forensics tagged posts

Retrieve cached version of website you visited on chrome Mac OS / Windows

When doing forensics sometimes it is very important to retrieve the exact version of the web page visited to see the contents at the time of visit.

Recently I had a similar task but I couldn’t find any tool for Mac OS, so I decided to ask on Twitter, however most of the answers I got were focused on Windows.

After some trail and error with Python open source tools and other paid software I found the perfect solution.

If you want to do the same you can simply copy the cached files from Mac OS and use a freeware tool from nirsoft called: ChromeCacheView

The cached files on Mac should be on ~/Library/Google/Chrome/Cache; and also concider other none primal location such:
~/Library/Application Support/Google/Chrome and
~/Library/Application Support/Google/Chrome/Default/App...

Read More

Stolen iPhone? Find my iPhone not Activated? no UDID? No Problem!

Inspiration
Couple of days ago one of my siblings lost her iPhone, and because she doesn’t sync or take full backups regularly – as most of us – there was no way to retrieve the UDID (what is it?) of the iPhone so we can report it to the police and track it down.

Tool desc
I developed this Windows App to help anyone retrieve any smart phone  hardware ID (not for Apple devices only) under one condition: you have plugged it in your computer before (even for charging only. That will work too).

Screens

Credits
Thanks to this guy here who mentioned how to retrieve hardware IDs of all USB devices plugged into a Windows computer.

Disclaimer
I collect how many times you used the app.
I do not hold any responsibilities of how you use the app.
There is absolutely no guarantees using this app.

D...

Read More