

There are a number of worthwhile additional free tools which can be used in conjunction with OSForensics. Checkout the developer’s site here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

8 Comments

Filed under Beta Software, Computer Audit Applications, Computer Forensic Tools, Computer Tools, Deleted File Recovery, Freeware, Geek Software and Tools, Software, System Utilities