Anti-Forensics-VHDX
Anti-Forensics-VHDX copied to clipboard
AndrewRathbun
A sample VHDX file with multiple verbose examples of forensic and anti-forensics artifacts. Meant to be basic and can be expanded upon. Please add a new issue if you have an idea for something to add....
Anti-Forensics-VHDX
This is a simple VHDX file with some files that have been named according to what was done with them. For text and Word files, make sure you read the contents of the file so you see what I did to them and can attribute that activity to MFTECmd output that's included.
Also, as a hint, some files have been deleted through various means. The filenames will give away what was done to those files.
For more on KAPE, check out my guide on AboutDFIR here.
For more on Timeline Explorer, check out my guide on AboutDFIR here.
For more on MFT Explorer/MFTECmd check out my guide on AboutDFIR here.
If there are any issues or suggestions for improvement, please create an Issue or do a Pull Request with updates of your own.
Changelog
| Date | Version | Description | Link |
|---|---|---|---|
| 2020-12-23 | 1.0 | Initial release | Link |
| 2021-01-01 | 1.1 | Added reformatted/wiped versions of v1.0 VHDX with KAPE Output, Recovered Files, etc | Link |
Hashes
| Filename | SHA1 | MD5 |
|---|---|---|
| Anti-Forensics Disk Image.vhdx | 25ZNIOHNVH357KN3ZTJ4KPGPSUU3PL3L | 400B7FBB6B7B0707F84BC600A6AE0A23 |
Hashes by Hasher
Metadata
Owner
AndrewRathbun
Metadata
A sample VHDX file with multiple verbose examples of forensic and anti-forensics artifacts. Meant to be basic and can be expanded upon. Please add a new issue if you have an idea for something to add....