Computer Forensics and Data Analysis
Software  
      Search:
Featuring

Home
What's New
Software

Reference

About Us
FAQs
Articles
Resources

Our Company

Legal Notices
Contact Us
Blocked E_mails

Articles
( On Computer Forensics and other technical subjects)

Note: Some older sites my no longer be availables.

New zip hash article coming in Feb 2023, as soon as the court case is finished

A challenge   (6/2020) for you to test your forensic hash/copy/zip software for forensic and evidentiary reliability.

Test your software   (5/2019) Make sure your software can produce the proper results based on your needs. Test its operation so you know its capabilities and shortcomings before you get asked by an attorney.

Inventory/Catalog files  During an investigation, the first thing you most likely will do is create an inventory of the items seized. No different for electronic data. So, what software do you use to create the inventory of the files located within the expected evidence location of the hard drive, folder, server, etc. And creating an inventory of evidentiary files which makes sense.

Forensic file copying   (5/2019, updated 7/2020) Make sure your file copy procedures are reliable and can stand up in court as true forensically stable copy processes. This article explains why it might be necessary to validate your file copy program to ensure good forensic practice of establishing file and evidence integrity.

Using File Hashes to Ensure good forensic processes   This article explains why it might be necessary to use file hashes in order to ensure good forensic practice of establishing file and evidence integrity.

ZIP-IT   (5/2019)   An unscientific test of the capabilities or failures of zipping programs as related to possible forensic and storage operations.

ZIP_IT_TAKE2   (2/2020)   An unscientific followup explaining some test results relating to the ZIP article above.

ZIP_IT_HASHES   (2/2023)   A discussion and testing of the changes in hash values for an apparent identicle zip/container.

Time stamps   of files are important. Does your software, (hashing, copying, listing) provide accurate and true time values when they are run. Does it alter or maintain timestamps correctly. (5/2019)

Data Integrity: How to Authenticate Your Electronic Records   Written 5/2003, This article explains the uses of the MD5 algorithm and the Maresware Hash program to validate the integrity of source files. It describes a procedure using Hash and Hashcmp programs (based on the MD5 algorithm).

NT Alternate Data Streams  By Dan Mares. This article discusses what Alternate Data Streams are, how they can be created, and how they might affect a forensic investigation. (BTW: most of the Maresware software which operates on files has the capability of working with Alternate Data Streams).

What Time Is It?    Article adapted from a series of previously published articles by Dan Mares. Discusses in detail the three time stamps which belong to files: these are generally referred to as MAC time (Modified, Access, Create). Examples especially relevant to computer forensic examiners.

Top

Home  |  Whats New  |  Training  |  Services  |
About Us  |  FAQs  |  Articles  |  Resources  |  Legal Notices  |  Contact Us  |
Files A-C  |  Files D-F  |  Files G-K  |  Files L-O  |  Files P-S  |  Files T-Z  |
 |  SoftwareData Analysis Software  |  Forensic Processing Software  |  Linux Processing Software  |
Complete helpfile.zip  | Complete pdf_s.zip  | Complete 16 bit software.zip  | Complete 32 bit software.zip  |
 
copyright © 1998-2023 by Dan Mares and/or Mares and Company, LLC