archives

Methodology

This category contains 82 posts

Can You Get That License Plate?

We find ourselves analyzing new surveillance videos almost every day, and in most cases we can either solve the problem very quickly or understand (even quicker) that there is no information to recover in the video. In special cases though, where something very specific and strange happened, or the problem is very complex, it can take … Continue reading

How To Decrypt WeChat EnMicroMsg.db Database?

WeChat is a smartphone application where users can chat with their friends, share pictures, videos and audio chats. Users can also make free video calls and voice calls with their friends as long as they have Internet connection. Recently, we received a request from the law enforcement agency to extract WeChat chat messages from an Android mobile … Continue reading

Why Offender Profiling is Changing Thanks to Mobile Forensics and Increasingly ‘Social’ Criminal Activity

by Yuval Ben-Moshe, senior director of forensic technologies at Cellebrite Mobile forensics has changed the methodology when it comes to offender profiling.  The frequent use of mobile devices has provided investigators with another source for profiling criminal suspects, as well as an insight into their habits and personalities. This is not just because of the … Continue reading

WeChat Forensics

Rapid growth of the usage of OS X has inspired forensic researchers to analyze devices such as the iPad, iPhone and Mac deeply.  Therefore, OS X forensics, starting from Jonathan Zdziarski in 2008, became a very hot topic.  However, most of the research and trainings are focused on file system analysis.  Although there are some … Continue reading

DFRWS Europe 2014 Annual Conference – Recap

This article is a recap of some of the main highlights of the Digital Forensics Research Workshop (DFRWS) held in Amsterdam from the 7th – 9th of May; over the next few weeks we will also be bringing you a number of interviews and research updates from the conference. Conference Highlights DFRWS brought together academics … Continue reading

Forensics Europe Expo 2014 – Recap

Forensic Focus attended the Forensics Europe Expo at Kensington Olympia on the 29th & 30th of April. This article is a recap of some of the main highlights and over the next few weeks we will also be bringing you a number of interviews recorded at the expo. The Digital Forensics part of the Expo … Continue reading

Samsung Galaxy Android 4.3 Jelly Bean acquisition using Joint Test Action Group (JTAG)

There have been some issues during data acquisitions with Samsung Galaxy having the Android 4.3, Jelly Bean as the operating system even if using the recommended steps for Logical File Dump, File System, or Physical Acquisitions for Cellebrite UFED Touch, Classic, and UFED4PC. All were unable to connect even if the mobile device was in … Continue reading

Detecting Forged (Altered) Images

Are digital images submitted as court evidence genuine or have the pictures been altered or modified? We developed a range of algorithms performing automated authenticity analysis of JPEG images, and implemented them into a commercially available forensic tool. The tool produces a concise estimate of the image’s authenticity, and clearly displays the probability of the … Continue reading

Catching the ghost: how to discover ephemeral evidence with Live RAM analysis

Oleg Afonin and Yuri Gubanov, contact@belkasoft.com © Belkasoft Research, 2013 Belkador Dali. “Losing volatile Evidence”. All rights reserved.  Ephemeral Evidence Until very recently, it was a standard practice for European law enforcement agencies to approach running computers with a “pull-the-plug” attitude without recognizing the amount of evidence lost with the content of the computer’s volatile … Continue reading

KS – an open source bash script for indexing data

KS – an open source bash script for indexing data ABSTRACT:  This is a keywords searching tool working on the allocated, unallocated data and the slackspace, using an indexer software and a database storage . Often during a computer forensics analysis we need to have all the keywords indexed into a database for making many … Continue reading

Categorization of embedded system forensic collection methodologies

There are many classifications as far as forensic data collection is concerned, but much of it is still a de facto and Wild West when it comes to naming convention. This is especially true in the embedded system area. When I refer to embedded systems, I think of specialized devices, sometimes in a larger system … Continue reading

What are ‘gdocs’? Google Drive Data – part 2

Following up from the recent post on Google Drive, designed to give a high level introduction to the product, this post will delve a bit deeper into the technical issues relating to the data stored and also the best approach on how to access it. The artefacts discussed in this post are based on Windows … Continue reading

Why SSD Drives Destroy Court Evidence, and What Can Be Done About It

by Yuri Gubanov yug@belkasoft.com, Oleg Afonin aoleg@voicecallcentral.com Belkasoft Ltd. http://belkasoft.com Abstract Solid State drives (SSD) introduced dramatic changes to the principles of computer forensics. Forensic acquisition of computers equipped with SSD storage is very different of how we used to acquire PCs using traditional magnetic media. Instead of predictable and highly possible recovery of information the … Continue reading

Introduction to Penetration Testing – Part 3a – Active Reconnaissance

Apologies in advance, this is a bit of a connective blog entry – this is a big topic, and it needs some scene setting, basic understanding and several weeks worth to get the most out of it. We live in a connected world now – my other half was showing me a washing machine with … Continue reading

Retrieving Digital Evidence: Methods, Techniques and Issues

by Yuri Gubanov yug@belkasoft.com Belkasoft Ltd. http://belkasoft.com Abstract This article describes the various types of digital forensic evidence available on users’ PC and laptop computers, and discusses methods of retrieving such evidence. Download article in PDF format Introduction A recent research conducted by Berkeley scientists concluded that up to 93% of all information never leaves the digital domain. This … Continue reading

Follow

Get every new post delivered to your Inbox.

Join 692 other followers