Search
    • 6 days ago

Extracting Artifact Data from Zoom

Magnet Forensics Axiom is a forensics tool which can be used to collect and analyze data from computers and smartphones. Chat messages and web browsing history can be pulled from iPhones and Androids, and data can be recovered from apps like SnapChat.


It also can collect artifact data from Zoom software installed on a Windows PC, or mobile phones. The artifact data differs from the actual user added content in that rather than being content the user intentionally creates and views, it is the data that is left behind from the use of the application.


With the login info for the system Zoom was installed on, Axiom can decrypt artifact data to thread chat messages together.


The artifact data can serve as a record showing who exchanged messages and when they were exchanged.







9 views0 comments
    • May 18

Host Protected Areas

Note that many drives will contain a host protected area, which will not be displayed in the file explorer for an operating system. The MAX ADDRESS of a drive can be set so less than the full size of a drive is shown. The rest of the drive will be a host protected area, the OS cannot work with. But BIOS software may work with the host protected area. A host protected area may be required for some firmware because it cannot successfully boot from a large drive.

Host protected areas can also be used to hold system restore software.

The host protected area will not be altered when a drive is reformatted, so theft detection software may be loaded there.

Naturally, the host protected area is also a good place to hide data, including malware.

8 views0 comments
    • May 8

Very Hidden Excel Worksheets

Don't miss that Excel includes a feature which you can use to make worksheets very hard to find. In Visual Basic, if you go to View . . . Properties Window you will bring up options for each of the worksheets shown in the project list to the left. There is a drop down menu for the Visible field. If the very hidden option is selected . . .



. . . not only will the worksheet not be displayed with the rest of the 'tabs', but it will not be included in the list of worksheets to unhide, when you right click on a worksheet and select 'Unhide'.



12 views0 comments

Sean O'Shea has more than 15 years of experience in the litigation support field with major law firms in New York and San Francisco.   He is an ACEDS Certified eDiscovery Specialist and a Relativity Certified Administrator.

The views expressed in this blog are those of the owner and do not reflect the views or opinions of the owner’s employer.

 

All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information.

 

This policy is subject to change at any time.