1 reply to this topic

[Segun]

Hey all,

I'm in my final year of doing Computer Forensics at Uni. We have been told to do a Final Year, Individual Project. The Project should have a end product.

I have chosen to do a product which will be a software application. This application will find artefacts, which have been left by Yahoo, Facebook, MySpace, Twitter. For example, protocol messages and other scripts that may be of forensic use.

We studied Programming in the first year which was C+, but not in the 2nd or final year. I am wanting to create this application in C# and I'm doing the tutorials to familiarise myself with it.

I want my application to scan the pagefile.sys and hiberfil.sys and bring back the data/artefacts and import it to a folder where it can be viewed. I also want the application to scan memory dumps and import the data which is relevant to a folder to be viewed. Maybe in a .txt file?

Can someone point me in the right direction as I'm relatively new to this.

Thanks to all replies.

[Matt Ellen]

I did a quick google and came up with this page on pagefile.sys: Pagefile.sys - Forensics Wiki

Basically it says you can't read the file like the regular file system. This means that C#'s regular file reading routines won't be of any use to you. There probably will be ways to get at the contents, but I imagine it would be easier to just go native - e.g. write you programme in c or c++ - so that you have automatic access to the harder to use, closer to the hardware functionality of such languages.