Research

Geo-tagging & Photo Tracking On iOS

Posted by Eugene ⋅ May 6, 2013 ⋅ 9 Comments

As you may already know, Apple has always been criticized for using their extremely popular devices to track users and use this information to expand their own databases. This tutorial assumes that you have already jailbroken your device and you know how to navigate your way through iOS menus, if you don’t then check out our other articles … Continue reading »

KS – an open source bash script for indexing data

Posted by nannib ⋅ April 23, 2013 ⋅ 2 Comments

KS – an open source bash script for indexing data ABSTRACT: This is a keywords searching tool working on the allocated, unallocated data and the slackspace, using an indexer software and a database storage . Often during a computer forensics analysis we need to have all the keywords indexed into a database for making many … Continue reading »

Categorization of embedded system forensic collection methodologies

Posted by tapolyai ⋅ April 7, 2013 ⋅ Leave a Comment

There are many classifications as far as forensic data collection is concerned, but much of it is still a de facto and Wild West when it comes to naming convention. This is especially true in the embedded system area. When I refer to embedded systems, I think of specialized devices, sometimes in a larger system … Continue reading »

What are ‘gdocs’? Google Drive Data

Posted by scforensics ⋅ January 28, 2013 ⋅ 3 Comments

As “the Cloud” (a varied mix of internet based services ranging from web-based email accounts, on-line storage and services that synchronise data across multiple computers) becomes more relevant and the dominance of the PC or tablet as the exclusive “home” for data reduces, the days when simply taking a snapshot of a computer to capture … Continue reading »

Why SSD Drives Destroy Court Evidence, and What Can Be Done About It

Posted by belkasoft ⋅ October 23, 2012 ⋅ 9 Comments

by Yuri Gubanov yug@belkasoft.com, Oleg Afonin aoleg@voicecallcentral.com Belkasoft Ltd. http://belkasoft.com Abstract Solid State drives (SSD) introduced dramatic changes to the principles of computer forensics. Forensic acquisition of computers equipped with SSD storage is very different of how we used to acquire PCs using traditional magnetic media. Instead of predictable and highly possible recovery of information the … Continue reading »

The Role of Cyber Terrorism in the Future

Posted by Michael Chance ⋅ June 1, 2012 ⋅ 1 Comment

By Michael Chance University of New Haven M.S. National Security ABSTRACT Since the events of September 11, 2001 terrorism has been an issue at the forefront of National Security. This paper will explore the more specific threat of cyberterrorism that exists and why we are in danger, examine incidents of cyberterrorism and our response, and … Continue reading »

Mobile Phone Forensic Challenges

Posted by Oxygen Software ⋅ May 17, 2012 ⋅ 2 Comments

Introduction A great number of the mobile phones used worldwide every second require special knowledge and skills from forensic experts. More often it is not enough to be an experienced expert in computer forensics to understand all the peculiarities and difficulties of the mobile forensics. This article describes technical problems encountered by specialists in mobile … Continue reading »

689 Published Cases Involving Social Media Evidence (with full case listing)

Posted by John Patzakis ⋅ April 16, 2012 ⋅ 2 Comments

The torrent of social media evidence continues to grow. In November 2011 we, at X1 Discovery, searched online legal databases of state and federal court decisions across the United States to identify the number of cases from 2010 and through November 2011 where evidence from social networking sites played a significant role. As we mentioned … Continue reading »

Firefox Cache Format and Extraction

Posted by John Ritchie ⋅ March 9, 2012 ⋅ 4 Comments

Introduction In the forensic lab where I work, we frequently investigate malware-infected workstations. As our user population started shifting from Internet Explorer to Firefox, we observed that one of our favorite forensic tools, Kristinn Gudjonsson’s log2timeline, wasn’t able to provide as much data for Firefox as it was for IE. The missing component was cache … Continue reading »

iPhone Tracking – from a forensic point of view

Posted by 4rensiker ⋅ November 20, 2011 ⋅ 14 Comments

- Introduction – iPhoneTracking is sexy!!! Every mobile forensic suite, at least the ones dealing with iPhones, are providing it proudly. iPhoneTracking also has been a hot topic in the media all around the globe. People stated, that there is a way to display every step of an iPhone user ever since the device got … Continue reading »

Android Forensics Study of Password and Pattern Lock Protection

Posted by Oxygen Software ⋅ November 18, 2011 ⋅ 14 Comments

Let’s see what Pattern Lock is, how to access, determine or even get rid of it? We’ll also speak about Password Lock Protection and find out what it has in common with Pattern Lock. And finally we’ll try to understand how these locks are related to forensic investigation process. What is Pattern Lock? Generally pattern lock … Continue reading »

An in-depth analysis of the cold boot attack: Can it be used for sound forensic memory acquisition?

Posted by forensicsrichard ⋅ August 21, 2011 ⋅ Leave a Comment

Abstract The purpose of this technical memorandum is to examine the technical characteristics behind the cold boot attack technique and to understand when and how this technique should be applied to the field of computer forensic investigations. Upon thorough examination of the technique, the authors highlight its advantages, drawbacks, applicability and appropriateness for use in … Continue reading »

Web History Visualisation for Forensic Investigations

Posted by forensicfocus ⋅ July 26, 2011 ⋅ 1 Comment

Web History Visualisation for Forensic Investigations Sarah Lowman (1) and Ian Ferguson (2) (1) – sarah@lowmanio.co.uk (2) – University of Abertay I.Ferguson@abertay.ac.uk Abstract. Current tools for analysing web history often produce large amounts of data. This data is usually presented in a tabular format, which makes it difficult for forensic investigators to spot patterns and … Continue reading »

Standard Units in Digital Forensics

Posted by forensicfocus ⋅ July 23, 2011 ⋅ Leave a Comment

by Dr Chris Hargreaves Lecturer at the Centre for Forensic Computing at Cranfield University in Shrivenham, UK. One of the earliest lectures in the MIT Openware programme in Physics begins with the lecture “Units and Dimensional Analysis”. Units of measurement are critical to science, so much so that there is a standard that defines science’s … Continue reading »

The Grid for Crime Prevention (G4CP) in Wales