DFIR & Linux security researcher. M.Tech Cyber Security at NFSU. I work on digital forensics, memory & filesystem forensics, malware analysis, and Linux internals. I write here about what I’m investigating and building.
A court-admissible FAT32 investigation, byte by byte
A FAT32 USB image examined the way a court requires — no GUI shortcuts, every claim tied to raw bytes: recovering a deleted JPEG, and catching four files wearing the wrong extension.
The file we couldn't recover: an ext3 deleted-file investigation
A user created five files and deleted some. Recovering them from an ext3 image meant Trash artifacts, orphan inodes full of GNOME metadata — and proving why one file was gone for good.
Hello, and what this site is
A short note on what I’ll be writing about here.