Blog

DOJ-approved and widely accepted computer forensic methods:

FTK Imager (AccessData)

Tool for creating forensic images and performing live previews of file systems. Can capture volatile memory, disk images, and carve out deleted files. Can extract Internet Explorer and Edge artifacts, including deleted cache and browsing history. Supports registry and memory analysis to find traces of visited websites.

Autopsy (Sleuth Kit)

Open-source forensic suite that provides an easy-to-use interface.

Supports keyword searching, metadata analysis, and recovery of deleted browsing history, cookies, and cached files.

EnCase Forensic (OpenText)

Industry-standard tool for in-depth disk analysis. Can recover deleted files, internet history, and even system artifacts related to browser activity. Can parse WebCacheV01.dat, where Edge and IE store history, cookies, and cache. Can extract deleted browsing records from unallocated disk space.

Magnet AXIOM

Specialized in analyzing internet artifacts, including browsing history, cache, and deleted cookies.

Also useful for recovering data from live and dead-box forensics. Has built-in support for analyzing IE and Edge artifacts, including: WebCacheV01.dat, TypedURLs, registry keys, Cookies, cache, and indexed databases

X-Ways Forensics

Lightweight but powerful forensic tool. Offers deep analysis of file systems, unallocated space, and browser artifacts. Supports deep recovery of deleted browsing history from disk images. Can parse IE’s index.dat and Edge’s WebCacheV01.dat.

NirSoft Browsing History View

Quick tool to extract and view browsing history from IE and Edge.

Can analyze deleted history if the underlying database files are still recoverable.

Bulk Extractor

Useful for extracting patterns such as URLs, email addresses, and credit card numbers from raw data.

Can process unallocated space and recover deleted browsing history. Can search for URLs, cache records, and other browser-related data in unallocated space and deleted files. Useful for parsing fragments of browsing history that still exist on disk.

Wireshark (If Network Traffic is Available)

While not a forensic recovery tool, it can help analyze network packets to see previously accessed websites if packet captures are available.

TestDisk & PhotoRec

While primarily designed for partition recovery, TestDisk can sometimes help recover deleted browser history files.

PhotoRec is useful for recovering specific file types like SQLite databases that browsers use. Can attempt recovery of deleted browser history database files: IE: index.dat Edge: WebCacheV01.dat

Volatility (If Memory Dumps are Available)

If a memory dump was taken, use Volatility plugins like iehistory or dumpfiles to extract browsing history stored in RAM.

sqlitebrowser

Can examine places.sqlite for Firefox history. DB Browser for SQLite for Chrome’s History database. 

Log2Timeline & Plaso

Can create a forensic timeline of browser activity. Can extract and correlate timestamps from IE’s index.dat and Edge’s WebCacheV01.dat. Useful for creating a timeline of browsing activity.

Registry Analysis Locations for Browsing History:

Windows

Browser Registry Key Purpose

Internet Explorer HKCU\Software\Microsoft\Internet Explorer\TypedURLs Stores manually typed URLs

Microsoft Edge (Legacy) HKCU\Software\Microsoft\Edge\TypedURLs Stores manually typed URLs

Google Chrome HKCU\Software\Google\Chrome\PreferenceMACs May contain encrypted browsing data

Mozilla Firefox HKCU\Software\Mozilla\Mozilla Firefox\ Stores Firefox profile information

All Browsers (Including Edge Chromium) HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths Stores recent manually typed paths, including URLs

Key Files for Browsing History Recovery

Browser File Location Purpose

Internet Explorer C:\Users\<user>\AppData\Local\Microsoft\Windows\History\index.dat Stores browsing history

Internet Explorer C:\Users\<user>\AppData\Local\Microsoft\Windows\Temporary Internet Files\ Stores cached files

Edge (Legacy) C:\Users\<user>\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat Stores browsing history, cookies, cache

Edge (Chromium) C:\Users\<user>\AppData\Local\Microsoft\Edge\User Data\Default\History SQLite database storing browsing history

Google Chrome C:\Users\<user>\AppData\Local\Google\Chrome\User Data\Default\History SQLite database storing browsing history

Google Chrome C:\Users\<user>\AppData\Local\Google\Chrome\User Data\Default\Cache Stores cached web content

Mozilla Firefox C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\<profile>\places.sqlite SQLite database storing browsing history and bookmarks

Mozilla Firefox C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\<profile>\cache2\entries\ Stores cached web contentMozilla Firefox C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\<profile>\cookies.sqlite Stores browser cookies

macOS:
Google Chrome
Profile Folder: ~/Library/Application Support/Google/Chrome/
Preferences: ~/Library/Application Support/Google/Chrome/User Data/Default/Preferences
Cache: ~/Library/Caches/Google/Chrome/
Extensions: ~/Library/Application Support/Google/Chrome/User Data/Default/Extensions/
History and Cookies: ~/Library/Application Support/Google/Chrome/User Data/Default/History

Firefox
Profile Folder: ~/Library/Application Support/Firefox/Profiles/
Preferences: ~/Library/Application Support/Firefox/profiles.ini
Cache: ~/Library/Caches/Firefox/
Extensions: ~/Library/Application Support/Firefox/Profiles/[ProfileName]/extensions/
History and Cookies: ~/Library/Application Support/Firefox/Profiles/[ProfileName]/places.sqlite

MS Edge
Microsoft Edge
Profile Folder: ~/Library/Application Support/Microsoft Edge/
Preferences: ~/Library/Application Support/Microsoft Edge/User Data/Default/Preferences
Cache: ~/Library/Caches/Microsoft Edge/
Extensions: ~/Library/Application Support/Microsoft Edge/User Data/Default/Extensions/
History and Cookies: ~/Library/Application Support/Microsoft Edge/User Data/Default/History

Safari
Profile Folder: ~/Library/Safari/
Preferences: ~/Library/Preferences/com.apple.Safari.plist
Cache: ~/Library/Caches/com.apple.Safari/
Extensions: ~/Library/Safari/Extensions/
History and Cookies: ~/Library/Safari/History.db

Linux:
Google Chrome
Profile Folder: ~/.config/google-chrome/
Preferences: ~/.config/google-chrome/Default/Preferences
Cache: ~/.cache/google-chrome/
Extensions: ~/.config/google-chrome/Default/Extensions/
History and Cookies: ~/.config/google-chrome/Default/History

Firefox
Profile Folder: ~/.mozilla/firefox/
Preferences: ~/.mozilla/firefox/profiles.ini
Cache: ~/.cache/mozilla/firefox/
Extensions: ~/.mozilla/firefox/[ProfileName]/extensions/
History and Cookies: ~/.mozilla/firefox/[ProfileName]/places.sqlite

MS Edge
Profile Folder: ~/.config/microsoft-edge/
Preferences: ~/.config/microsoft-edge/Default/Preferences
Cache: ~/.cache/microsoft-edge/
Extensions: ~/.config/microsoft-edge/Default/Extensions/
History and Cookies: ~/.config/microsoft-edge/Default/History

Which feature of the Disk Jockey Pro did you find most important and why?

Rapid low cost imaging

Is the Disk Jockey Pro cost-prohibitive?

Yes, because if you are buying anything for forensics you want to make sure the evidence is admissible.

DJP was originally designed and marketed as a hard drive duplicator and diagnostic tool for IT professionals, system administrators, and data recovery specialists, not forensic duplicator.

I would question the integrity of the expert witness and or forensic expert if they used a DJP because it lacks strong forensic write-blocking (risk of modifying source drive), doesnt provide detailed forensic logs or reports for chain of custody, it has limited storage support (mainly IDE/SATA, no NVMe or SAS) and lacks network imaging for remote forensic work.

Conversely, the Tableux looks more reliable than my former fiance and has all the features that DJP doesn’t which keeps it relevant for the next few years.

Finally, I would admonish DOJ for the pathetic excuse for a test that probably cost us thousands of dollars which produce self-defeating results.

If the point of a forensic imager is to write block and read only, and the test was considered successful because “all visible sectors were successfully overwritten” means that it doesn’t work or DOJ wants to be able to irrevocably destroy evidence?

Download DOJ_DJP_Report.pdf

Not sure what I’m missing here.

Oh, finally, Diskology is out of business, so if you want something guaranteed to corrupt evidence you can only get them on ebay for 100 bucks now.

https://www.ebay.com.hk/itm/115885964694Links to an external site.

In today’s happy accident, I generated images with grok and the prompt: ‘Bob Ross painting a Vietnam War scene on a canvas, wearing OD green military fatigues, with his afro visible, standing to the left presenting his right side, with the canvas clearly showing the combat scene he is painting, outside in Vietnam rice paddies’

sudo apt install code

sudo code –no-sandbox –user-data-dir ~/Desktop

It seems like every update vbox guest additions breaks or gets partially autoremoved. If you cant copy paste back and forth and you are geting drag and drop operation failed or other errors, try this.

1. sudo apt update -y
2. sudo apt upgrade -y
3. sudo apt autoremove -y
4. Now guest additions is broken, so mount the VBox Guest Additions ISO
5. sudo apt install -y build-essential dkms linux-headers-$(uname -r)
6. cd ./media/VBox_GAs_7.1.6/
7. sudo sh VBoxLinuxAdditions.run

There you go! Now get back to copy pasting I mean coding.

If anyone installing vscode on Kali linux
sudo apt install code
sudo code –no-sandbox –user-data-dir ~/Desktop
from within VSCode hit Ctrl+Shift+X
then click install under python support
then search for yapf formatter
hit install
go to run, select add config, then paste in the yaml lines below to force style, close and save
“yapf.args”: [ “–style”, “{based_on_style: google, indent_width: 2, column_limit: 100}”, ],

• What are key similarities and differences between GCP, AWS, and Azure in terms of core services (compute, storage, networking)?

I made a table to compare the actual products side by side and cut the marketing fat out of the analysis. 

Category	Azure	AWS	GCP
Compute	Virtual Machines (VMs) via Azure Virtual Machines	EC2 instances (Elastic Compute Cloud)	Google Compute Engine (GCE)
	Azure Functions (Serverless)	AWS Lambda (Serverless)	Cloud Functions (Serverless)
	Azure Kubernetes Service (AKS)	Amazon Elastic Kubernetes Service (EKS)	Google Kubernetes Engine (GKE)
Storage	Azure Blob Storage	Amazon S3	Google Cloud Storage
	Azure Disk Storage (SSD, HDD options)	Amazon EBS (Elastic Block Store)	Google Persistent Disks
	Azure Archive Storage (cold tier)	Amazon Glacier	Coldline and Archive Storage
Networking	Azure Virtual Network (VNet)	Amazon VPC (Virtual Private Cloud)	Google Virtual Private Cloud (VPC)
	Azure ExpressRoute (private connection)	AWS Direct Connect	Google Cloud Interconnect
	Load Balancer, Traffic Manager, Application Gateway	Elastic Load Balancing (ELB), Route 53	Google Cloud Load Balancing
Database	Azure SQL Database (PaaS), Cosmos DB (NoSQL)	Amazon RDS (Relational), DynamoDB (NoSQL)	Cloud SQL (Relational), Firestore (NoSQL)
	Azure Database for MySQL, PostgreSQL	Aurora (MySQL/PostgreSQL-compatible), Redshift (Data Warehouse)	Cloud Spanner (Globally distributed SQL DB), BigQuery (Data Warehouse)
AI/ML Services	Azure Machine Learning, Cognitive Services	Amazon SageMaker, AWS AI/ML Services	AI Platform, Vertex AI
	Azure OpenAI Service	AWS Deep Learning AMIs	Google DeepMind, AutoML
Global Network	60+ regions	100+ availability zones in 32 regions	35 regions, 106 zones
Hybrid Solutions	Azure Arc (for hybrid and multi-cloud deployments)	AWS Outposts (extend AWS on-premises)	Anthos (multi-cloud and hybrid management)
Containers	Azure Container Instances, Azure Kubernetes Service (AKS)	Amazon ECS (Elastic Container Service), EKS	Google Kubernetes Engine (GKE), Cloud Run
Security	Azure Security Center, Azure Active Directory	AWS Identity and Access Management (IAM), AWS Shield	Google Cloud IAM, Google Security Command Center
Monitoring	Azure Monitor, Application Insights	AWS CloudWatch, X-Ray	Google Cloud Monitoring, Google Cloud Operations Suite
Pricing Models	Pay-as-you-go, Reserved VMs, Spot pricing	On-demand, Reserved Instances, Spot Instances	Pay-as-you-go, Sustained Use Discounts, Committed Use Contracts
DevOps Tools	Azure DevOps, GitHub (owned by Microsoft), Azure Pipelines	AWS CodePipeline, CodeCommit	Google Cloud Build, Cloud Source Repositories
Big Data	Azure HDInsight, Azure Synapse Analytics	Amazon EMR (Elastic MapReduce), Redshift	Google BigQuery, Cloud Dataflow
IoT Solutions	Azure IoT Hub, Azure Digital Twins	AWS IoT Core, AWS Greengrass	Google Cloud IoT Core, Edge TPU
Free Tier	12-month free services, limited always free	12-month free services, always free tier (750 hours/month EC2)	12-month free services, always free (300 USD credit for new users)

• Which platform do you think is more user-friendly for beginners, and why?

I believe they are all predatory but Amazon has the least ulterior motive and greatest value proposition of the three options.

• How do you see the competition between AWS, GCP, and Azure evolving in the next 5 years?

Historically, Amazon actually sells goods and services and is customer service focused, whereas Microsoft and Google are both focused on virtual products and provide little, if any, service and support. Amazon offers training and education for free, whereas Google and Microsoft have freemium and paid tiers to bait and switch customers like cloud addicts. Microsoft has a bigger share price, but it has historically had an inflated value due to government contracts and engineered dependency of financial technology and businesses on Microsoft products. Amazon is consistently valued and is more flexible and less ego driven than Microsoft and Google. Historically, Amazon has employed more women than Microsoft and Google also so they demonstrate a commitment to fair employment practices, which are crucial for evolution of technology ecosystems like cloud computing.

• What tutorial and project did you explore in GCP (or another platform), and what was your experience?

Azure is a top heavy mess just like Windows. GCP is certainly the most accessible and most emulates the Apple UX experience. AWS is the most responsible and cost structured. 

Conclusion:

Even if these work well and have become the standard, they seem deficient and soulless. There needs to be a linux based cloud service like OpenStack, CloudStack, or NextCloud, and like LLMs there needs to be a common path toward building on a cloud platform that isn’t a monetized extension of flush companies that dominate the market. As taxpayers we are already subsidizing the networks, companies, and taxes of the executives, so I would like to see a universal basic cloud computing credit as a dividend on my investment as a taxpayer. Just like we should be getting internet, medical, water, and food discounted or comped because we already work and pay for the subsidies, grants, loans, tax breaks, and awards that built the cloud. Given this lopsided deal, it seems Amazon steals the least from the hostage consumer and gives you what you pay for without deceptive marketing.

American manufacturing isn’t dead, it’s just gotten smarter and more creative than ever. We just know better than to export certain CNC machines. CNC Machine export is controlled by the Bureau of Industry and Security (BIS) to prevent the proliferation of advanced weaponry and other national security concerns, so you have to do business with us to enjoy the highest quality prototyping and CNC manufacturing. Don’t buy your CNC machines on AliExpress, use in person or try someone else’s first! Here’s

Capability, not just type: The focus is on the machine’s capabilities, not just its designation (milling machine, lathe, etc.). Machines with higher precision and advanced features are more likely to be regulated.

Positioning and contouring: Machines with high positioning and contouring accuracy (measured in microns) can be especially controlled. Five-axis machines that can move and cut along simultaneous axes are generally restricted.

End-user and destination country: The intended use and the destination country also play a role. Machines going to certain countries or for specific uses may require licenses.

Here are some highly-rated American-made options to consider from various manufacturers, along with some key features that set us apart and keep us competitive.

Hurco VMX Series Vertical Machining Centers

Hurco is a prominent manufacturer of CNC machines based in Indianapolis, Indiana. Their VMX Series includes 5-axis vertical machining centers that are known for their user-friendly controls, wide range of configurations, and powerful capabilities.

HAAS UCM-5000 Universal Milling Machine

Haas Automation, founded in California, is a well-respected brand known for its production-oriented CNC machines. The UCM-5000 is a 5-axis universal milling machine designed for high-speed machining and offers excellent value for its price point.

DMG MORI SEIKI M Deckel Maho DMC 640 V Linear

DMG MORI SEIKI is a large corporation with manufacturing facilities around the world, including the United States. Their M Deckel Maho DMC series offers high-precision and advanced automation capabilities, making them suitable for demanding applications in the aerospace and medical sectors. The NHX Series offers 5-axis machining centers known for their speed and precision, making them well-suited for mold making and other applications requiring intricate details.

Mazak INTEGREX i-2000

Mazak is another major player in the global CNC machine market, with a strong presence in the United States. Their INTEGREX i-series offers 5-axis machining centers known for their durability, reliability, and advanced features for multitasking and automation.

Fadal Performance Series VMC 3016

Fadal, based in California, has been a manufacturer of CNC machines for many years. Their Performance Series VMC offers high-performance 5-axis vertical machining centers at a competitive price.

Extron 5X 5-Axis Machining Center

Extron is a company located in California that manufactures high-quality CNC machines for various industries. Their 5X Series offers 5-axis machining centers designed for performance and efficiency.

Denford 5-Axis Bridge Mills

Denford is a manufacturer of CNC machines based in Minnesota. Their 5-axis bridge mills are known for their compact size and user-friendly design, making them a good option for smaller shops or hobbyists.

JET Wave 5X 5-Axis Machining Center

JET, headquartered in South Carolina, offers a range of metalworking machinery, including CNC machines. Their Wave 5X is a 5-axis machining center designed for production environments and heavy-duty applications.

Kearney & Trecker CNC Machines

Kearney & Trecker has a long history as a manufacturer of heavy-duty machine tools. While the company was acquired by GF Machining Solutions in 2000, there are still Kearney & Trecker 5-axis CNC machines available on the used market. These machines are known for their durability and precision.

Remember, these are just a few examples, and there are many other American manufacturers of 5-axis CNC machines. It is important to consider your specific needs and budget when making your choice.

Taiwanese CNC machines aren’t quite American, but they are very high quality and have great english speaking Christian support.

Taiwan is a major hub for the manufacturing of CNC machines, boasting a reputation for high-quality and competitively priced machines. Here are some of the top CNC machine companies in Taiwan:

Goodway Machine Corp.

Founded in 1970, Goodway Machine Corp. is a prominent manufacturer of a wide range of CNC machines, including turning centers, machining centers, and vertical machining centers. They are known for their reliability, durability, and affordability.

Tongtai Machine & Tool Co., Ltd.

Established in 1969, Tongtai Machine & Tool Co., Ltd. is a major player in the global CNC machine market. They offer a comprehensive range of CNC machines, including machining centers, turning centers, and multitasking machines. They are known for their advanced technology, high-quality components, and strict quality control processes.

Kao Fong Machinery Co., Ltd.

Founded in 1978, Kao Fong Machinery Co., Ltd. specializes in manufacturing horizontal machining centers and boring machines. They are known for their high-precision machines, rigid construction, and ability to handle large workpieces.

Maxmill Machinery Co., Ltd.

Established in 1990, Maxmill Machinery Co., Ltd. is a leading manufacturer of CNC vertical machining centers and machining centers. They are known for their user-friendly controls, high-performance machines, and excellent value for money.

Victor Taichung Machinery Works Co.

Founded in 1940, Victor Taichung Machinery Works Co. is one of the oldest and most respected CNC machine manufacturers in Taiwan. They offer a wide range of CNC machines, including lathes, machining centers, and milling machines. They are known for their durable construction, reliable performance, and extensive experience in the machine tool industry.

Hiwin Technologies Corp.

Established in 1989, Hiwin Technologies Corp. is a major manufacturer of linear motion components and CNC machine tools. They are known for their high-quality linear bearings, ball screws, and CNC machining centers.

Litz Hitech Corp.

Founded in 1990, Litz Hitech Corp. specializes in manufacturing CNC lathes and turning centers. They are known for their high-precision machines, advanced features, and ability to handle complex machining tasks.

These are just a few of the many prominent CNC machine companies in Taiwan. The best choice for you will depend on your specific needs and requirements. Consider factors like the type of CNC machine you need, your budget, and the features that are most important to you.

Chinese made 5 axis contour control CNC machines are available but until security and economic situations improve, some amazing innovations and just great copies are available with great risk. With really affordable freight shipping and the right keywords, it’s really easy to deep dive the Chinese CNC machine market. Companies that make the most expensive and finest machines are:

Dongguan Jieshang Jiangde Cnc Machine Tool

Ningbo Gongcheng Machinery Co., Ltd.

Anhui Mingju Intelligent Equipment Co., Ltd.

Honorfuture

Uniontech

Dongguan Lewei Machinery Co., Ltd.

Sunrise Mechatronic Technology Co., Ltd.

Rakoncnc

While the Chinese CNC machines are relatively inexpensive alternatives, they have very little if any support and require an electronic engineering degree if you have a problem.

Here are some resources to learn more:

U.S. NATIONAL SECURITY AND THE PEOPLE’S REPUBLIC OF CHINA: This report discusses export controls on machine tools, including CNC machines, to address national security concerns https://www.fbi.gov/news/stories/chinese-government-poses-broad-and-unrelenting-threat-to-u-s-critical-infrastructure-fbi-director-says

Critical Technology Assessment: Five Axis Simultaneous Control Machine Tools: This document by the BIS details considerations for exporting five-axis CNC machines https://www.bis.doc.gov/index.php/other-areas/office-of-technology-evaluation-ote/technology-assessments

Great article on PPC compatible linux distros
https://www.pcwdld.com/best-powerpc-linux-distros