Reconstructing a RAID 5 that holds an NTFS volume without knowing its configuration.

Created: Tuesday, 03 July 2018

To save readers' precious time I would like to emphasize the fact that that this guide applies in raids containing an NTFS formatted volume.

Firstly, keep in mind that this guide serves as a proof of concept, hopefully it will prove...

Questions on File Systems and Windows Forensics.

Created: Thursday, 09 March 2017

Below you will find questions that test your knowledge on this subject. I wrote them while I read material mainly from books in file systems and Windows Forensics.

The questions are not meant to be exhaustive and they might even...

VirusTotal EnCase6 Hash Set

Created: Monday, 15 December 2014

For the examiners who wish to locate malware in EnCase 6 based on virus signature, I have downloaded the latest VirusTotal database and compiled to an EnCase 6 Hash Set. Note that hashes are MD5 you need to hash your files first. ...


Created: Sunday, 27 January 2013

Since March 2012, I work as a digital forensics examiner, so far I have examined more than 170 cases including copyright infringements (aka web scraping), data breaches, hacking (defacing, malware to steal bitcoins), tax evasion, money...

Built with...

Created: Saturday, 05 January 2013

This site was built using the following technologies:

  • twitter bootstrap as html template, icons by fonts-awesome
  • site fonts served by google-fonts
  • server side code, flask (a python...

© 2012 - 2018 Armen Arsakian updated atFriday 20 July 2018Contact: contact at

-411 . 2358:v0.7