Tuesday, June 23, 2015

MetaDiver: What’s coming in Alpha 3

The next alpha release of MetaDiver is coming together nicely.

Lots of new features in the works. Major new features being added. I’m still coding, plus better testing on various Windows environments before I put it out there for you to break further. I plan to post open source projects relied upon to github in accordance with individual license requirements and will be acknowledged and linked from the app. Some features will eventually be migrated to a paid version once I have time to do all of that.  For now though enjoy the free candy.

New features coming with v2.0.2 Alpha 3:

  • Email support – read headers (MSG, PST, EML) – including extended mapi goodies
  • Email – export to file (MSG or EML)
  • Windows shortcut parsing LNK and Jumplists
  • Legacy office doc’s ’97-2003 support added
  • Archive file enumeration (zip, 7z, arj, rar, gzip, bzip2, iso, vhd, vhdx, vmdk, cab)
  • Column width’s are remembered using sqlite settings database
  • Review form: panel’s are now sizeable
  • Transition to SQLite backend
  • Improvements to error handling when file permission denied (Users like to select the entire partition, click and forget…)
  • OpenXml document mapping bug fixes
  • DPI scaling improvements
  • Datagrid large dataset support for reviewing large amounts of information!
  • Various bug fixes and UI improvements
  • Other stuff I have forgotten


If you have thoughts about MetaDiver you think would add value then please let me know! You can contact me on Twitter via direct message or just comment on this post.

by Dave via EasyMetaData.com

Github: My open source projects are being added

Github account created with open source projects being added.



by Dave via EasyMetaData.com

Friday, June 5, 2015

MetaDiver 2.0 Alpha2 released #dfir #ediscovery

The MetaDiver 2.0 Alpha2 has been released and available for download.


  • Resolved crash on Windows Server 2008 due to VisualBasic PowerPack not installed with .Net on servers.
  • Various minor bug fixes and UI changes.

by Dave via EasyMetaData.com

Wednesday, May 20, 2015

Improving Windows External Device Investigations [updated] slides posted from #CEICCONF #DFIR

My slides for the talk I gave at CEIC 2015 on Improving Windows External Device Investigations have been uploaded. You can download them below.

Download: Slides for Improving Windows External Device Investigations

by Dave via EasyMetaData.com

Friday, May 15, 2015

Excited to be speaking on Improving Windows External Device Investigations at #CEICCONF next week #DFIR

Excited to be speaking on Improving Windows External Device Investigations at #CEICCONF next week. It’s almost time to talk digital forensics!

by Dave via EasyMetaData.com

Wednesday, March 4, 2015

MetaDiver 2.0 alpha – available for download!

MetaDiver 2.0 alpha is now available for download!

This is the first build after a major rewrite. I think you will like what you see but be sure to provide feedback on bugs so I can squash them!

Download the build: http://ift.tt/1BFPceC

Review changelog: http://ift.tt/1Ekt0H6

I hope you enjoy the MetaDiver! If you have feedback, positive comments, requests please leave them on the MetaDiver forum. Thanks!

by Dave via EasyMetaData.com

Wednesday, February 25, 2015

Disk Access in Python with libtsk (by HECF Blog)

If you have ever been looking for a way to access your computer disk without having to deal with user permissions and constrains the operating system enforces then this is the series to read.

David Cowen is working on an excellent series called “Automating DFIR” (Digital Forensics Incident Response) on his blog “Hacking Exposed Computer Forensics Blog”. The guide takes you step by step to from installing the dependencies to writing the Python code to access partitions and forensic images using an open source library called libtsk (The Sleuth Kit library). The libtsk library is cross platform meaning you an write code to access Windows, Linux and Mac systems using a fairly intuitive and consistent syntax. You won’t have any limitations on accessing special files as well. The big drawback to using this library has been the lack of documentation. With his blog series the is trying to get the word out with some practical examples for those in the community that are not yet aware or just don’t know where to start! My hope is that better information helps to expand the user base beyond just Forensics and Incident response because it can be applied to other industries in tech.

You can get started reading Part 1 of a 40 part series at the link below:



by Dave via EasyMetaData.com