Monthly Archives: December 2016

Windows 10 Prefetch and WinPrefetch View

Posted on by

I am currently taking the Windows Prefetch class in the Surviving Digital Forensics training series presented by Sumuri.

The class has recently been updated to include the format change of the prefetch files in Windows 10. In addition this weeks episode of the Surviving Digital Forensics podcast talks about the format change of the prefetch files but also talks about NirSoft WinPrefetchView version 1.35 application that can be utilized to decode and analyze Windows 10 prefetch files.

Continue reading

WiebeTech Media Write Blocker

Posted on by

Hardware write blockers are key pieces of equipment for any forensic examiner when acquiring a forensic clone of any data.  This is true for analysis of memory cards and USB devices as well.

CRU Inc. offers another hardware write blocker to assist in the acquisition of data from memory cards and USB devices known as the WiebeTech Media WriteBlocker.  Continue reading