Tweet
Hi Mark
i think we talked about this before ...
whit the latest additions the product is becoming more and more
usable and useful (i find myself using it more often every day) and
when you'll introduce the support for EWF images it could be not
rarely the only tool i need for some kind of investigations ... but ...
i still think that skipping Pagefile.sys & Hiberfil.sys for their size is
really a shame because these two files are very very often a
"Treasure Chest" of informations.
I tried to enable "custom limits" but the program says that anyway
the maximum file size must not exceed 2gb which is often not enough
with modern pc.
I think you should introduce some specific module to scan these two files (possibly leaving it/them as an option that the examiner can enable/disable);
IMHO a specific module could be a right option because of their peculiarities
(pagefile.sys should be carved like a sort of ram image while Hiberfil.sys
has some kind of compression applied ...).
What do you think about this ?
Kind regards
i think we talked about this before ...
whit the latest additions the product is becoming more and more
usable and useful (i find myself using it more often every day) and
when you'll introduce the support for EWF images it could be not
rarely the only tool i need for some kind of investigations ... but ...
i still think that skipping Pagefile.sys & Hiberfil.sys for their size is
really a shame because these two files are very very often a
"Treasure Chest" of informations.
I tried to enable "custom limits" but the program says that anyway
the maximum file size must not exceed 2gb which is often not enough
with modern pc.
I think you should introduce some specific module to scan these two files (possibly leaving it/them as an option that the examiner can enable/disable);
IMHO a specific module could be a right option because of their peculiarities
(pagefile.sys should be carved like a sort of ram image while Hiberfil.sys
has some kind of compression applied ...).
What do you think about this ?
Kind regards
Comment