munpack – Used to extract attachments from incoming emails.

REMNUX – Reverse engineering virtual machine.

WinAFL – Fuzzing Windows binaries.

vss_carver: Carves and recreates VSS catalog and store from Windows disk image.

vss_carver.py -t <disk_image_type> -o <volume_offset_in_bytes> -i <disk_image> -c <catalog_file> -s <store_file>

autopsy: Autopsy® is the premier end-to-end open source digital forensics platform. Built by Basis Technology with the core features you expect in commercial forensic tools, Autopsy is a fast, thorough, and efficient hard drive investigation solution that evolves with your needs.

Migrating from Domain Profile to Local Profile

  1. Click Start and type Computer Manager

  2. Right click on Computer Manager and ‘Run as Administrator’

  3. Expand Local Users and Groups

  4. Expand Users

  5. Create a new user account

  6. Add this new user account to the local Administrators group

  7. Install Profwiz (Download from here)

  8. Launch Profile Wizard

  9. Select the domain user account for the user list and click Next

  10. Click to top drop down and select the local computer name

  11. Select Join Workgroup

  12. Add the username of the local account created above.

  13. Click Next and wait….

(The migration depends on how much data the user has and if it’s located on a server)

  1. Once the migration is complete you will be able to select Next, then Finished.

  2. The machine will then reboot and finish the migration off.

  3. Once it reboots, the default login will be the new local user account you created, now login to this account.

  4. When the account logs in, Windows will finish off setting up the new profile. You’ll see ‘Updating Apps XX%’. Once this has finished, you’ll be logged in to your new local profile.

  5. You’ll need to clean up a few things:

    1. Disconnect any Mapped Network Drives

    2. Change any file associations is you are using an application other than a default one, Windows will be resetting file associations for a few minutes, you’ll see the popups in the bottom right hand corner of the screen.

    3. Check Outlook if you use it, you may need to pop your email password(s) back in.

Last updated