Data Recovery

This category contains 33 posts

SQLite Database Deleted Records Carving & Forensics

SQLite is a compact database engine highly integrated with embedded devices and locally used applications in various Operating Systems. Recent years have seen extensive usage of portable devices like tablets, smartphones, etc. and this has given rise to adaption of the SQLite application. It also amplifies the chances for surfacing digital evidence using forensic analysis … Continue reading

Countering Anti-Forensic Efforts – Part 1

by Oleg Afonin, Danil Nikolaev & Yuri Gubanov © Belkasoft Research 2015 Computer forensic techniques allow investigators to collect evidence from various digital devices. Tools and techniques exist allowing discovery of evidence that is difficult to get, including destroyed, locked, or obfuscated data. At the same time, criminals routinely make attempts to counter forensic efforts … Continue reading

Evidence Acquisition and Analysis from iCloud

by Mattia Epifani & Pasquale Stirparo iCloud iCloud is a free cloud storage and cloud computing service designed by Apple to replace MobileMe. The service allows users to store data (music, pictures, videos, and applications) on remote servers and share them on devices with iOS 5 or later operating systems, on Apple computers running OS … Continue reading

Data Recovery As A Medium For Email Forensics

Data Recovery is the technique adopted for salvaging data from an inaccessible state which could have arrived due to deletion, corruption, or failure of the storage medium. On an Operating System, the data is saved in the form of “File” (be it documents, music, images, applications, settings etc.) and thus it is normally salvaged from … Continue reading

Carving out the Difference between Computer Forensics and E-Discovery

Over the past few years, it has been noticed that computer forensics and E-discovery have been a buzz word in the computer security arena and in legal societies. Although both of them refer to the process of handling digital data but is there any difference between them? To clear the confusion further we need to … Continue reading

Extracting data from dump of mobile devices running Android operating system

In this article, we are going to tell about opportunities of utilizing programs that are used on a day-to-day basis in computer forensics and examination for analysis of mobile devices running Android operating system. Introduction Most of the mobile devices in the world run Android operating system. It is no wonder that such devices are … Continue reading

Samsung Galaxy Android 4.3 Jelly Bean acquisition using Joint Test Action Group (JTAG)

There have been some issues during data acquisitions with Samsung Galaxy having the Android 4.3, Jelly Bean as the operating system even if using the recommended steps for Logical File Dump, File System, or Physical Acquisitions for Cellebrite UFED Touch, Classic, and UFED4PC. All were unable to connect even if the mobile device was in … Continue reading

Webmail Forensics – Digging deeper into Browsers and Mobile Applications

Almost everyone who uses the Internet has a web-based email account. Many people have two or more, so the likelihood of a forensic investigator coming across a case involving webmail communication is very high. While law enforcement examiners can ask service providers for the email contents through a court order, corporate and non-government examiners have … Continue reading

Forensic analysis of the ESE database in Internet Explorer 10

———————————————————— Due to me not being able to reformat our thesis in a good way I strongly suggest you look at the whole paper in PDF format here: /Philip ———————————————————— Forensic analysis of the ESE database in Internet Explorer 10 Bachelor thesis June 2013 Authors: Bonnie Malmström & Philip Teveldal Bachelor thesis School of Information … Continue reading

WhatsApp – discovering timestamps of deleted messages

ABSTRACT:  This is a procedure for locating and parsing deleted messages timestamps in Android WhatsApp database. I did a little reverse engineering, using the hexadecimal tool of Physical Analyzer (UFED by Cellebrite), of the database of the popular messaging app WhatsApp for Android, because P.A. 3.8.6 does not display deleted messages WhatsApp, at least on … Continue reading

Extracting Evidence from Destroyed Skype Logs and Cleared SQLite Databases

Summary This article describes common approaches used for the recovery of cleared Skype histories and deleted chat logs, and discusses methods and techniques for recovering evidence from cleared and damaged SQLite databases. Introduction It is difficult to underestimate popularity of Skype. Hundreds of millions of people use Skype every day, generating a lot of potential … Continue reading

Bitcoin Forensics Part II: The Secret Web Strikes Back

In last week’s post, we talked about Bitcoin, Tor and some of the hidden websites only accessible via Tor, such as Silk Road, which was shut down by the FBI on October 1st. Well, just over a month later and Silk Road is back online: You can reach the new site at this link (again, … Continue reading

Bitcoin Forensics – A Journey into the Dark Web

There has been a lot of buzz around Tor, Bitcoin, and the so-called “dark web” (or “deep web”) since the FBI shut down the underground website “Silk Road” on Oct 1st. As many of you already know, Tor is a network of encrypted, virtual tunnels that allows people to use the internet anonymously, hiding their … Continue reading

Analysis Of iOS Notes App

As part of my third year studying Digital Security,Forensics & Ethical Hacking at GCU, I took part in a group research project to study the artifacts created when using the notes app on an iPad Mini, and if they could be used as evidence. This post is really just going to explain what I did, … Continue reading

Geo-tag Forensics

Introduction A geo-tagged image is an image which holds geographical identification metadata. This data consists of latitude and longitude co-ordinates (sometimes altitude also). Though there are some extremely powerful tools available for extracting geo-tag information from geo-tagged images but the insight knowledge of how a tool actually works and gets the data for us is … Continue reading


Get every new post delivered to your Inbox.

Join 837 other followers