Other

PreviousNetwork Traffic Analysis NextOnline Tools

Last updated 1 year ago

Was this helpful?

Other

– Used to extract attachments from incoming emails.

– Reverse engineering virtual machine.

– Fuzzing Windows binaries.

: Carves and recreates VSS catalog and store from Windows disk image.

vss_carver.py -t <disk_image_type> -o <volume_offset_in_bytes> -i <disk_image> -c <catalog_file> -s <store_file>

: Autopsy® is the premier end-to-end open source digital forensics platform. Built by Basis Technology with the core features you expect in commercial forensic tools, Autopsy is a fast, thorough, and efficient hard drive investigation solution that evolves with your needs.

Migrating from Domain Profile to Local Profile

Click Start and type Computer Manager
Right click on Computer Manager and ‘Run as Administrator’
Expand Local Users and Groups
Expand Users
Create a new user account
Add this new user account to the local Administrators group
Install Profwiz ()
Launch Profile Wizard
Select the domain user account for the user list and click Next
Click to top drop down and select the local computer name
Select Join Workgroup
Add the username of the local account created above.
Click Next and wait….

(The migration depends on how much data the user has and if it’s located on a server)

Once the migration is complete you will be able to select Next, then Finished.
The machine will then reboot and finish the migration off.
Once it reboots, the default login will be the new local user account you created, now login to this account.
When the account logs in, Windows will finish off setting up the new profile. You’ll see ‘Updating Apps XX%’. Once this has finished, you’ll be logged in to your new local profile.
You’ll need to clean up a few things:
1. Disconnect any Mapped Network Drives
2. Change any file associations is you are using an application other than a default one, Windows will be resetting file associations for a few minutes, you’ll see the popups in the bottom right hand corner of the screen.
3. Check Outlook if you use it, you may need to pop your email password(s) back in.

PreviousNetwork Traffic Analysis NextOnline Tools

Last updated 1 year ago

Was this helpful?

– Used to extract attachments from incoming emails.

– Reverse engineering virtual machine.

– Fuzzing Windows binaries.

: Carves and recreates VSS catalog and store from Windows disk image.

vss_carver.py -t <disk_image_type> -o <volume_offset_in_bytes> -i <disk_image> -c <catalog_file> -s <store_file>

Migrating from Domain Profile to Local Profile

Click Start and type Computer Manager
Right click on Computer Manager and ‘Run as Administrator’
Expand Local Users and Groups
Expand Users
Create a new user account
Add this new user account to the local Administrators group
Install Profwiz ()
Launch Profile Wizard
Select the domain user account for the user list and click Next
Click to top drop down and select the local computer name
Select Join Workgroup
Add the username of the local account created above.
Click Next and wait….

(The migration depends on how much data the user has and if it’s located on a server)

Once the migration is complete you will be able to select Next, then Finished.
The machine will then reboot and finish the migration off.
Once it reboots, the default login will be the new local user account you created, now login to this account.
When the account logs in, Windows will finish off setting up the new profile. You’ll see ‘Updating Apps XX%’. Once this has finished, you’ll be logged in to your new local profile.
You’ll need to clean up a few things:
1. Disconnect any Mapped Network Drives
2. Change any file associations is you are using an application other than a default one, Windows will be resetting file associations for a few minutes, you’ll see the popups in the bottom right hand corner of the screen.
3. Check Outlook if you use it, you may need to pop your email password(s) back in.

ForensiT Domain Migration