Created: Sunday, 27 January 2013
Updated: Saturday, 01 June 2024

Since March 2012, I work as a digital forensics examiner, I examine cases such as copyright infringements, data breaches, hacking (defacing, malware to steal bitcoins, cryptomalware, malware to steal sensitive data e.g. bank passwords), tax evasion, money laundering, web fraud and financial fraud. I have used commercial software including FTK, X-Ways, Nuix workstation, Magnet Axiom, Oxygen, UFED Physical Analyzer.

Moreover, I develop my own tools when there is a need. In addition, I have gained extensive experience with recovering RAID storage devices without having prior information about the configuration parameters. The file systems of DVR recorders is also another area that I worked. Regarding log analysis, I am able to work efficiently with large data sets consisting of millions of records. Finally, because of the numerous tax evasion cases I worked over the years, I have gained deep knowledge of Microsoft SQL storage internals.

Concerning my education, I studied Electrical and Computer Engineering at Democritus University of Thrace, Greece. My master thesis examined statistical properties of popular internet applications. I also carried out stressing tests in network interface cards and saturated links to find out distinct patterns using Fourier techniques.

Regarding programming, I have developed tools for parsing documented and undocumented data structures from raw sources, for instance, accessing directly the hard disk data. When there is a need, I use python to automate tedious tasks. Concerning, electronic fraud cases, I implemented scripts to gather open source data to help the investigators locate the offending records, for example analyzing and visualizing email headers.

Concerning web and Gui development, I use Flask (a python framework) as backend, and for the latter PyQT and GTK3+. In addition, I have developed software for xml transformation and pdf reports generation using xsl. Regarding backend storage, I used MySQL, MSSQL and Redis. I have worked in collaborative and individual software projects using git as a source code versioning system. I try to accommodate best practices in projects implementation such as writing idiomatic code, unit testing, DRY principle, continuous integration and deployment. Concerning cloud services, I am familiar with Google cloud platform where this site is actually hosted.

VirusTotal Hashwindowsntfsraid EnCase6 unallocated policy MD5 directory entry $DATA forensics ntfsfat32CV recovered fileCV security file systems ADS $MFTpassword $mft

Understanding $DATA attribute

The following scenario demonstrates a potentially confusing situation you might face as an investigator. Knowing extensively the NFTS internals...

Password policies - Password creation

Designing a password policy for applications facing the internet has always been a hot issue. Basically, the decision to enforce a set of...

Recovering a deleted file from FAT32

Assume you use a forensic software that has recovered file system metadata of a deleted jpeg file from a FAT32 formatted volume with a cluster...

Reconstructing a RAID 5 that holds an NTFS volume without knowing its configuration.

To save readers' precious time I would like to emphasize the fact that that this guide applies in raids containing an NTFS formatted...

Questions on File Systems and Windows Forensics.

Below you will find questions that test your knowledge on this subject. I wrote them while I read material mainly from books in file systems...

VirusTotal EnCase6 Hash Set

For the examiners who wish to locate malware in EnCase 6 based on virus signature, I have downloaded the latest VirusTotal database and...

Built with...

In March 2024, all backed and client libraries are updated, and the site moved to python3.12 rutime.

In April 2023, this site was...

© 2012 - 2024 Armen Arsakian updated atSaturday 01 June 2024Contact: contact at arsakian.com

-2730 . 4677