archives

Research

This category contains 36 posts

Acquiring Windows PCs

by Oleg Afonin, Danil Nikolaev and Yuri Gubanov In our previous article, we talked about acquiring tablets running Windows 8 and 8.1. In this publication, we will talk about the acquisition of Windows computers – desktops and laptops. This class of devices has their own share of surprises when it comes to acquisition. The obvious … Continue reading

Capturing RAM Dumps and Imaging eMMC Storage on Windows Tablets

Oleg Afonin, Danil Nikolaev, Yuri Gubanov © Belkasoft Research 2015 While Windows desktops and laptops are relatively easy to acquire, the same cannot be said about portable Windows devices such as tablets and convertibles (devices with detachable keyboards). Having no FireWire ports and supplied with a limited set of external ports, these devices make attaching … Continue reading

TDFCon 2015 – Middlesbrough 15th May

On May 15th 2015, Forensic Focus will be attending TDFCon – the Teesside Digital Forensics Conference – at Teesside University, Middlesbrough. If there are any topics you would like us to cover in-depth, or if there are any speakers you think we should interview, please let us know in the comments. TDFCon has been running … Continue reading

DFRWS Europe 2015 Annual Conference – Recap

This article is a recap of some of the main highlights of the Digital Forensics Research Workshop (DFRWS) held in Dublin from the 23rd – 26th of March 2015. Over the next few weeks Forensic Focus will also be bringing you a number of interviews and research updates from the conference. Conference Highlights DFRWS began … Continue reading

SQLite Database Forensics – ‘Sleep Cycle’ Case Study

Recently one of our users, Dan Saunders, was kind enough to write up his experience using the Forensic Browser for SQLite on a database that was not supported by any other forensics tools – this is his story: SQLite databases are becoming more and more of a focus point for the present day Digital Forensics … Continue reading

Investigation and Intelligence Framework (IIF) – an evidence extraction model for investigation

Authors Alan, Kelvin, Anthony and Zetta (VXRL) Disclaimer This framework was first introduced in DFRWS EU 2014 (the first DFRWS conference in Europe) at Amsterdam held in May and later presented at Hacks in Taiwan 2014 (HITCON) which is a high-tech security conference in Taiwan held in August. Abstract Digital forensics investigators are facing new challenges every … Continue reading

Extracting data from dump of mobile devices running Android operating system

In this article, we are going to tell about opportunities of utilizing programs that are used on a day-to-day basis in computer forensics and examination for analysis of mobile devices running Android operating system. Introduction Most of the mobile devices in the world run Android operating system. It is no wonder that such devices are … Continue reading

Development of Digital Forensic Tools on Mobile Device, a Potential Area to Consider?

Case Study: MobileTriage – JPEG Metadata Triage – Automated Extraction of Information using Mobile Forensic Tools Background Mobile devices are now becoming part of our daily lives. These devices can now perform tasks or activities that were normally being processed in a normal desktop or laptop computers. Attachment to such devices is immensely increasing in … Continue reading

WeChat Forensics

Rapid growth of the usage of OS X has inspired forensic researchers to analyze devices such as the iPad, iPhone and Mac deeply.  Therefore, OS X forensics, starting from Jonathan Zdziarski in 2008, became a very hot topic.  However, most of the research and trainings are focused on file system analysis.  Although there are some … Continue reading

DFRWS Europe 2014 Annual Conference – Recap

This article is a recap of some of the main highlights of the Digital Forensics Research Workshop (DFRWS) held in Amsterdam from the 7th – 9th of May; over the next few weeks we will also be bringing you a number of interviews and research updates from the conference. Conference Highlights DFRWS brought together academics … Continue reading

Windows Logon Password – Get Windows Logon Password using Wdigest in Memory Dump

1. Introduction The former way to acquire the Windows logon password of user is to get a NTML hash value through the Windows logon session and registry then crack it. [Figure 1] shows the well-known ways to get a NTML hash value of user’s windows logon password. For more information, take a look at “Dump … Continue reading

Samsung Galaxy Android 4.3 Jelly Bean acquisition using Joint Test Action Group (JTAG)

There have been some issues during data acquisitions with Samsung Galaxy having the Android 4.3, Jelly Bean as the operating system even if using the recommended steps for Logical File Dump, File System, or Physical Acquisitions for Cellebrite UFED Touch, Classic, and UFED4PC. All were unable to connect even if the mobile device was in … Continue reading

Forensic analysis of the ESE database in Internet Explorer 10

———————————————————— Due to me not being able to reformat our thesis in a good way I strongly suggest you look at the whole paper in PDF format here: http://hh.diva-portal.org/smash/get/diva2:635743/FULLTEXT02.pdf /Philip ———————————————————— Forensic analysis of the ESE database in Internet Explorer 10 Bachelor thesis June 2013 Authors: Bonnie Malmström & Philip Teveldal Bachelor thesis School of Information … Continue reading

OS X Mavericks Metadata

Apple recently released the newest version of their desktop operating system, Mac OS X Mavericks.  As a free update to all supported Apple desktops and laptops, a wide adoption rate was expected, and in fact it was estimated that within the first 24 hours, 5.5% of all Mac laptops and desktops were already running the … Continue reading

Analysis Of iOS Notes App

As part of my third year studying Digital Security,Forensics & Ethical Hacking at GCU, I took part in a group research project to study the artifacts created when using the notes app on an iPad Mini, and if they could be used as evidence. This post is really just going to explain what I did, … Continue reading

Follow

Get every new post delivered to your Inbox.

Join 773 other followers