Man I like you work ... I have a strange question. At 7:02 you made a zoom while you are recording ... what is the screen recorder and the editing software you used ??
Thanks! ScreenFlow was used for much of the early work. I still use it today, but just for the basic screen recordings. I use Final Cut Pro X to do everything else.
with all do respect could you clarify what is the difference between this tool and autopsy ? as it shows same detailed information about deleted files.
Awesome video however please forgive my ignorance. What use is this in a forensic scenario? As when the file is emptied from trash the $r $i files are removed too or at least from within this scope. Which makes this technique obsolete?
Often, the Recycle Bin folders are not emptied. I've encountered this numerous times in investigations. Additionally, one may be able to recover (carve) files from unallocated space.
@@13Cubed I have $ index files from before when I emptied the recycle bin but I can't find $ index for files I deleted this morning. Why some $ index files are available after permanent deletion and not others.
I will add this to my suggestions list. I would probably do a video per browser, as a single video covering all of the major vendors would be very long.
13Cubed really appreciated for the great efforts. i have a question to ask. If someone accessed a file on remote server then deleted it what evidence we can pull from server side and client side to confront him.
Server-side, it depends on whether or not you have an object access audit policy configured to generate logs for that activity. Client-side, there are numerous ways to determine whether a file was opened or a particular folder was accessed -- Shellbags and LNK files would be one of the first things that come to mind.
13Cubed i have tried shellbags it shows folders. LNK files i think its there but didnot have a tool to check i just saw it and could not open or check the file info because its been deleted. Please if you have more artifacts later add it please . Thanks alot for the great help
![BLACK BAG - Official Trailer [HD] - Only in Theaters March 14](http://i.ytimg.com/vi/Du0Xp8WX_7I/mqdefault.jpg)
This is great! Thank you for all the hard work in putting these videos together.
Another great video, well done, clear and straight forward information.
Thanks.
This guy does GREAT forensics work!
Man I like you work ... I have a strange question.
At 7:02 you made a zoom while you are recording ... what is the screen recorder and the editing software you used ??
Thanks! ScreenFlow was used for much of the early work. I still use it today, but just for the basic screen recordings. I use Final Cut Pro X to do everything else.
@@13Cubed thanks for the answer
Nice video brother ;) Subscribed!
with all do respect could you clarify what is the difference between this tool and autopsy ? as it shows same detailed information about deleted files.
thanks! super interesting. handy to see wmic cmd as well.
Is there a way to recover the files that been deleted for example the files deleted using shift + delete etc ?
Not from Recycle Bin, but they would be in unallocated space until overwritten, or potentially within any volume shadows present on the system.
@@13Cubed so please can you tell me how to recover it or from where , and thanks a lot
Robin Hood Watch the episodes covering volume shadows - those should help you; or try various file recovery software like PhotoRec.
@@13Cubedthank you very much !
Really Great video............
Thanks For sharing the knowledge...............
Awesome video however please forgive my ignorance. What use is this in a forensic scenario? As when the file is emptied from trash the $r $i files are removed too or at least from within this scope. Which makes this technique obsolete?
Often, the Recycle Bin folders are not emptied. I've encountered this numerous times in investigations. Additionally, one may be able to recover (carve) files from unallocated space.
Thank you!
@@13Cubed I have $ index files from before when I emptied the recycle bin but I can't find $ index for files I deleted this morning. Why some $ index files are available after permanent deletion and not others.
Great video!
You can use 7-Zip in Admin mode to visit the folder and so on
Very informative.
Can you make a full in-depth video about browser forensics.
I will add this to my suggestions list. I would probably do a video per browser, as a single video covering all of the major vendors would be very long.
13Cubed really appreciated for the great efforts. i have a question to ask. If someone accessed a file on remote server then deleted it what evidence we can pull from server side and client side to confront him.
Server-side, it depends on whether or not you have an object access audit policy configured to generate logs for that activity. Client-side, there are numerous ways to determine whether a file was opened or a particular folder was accessed -- Shellbags and LNK files would be one of the first things that come to mind.
13Cubed i have tried shellbags it shows folders. LNK files i think its there but didnot have a tool to check i just saw it and could not open or check the file info because its been deleted. Please if you have more artifacts later add it please . Thanks alot for the great help
Super
neat