archives

scar

Scar de Courcier is an assistant editor at Forensic Focus.
scar has written 145 posts for Forensic Focus – Articles

Facebook’s Privacy Manifesto: What Does It Mean For Digital Forensic Investigations?

by Christa Miller, Forensic Focus Mark Zuckerberg’s new “privacy manifesto” for Facebook marks not just a pivot in terms of how the social network shapes modern-day communication. It also marks what The Verge’s Casey Newton called “the end of the News Feed era.”  Zuckerberg’s opening statement draws a distinction between the “digital equivalent of a … Continue reading

How To Image From A Network Repository Using Logicube’s Forensic Falcon-NEO

Welcome to Logicube’s tutorial on the Falcon-NEO Forensic Imager. The Falcon-NEO allows you to image directly to or from a network repository using SMB or CIFS protocol, and to image from a network location using iSCSI. Two 10GbE ports provide extremely fast network imaging performance. In this episode, we’ll show you how to image from … Continue reading

Following The RTM: Forensic Examination Of A Computer Infected With A Banking Trojan

by Oleg Skulkin  Researchers became aware of the activities of the RTM group in December 2015. Since then, phishing emails distributing the trojan have been sent to potential victims with admirable persistence. From September to December 2018 the RTM group sent out more than 11,000 malicious emails. The cybercriminals, however, are not going to stop … Continue reading

Walkthrough: Carving With Belkasoft Evidence Center

by Yuri Gubanov, Danil Nikolaev & Igor Mikhailov © Belkasoft Research Carving is an irreplaceable technique widely used in data recovery and digital forensics. By using carving, we essentially perform a low-level scan of media for various artifacts, looking for signatures—specific sequences of bytes, characteristic of different types of data. This also means that carving … Continue reading

Mobile Virtual Network Operators (MVNOs) In The US

by Patrick Siewart  Increasingly, cellular records and their associated location information are being used in civil litigation, where previously they were considered to be a “law enforcement only” tool.  But in the age when users carry at least one smartphone with them at all times, the location data with regard to calls / texts / … Continue reading

Windows Registry Analysis 101

by Chirath De Alwis Computer forensics is the process of methodically examining computer media (hard disks, diskettes, tapes, etc.) for evidence [1].  When considering computer forensics, registry forensics plays a huge role because of the amount of the data that is stored on the registry and the importance of the stored data. The extraction of … Continue reading

Techno Security And Digital Forensics Conference CA 2019 – Recap

by Mattia Epifani The Techno Security and Forensics CA conference took place between 11th and 13th March at The Hilton Torrey Pines in La Jolla (San Diego). More than 200 attendees were present, coming from different fields like digital forensics, e-discovery, incident response and cybersecurity. Most of the attendees were from the U.S. but many … Continue reading

Career Paths In Digital Forensics

by Christa Miller, Forensic Focus In the 30 or so years since the advent of personal computers made digital forensics a viable career path, the profession has matured to the extent of making multiple career paths possible. Now, professionals who are interested in digital forensics have options that range from law enforcement and government investigations, … Continue reading

Using The Content-Length Header Field In Email Forensics

by Arman Gungor As forensic examiners, we often have to analyze emails in isolation without the benefit of server metadata, neighbor messages, or data from other sources such as workstations. When authenticating an email in isolation, every detail counts—we review a long list of data points such as formatting discrepancies within the message body, dates hidden in … Continue reading

Forensics Europe Expo London 2019 – Recap

by Jade James  This article is a recap of some of the main highlights from the Forensics Europe Expo 2019, which took place in London, UK on the 5th and 6th of March. The Forensics Europe Expo has now run for seven years and is co-located with the Security & Counter Terror Expo at Olympia … Continue reading

Burnout in DFIR (And Beyond)

by Christa Miller, Forensic Focus Quite a lot has been written over recent weeks about burnout. Not only DFIR-specific posts, first from Richard Bejtlich and then, in follow-up from Eric Huber and Brett Shavers; but also news articles including: Why Are Young People Pretending to Love Work? (The New York Times) How Millennials Became The … Continue reading

How To Install And Use The Optional Thunderbolt I/O Card On Logicube’s Falcon-NEO

Welcome to Logicube’s tutorial on the optional Thunderbolt I/O card on the Forensic Falcon-NEO. In this session, we’ll show you how to install and use this card. The optional Thunderbolt I/O card connects directly to Falcon-NEO’s source or destination I/O card ports. This card allows you to image directly to or from Thunderbolt USB C, … Continue reading

Email Forensics: Investigation Techniques

by Chirath De Alwis Due to the rapid spread of internet use all over the world, email has become a primary communication medium for many official activities. Not only companies, but also members of the public tend to use emails in their critical business activities such as banking, sharing official messages, and sharing confidential files. However, … Continue reading

Forensic Examination Of Manipulated Email In Gmail

by Arman Gungor Last week, I came across an interesting post on Forensic Focus. The poster, jahearne, was asking about how one can detect manipulation of an existing email in Gmail. In his hypothetical scenario, the bad actor was using Outlook to edit the message and change its contents after it was received. I wanted to … Continue reading

Dissecting Malicious Network Traffic To Identify Botnet Communication

by Swasti Bhushan Deb Botnets are well-known in the domains of information security, digital forensics and incident response for hosting illegal data, launching DDOS attacks, stealing information, spamming, bitcoin mining, spreading ransomware, launching brute force attacks, managing remote access to connected devices, and even propagating infection to other devices, among other things. Internet Relay Chat (IRC) … Continue reading

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,209 other followers