Author Archives: phx4n6

Exporting Exchange mailboxes in chunks with Powershell

Today’s post is about chunking email exports from Exchange 2007 with Powershell. Back in the days of Exchange 5.5 through 2003, exporting a mailbox was done with ExMerge. Exchange admins had a love/hate relationship with ExMerge. It wasn’t the prettiest … Continue reading

Posted in Uncategorized | Tagged , , | Leave a comment

Extracting user login events from Security.evtx with Log Parser [Updated!]

UPDATE – At the bottom of the page, I have included an Excel macro to help cleanup the CSVĀ output from Log Parser. Investigations usually center around what was happening, and when. In a corporate environment, things can sometimes get turned … Continue reading

Posted in Uncategorized | Leave a comment

Windows Reliability Monitor Forensic Artifacts [Updated!]

As a follow up to my earlier post on Reliability Monitor analysis, I have finished updating the ParseRacWmi tool to include the ability to parse the new Wmi.db format used by WIndows 8.1. You can download the tool here (SQL … Continue reading

Posted in Uncategorized | Tagged , , , | Leave a comment

Windows 7 Reliability Monitor Forensic Artifacts

The ParseRacWmi tool mentioned here has been updated! See this post for more information. ————————————- The Windows Reliability Monitor is a tool that runs by default on all editions of Windows 7 and 8, as well as Vista and Server … Continue reading

Posted in Uncategorized | Tagged , | 3 Comments

Timezone adjustment in Excel

One problem for any organization that spans timezones is reporting on log information. For example, my organization collects web proxy logs across the US and Europe. All of these logs are pulled into a central repository (Splunk – one of … Continue reading

Posted in Uncategorized | Tagged , | Leave a comment

Info_hash decoding in URLs [Updated]

Update: I have written a small utility that will take the encoded hash and decode it for us. After that, it will do a Google Search, which will often turn up the name of the file being downloaded. If not, … Continue reading

Posted in Uncategorized | Tagged , , | Leave a comment

Welcome to yet another digital forensics blog!

I know there are lots of options for blogs containing information on digital forensics, and I wouldn’t blame you a bit if you never even find this blog. I’m actually doing this for purely selfish reasons. Every day in this … Continue reading

Posted in Uncategorized | Leave a comment