If somebody copied a file from a windows file server to elsewhere, e.g. desktop, USB drive, would there be any form of footprint/evidence on the server itself of such an activity taking place. I know windows OS leave many forensics artefacts of file opening, such as jump lists, but I have never heard of forensics artefacts regarding file copies on the source location itself, so without a suspect and then their device its tricky to identify,
Also if file level auditing was enabled on the server, where specifically in the event logs would those actions be captured, and does windows capture copies, or only file creations/deletions/access type events? I presume by default file type auditing is off?

I have a client who has had two separate credit cards compromised in the last week.  Same user, same computer, different secure websites, and two totally different cards.  I have run malware and AV scans on the machine, verified the web browser was fully patched and didn't have any extensions installed, verified Gateway AV IPS and App Control was enabled on the Sonicwall.  We looked for rogue APs and came back clean.  Both cards were used within an hour of being used for online transactions and the cards were entered in to the web browser manually, not saved.  I am running out of ideas on where to look or what to even look for.  Any help would be appreciated.

I’m an IT Tech and thought it would be cool to learn how to hack my own wireless network and I know CEH teaches this but what other cool stuff does it teach ?

Do any of the windows or other event logs (or any other file or artefact for that matter) on a windows machine capture what network/wifis a machine connects too. And / or the IP address assigned to a machine at a given time (which in this case wont be that issued by our network as it was 'off site' work).

can anyone recommend any file/data recovery apps for NTFS formatted USB sticks, to recovery user data that has been accidentally deleted. There seems an awful lot of choice, but I'd rather test out any freebies before committing to a paid solution. Anything which could recovery data / files from an image of a USB stick taken using something like FTK Imager  as well would be most interesting.

would there be any forensics artefacts on a windows 7/10 machine, specific to any emails viewed via outlook 2010, e.g. subject titles or the such like. I wondered if jump lists may have entries for outlook, and then each specific email be classed as a 'file'? Or any other locations where outlook 2010 forensics artefacts may reside. I want to prove ideally the subject titles of any recently opened emails. I am also looking from the exchange side as well, but client side would help also in this instance.

If a user plugs into a windows 7 machine a smartphone or USB device via USB and views an image on the external device, apart from areas like lnk files and jump lists (and presumably certain registry entries) which will show a file name of the image opened, does windows create any sort of thumbnail on the PC's local drive of the image, or is the best you would ever get the date stamp and file name of the image opened, and not an actual thumbnail of the image itself. The filename in itself isn't of much use, but even a thumbnail of the image would be useful. I am just unsure where exactly on the drive that thumbnail may reside once opened.

Hi,

I am trying to find information or definitions of metadata fields in PDF.
Specifically I am trying to determine how the following field is created

http://ns.adobe.com/pdfx/1.3/            pdfx:SourceModified:D:20180806072738

Please see attached screenshot.  The highlighted orange areas match with the information in Document Properties.

The yellow fields are of interest.  Do these indicate (reliably) that modifications have been made and is the field for the Application used set in stone once the document is created?

I have tried some internet searches and I can t find anything to point me in the right direction.

The purpose is to determine if this document is genuinely from 2004 or recently modified

Many Thanks

I am interested in finding out if a lawyer has manipulated the will of my mother, who has since passed. He sent me a copy of it by email and wondering if there is any way to forensically inspect the document? I saw a previous answer that said you could go into "inspect" the document to detect changes? Please any info appreciated!

Hello,
1. I have an msg file which is digitally signed and not encrypted, I could see 2 attachments from the email one is .P7M and the other one is .P7S. Can this happen ? I mean it should be either a .P7m file or a .P7s file right?
2. Can .P7s file support encryption and digital sign both?
3. Can you explain in detail the difference between .P7m and .p7S files?

aside from the standard history sql lit db for chrome, and WebCacheV01.dat for IE history files, where else on a windows machine could give clues if a user has accessed a certain webmail service and logged in using a specific email account? I suspect either gmail or hotmail. Just want to rule out any other areas such evidence may reside apart from the obvious browser history locations.

Hi there,
Please can you help me? On my Android Samsung Galxy S6 are stored files under /userdata/data/com.microsoft.office.word/app-EmailAttachments.. So, I know what this files are but I don`t know how the names of the files are generated.
i.e. /app_EmailAttachmentseaa8ac15-baaf-4675-9f6a-9698e54f0108. This file name belongs to a pdf i have sent. What does the string "eaa8ac15-baaf-4675-9f6a-9698e54f0108" in the file name mean?
Thx