{"id":20456010,"url":"https://github.com/vm32/full-disk-image","last_synced_at":"2025-05-08T21:31:42.125Z","repository":{"id":199233555,"uuid":"702423129","full_name":"vm32/Full-Disk-Image","owner":"vm32","description":"Digital forensics image that was prepared to cover a full Windows Forensics ","archived":false,"fork":false,"pushed_at":"2023-12-26T18:19:30.000Z","size":24,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2023-12-26T20:33:25.850Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/vm32.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2023-10-09T09:38:10.000Z","updated_at":"2023-12-26T20:33:28.088Z","dependencies_parsed_at":null,"dependency_job_id":"0a315e93-00bc-416b-9d6b-b1471ef7f9ba","html_url":"https://github.com/vm32/Full-Disk-Image","commit_stats":null,"previous_names":["vm32/full-disk-image"],"tags_count":0,"template":null,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vm32%2FFull-Disk-Image","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vm32%2FFull-Disk-Image/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vm32%2FFull-Disk-Image/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vm32%2FFull-Disk-Image/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vm32","download_url":"https://codeload.github.com/vm32/Full-Disk-Image/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224771427,"owners_count":17367143,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-15T11:20:47.651Z","updated_at":"2024-11-15T11:20:48.236Z","avatar_url":"https://github.com/vm32.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Full-Disk-Image Repository\n\n## Introduction\nWelcome to the Full-Disk-Image repository, an essential hub for advanced Windows Forensics analysis. This repository offers a detailed digital forensics image, specifically crafted for deep analysis of Windows operating systems.\n\n## Image Overview\n- **File Size:** 6.4GB – A comprehensive and detailed forensics image for extensive analysis.\n- **Download:** Accessible through [Download Full-Disk-Image](https://archive.org/details/4orensics.case-2.7z).\n\n## Repository Contents\n\n### 1. Data Recovery Techniques\n- Advanced methodologies for File Restoration and Tailored Recovery.\n- Effective strategies for Keyword Identification in forensics.\n\n### 2. NTFS Forensic Analysis\n- Thorough Analysis of NTFS Structures for forensic purposes.\n\n### 3. Advanced Windows Registry Investigations\n- Detailed exploration of SYSTEM, SOFTWARE, and SAM Hives.\n- Exhaustive analysis of NTUSER.DAT and USRCLASS.DAT Files.\n\n### 4. Windows-specific File Exploration\n- Analysis of LNK Files, Jump Lists, Libraries, and additional Windows-specific files.\n\n### 5. Analysis of Windows System Components\n- Detailed Examination of Application Compatibility Cache (ShimCache).\n- Investigations into Windows Search Mechanisms and Thumbnail Cache.\n- Critical analysis of Prefetch Files and Recycle Bin Contents.\n\n### 6. Peripheral Device Forensics\n- Techniques for in-depth USB Device Investigation.\n\n### 7. System Event Log Examination\n- Detailed analysis of Windows system event logs.\n\n### 8. Email Analysis Techniques\n- Investigative techniques for Web-based and Outlook Emails.\n\n### 9. Browser Forensics\n- Forensic analysis techniques for Internet Explorer and Google Chrome.\n\n### 10. Communication App Forensics\n- Detailed Analysis of Skype Data.\n\n## Key File Paths and Details\n\nThe following table outlines the paths for crucial files within the Windows system:\n\n| File Name    | Full Path                                                                                      |\n|--------------|------------------------------------------------------------------------------------------------|\n| SYSTEM       | `C:\\Windows\\System32\\config\\SYSTEM`                                                            |\n| SECURITY     | `C:\\Windows\\System32\\config\\SECURITY`                                                          |\n| SOFTWARE     | `C:\\Windows\\System32\\config\\SOFTWARE`                                                          |\n| SAM          | `C:\\Windows\\System32\\config\\SAM`                                                               |\n| NTUSER.DAT   | `C:\\Users\\[Username]\\NTUSER.DAT`                                                               |\n| USRCLASS.DAT | `C:\\Users\\[Username]\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat`                             |\n\n## Required Tools\nTo effectively utilize this repository, users should have the following tools and software:\n\n- **Forensic Analysis Software:** EnCase, Autopsy, or similar.\n- **File Viewing Software:** Tools like WinHex or HxD for viewing hex files.\n- **Registry Analysis Tools:** Registry Explorer or similar for deep diving into Windows registry files.\n- **Data Recovery Software:** For restoring deleted files, software like Recuva or TestDisk can be useful.\n- **Email Analysis Tools:** Software like MailXaminer or similar for analyzing email data.\n- **Browser Forensics Tools:** Tools for analyzing browser artifacts, such as BrowserHistoryView.\n- **Communication App Analysis Tools:** Software specific to communication applications like Skype.\n- **Virtual Machine Software:** VirtualBox or VMware to safely analyze forensic images.\n- **Internet Connection:** For downloading tools, updates, and accessing online resources.\n\nEnsure that your system meets the requirements to run these tools effectively.\n\n\n\n![Digital Forensics Image Preview](https://github.com/vm32/Full-Disk-Image/assets/21219411/fa471e97-959c-4ed5-8bcb-dd7584d4b70a)\n\n---\n\nFor further assistance or additional information, please feel free to open an issue in this repository. We are here to support your forensic analysis needs.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvm32%2Ffull-disk-image","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvm32%2Ffull-disk-image","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvm32%2Ffull-disk-image/lists"}