This category contains 9 posts

Samsung Galaxy Android 4.3 Jelly Bean acquisition using Joint Test Action Group (JTAG)

There have been some issues during data acquisitions with Samsung Galaxy having the Android 4.3, Jelly Bean as the operating system even if using the recommended steps for Logical File Dump, File System, or Physical Acquisitions for Cellebrite UFED Touch, Classic, and UFED4PC. All were unable to connect even if the mobile device was in … Continue reading

Extracting data from damaged mobile devices

For the last few years we have successfully extracted data from various mobile device, such as cell phones, smartphones, tablets, etc. Among devices to be examined, we came across defective mobile devices (damaged mechanically, by fire or due to being stored in harsh or hostile environmental conditions) from which digital evidence should also be extracted. … Continue reading

Why SSD Drives Destroy Court Evidence, and What Can Be Done About It

by Yuri Gubanov, Oleg Afonin Belkasoft Ltd. Abstract Solid State drives (SSD) introduced dramatic changes to the principles of computer forensics. Forensic acquisition of computers equipped with SSD storage is very different of how we used to acquire PCs using traditional magnetic media. Instead of predictable and highly possible recovery of information the … Continue reading

AccessData FTK 4.0: initial impressions

Introduction In this post, I will provide some initial impressions and findings.  I do not  endeavor to write a white paper, or to employ an industry standard, scientific methodology to evaluating the tool (if for no other reason than because I am constrained by time). PostgreSQL First, I note that it appears that no one … Continue reading

Forensic Imaging of Hard Disk Drives- What we thought we knew

By Todd G. Shipley and Bryan Door (A complete copy of this white paper and its figures and diagrams can be found at WHAT WE HAVE BEEN TAUGHT Imaging of hard drives has been the main stay of the “Science” part of digital forensics for many years.  It has been articulated by many, including us, … Continue reading

Forensic Toolkit v3 Tips and Tricks – On a budget

While researching FTK 3X and Oracle, you just recently discovered that the best configuration of your Oracle database would be on a solid state drive (SSD). Solid state drives give the maximum level of performance to Oracle databases and in turn speed up your FTK 3X responsiveness. You are a conscientious analyst and decide to try … Continue reading

The End of Digital Forensics?

by Craig Ball When Microsoft introduced its Encrypting File System (EFS) in Windows 2000, the Cassandras of computer forensics peppered the listserves with predictions that the days of digital forensics were numbered. Ten years on and hundreds of systems acquired, I’ve yet to handle a case stymied by encryption—and 90% of my acquisitions were corporate … Continue reading

Flash drives and acquisition

First published June 2010 by Dominik Weber, Senior Software Architect for Guidance Software, Inc. “Take a look at this”. It started simply with that.A co-worker was looking into some strange issue with an acquisition of a flash drive. It seemed that the acquisition hash changed every time the drive was acquired. The write switch was … Continue reading

Build Your Own Digital Evidence Collection Kit

First published June 2009 by David Kovar, NetCerto, Inc. Overview Collecting evidence accurately is clearly a foundational element for any ediscovery or forensics analysis project. The equipment required is important, but so are the supporting items – office supplies, forms, and documentation tools. And if you cannot find the items, or get them to the … Continue reading


Get every new post delivered to your Inbox.

Join 648 other followers