Software for Computer Forensics

Nero BF ( Proof Of Concept)

Nero BF is a Proof Of Concept (POC) method to determine the originating root directory and originating files metadata derived from the OS they were resident on, when using the Nero Burning ROM v6 software.

When Nero Express is used to write a data CD/DVD it invokes a method of caching the root directory and listing of the files to be burned in that process. When a CD has been imaged in E01 format and processed through EnCase, the values will be seen in the Unallocated Clusters at FO 4096. Make sure you copy out FO-0 to FO-4096 + Length of strings.

The data contains, the Nero Version, the CD Name, the burn date, and the root directory where the files
were located. There are several different variants used in the offsets for the embedded dates, and it has proved to be very difficult to provide an adequate nested (if) statement.

I have written an application to interpret an export (UC67.dat) from the UC of an acquired CD image which accompanies the download. You may be able to export similar UC binary files and process them with success. The SpinEdit is set at (12) which is the byte offset to the start of the 24 byte date section. If you process your files and see dates as either (1601) or (1899) etc.. then adjust the SpinEdit to (11) or (10) and process the file again. The file references relate to prohibited images, so be aware of your environment.


Windows 9x INFO Reader (Tested Windows 98 & 95)

MoTo - Random Password Generator

MoTo is a random password generator with an added function of creating a list of generated passwords.
The list can be exported as a CSV. Because it uses the 'random' function, recreating the password on the second occasion will create a completly different password.

MD5: D0F3B88FC07BC02F69E731E308EA0761

God Mode - Does what is says.

This is a very simple program to create a shortcut in Windows 7 and 8 to give access to the majority of functions within the Control Panel applets. Do NOT use on Vista!

You are viewing the text version of this site.

To view the full version please install the Adobe Flash Player and ensure your web browser has JavaScript enabled.

Need help? check the requirements page.

Get Flash Player