archives

scar

Scar de Courcier is an assistant editor at Forensic Focus.
scar has written 87 posts for Forensic Focus – Articles

Bruteforcing Linux Full Disk Encryption (LUKS) With Hashcat

by Patrick Bell This walk-through will show you how to Bruteforce LUK volumes using hashcat, how you can mount a LUK partition, and how we can image it once it’s decrypted. Scenario: You’ve got a Macbook in. MacOS has been removed and Debian 9.0 has been installed. The suspect is using LUKS (Linux Unified Key … Continue reading

Techno Mode – The Fastest Way To Access Digital Evidence On Damaged SSDs

by Roman Morozov, NAND Data Recovery Tutor, ACE Lab Recent statistics show that solid-state drives are getting a good share of the market of storage devices. And the popularity of SSDs is only expected to grow. There is already a large number of little-known manufacturers, who cut corners on parts of their drives. As a result, … Continue reading

Memory Dump Formats

by Chirath De Alwis As in other storage devices, volatile memory also has several formats. According to the acquisition method that is in use, the captured file format can be vary. According to (Ligh et al, 2018) the most commonly used memory dump formats are: RAW memory dump. Windows crash dump. Windows hibernation files. Expert witness … Continue reading

Detection Of Backdating The System Clock In MacOS

by Oleg Skulkin & Igor Mikhaylov Recently we received a good question from one of our DFIR mates: “How can one detect backdating of the system clock forensicating macOS?”. This is a really good question, at least for us, so we decided to research it. If we are talking about Windows system clock backdating there … Continue reading

Charlatans In Digital Forensics

by James Zjalic There’s a topic that is rarely publicized in the world of digital forensics, but is well known to those within the field and stories are often traded between experts when they meet at conferences and conventions. That topic is charlatans. In my eyes, there are 3 types of charlatan: – The Innocent … Continue reading

The Necessity Of Developing A Standard For Exchanging A Chain Of Custody Of Digital Evidence Data

by Jasmin Cosic, Miroslav Baca & Peter Grd Abstract Today there is no criminal investigation that does not contain a digital dimension. A large number of criminal offenses, whether official investigations conducted by judicial bodies or corporate investigations, contain digital evidence, which in most investigations is key to the identification of perpetrators. Since the cyber … Continue reading

ISO 17025 For Digital Forensics – Yay Or Nay

by Robert Merriott “Much of the digital forensic community desires to have their evidence seen in court as forensically sound and bulletproof, yet do not want to go through the rigors that other traditional forensic sciences have done to prevent evidence spoliation and other mishandling and misinterpretations.” ~ Josh Moulin, Deputy Chief Information Officer, US Federal Government, … Continue reading

Job Hunting In The DFIR Field

by Jessica Hyde, Magnet Forensics For those who don’t know, in addition to my work at Magnet Forensics, I teach Mobile Device Forensics at George Mason University. In addition to teaching the skills necessary to acquire and parse data from mobile devices, I attempt to share information that will be useful to my students who … Continue reading

New NIST Forensic Tests Help Ensure High-Quality Copies of Digital Evidence

Data found on a suspect’s computer, cell phone or tablet can prove to be crucial evidence in a legal case. A new set of software tools developed at the National Institute of Standards and Technology (NIST) aims to make sure this digital evidence will hold up in court. The software suite, referred to collectively as federated … Continue reading

Imaging Locked Motorola Devices Via Bootloader Exploit

Last-generation Android devices are gradually getting more secure, even approaching iOS-grade security in some usage scenarios. Equipped with fingerprint readers and compulsory encryption of the data partition, Android smartphones became a much tougher acquisition target compared to just a couple of years ago. In this world of increasing security, security firms go out of their … Continue reading

The CSI Effect – Expectations Vs Limitations

by James Zjalic Much has been written about the CSI phenomenon within digital forensics circles, but is there a way we as experts can reduce this effect, maybe not globally but at least amongst our own clients? In just the last couple of weeks, I’ve had requests to enhance a speaker on the other end … Continue reading

Making Smart Technology Decisions To Improve Case Collaboration

by Christa Miller, Magnet Forensics An estimated 6.1 billion smartphones will be in the world by 2020, and as development of the Internet of Things—connected wearables, household appliances, vehicles, and more—continues, that number will be dwarfed by the 20.4 billion total connected devices. Understanding how these technologies work, where and how they store data, and … Continue reading

Windows Drive Acquisition

by Oleg Skulkin & Scar de Courcier Before you can begin analysing evidence from a source, it first of all needs to be imaged. This describes a forensic process in which an exact copy of a drive is made. This is an important step, especially if evidence needs to be taken to court, because forensic … Continue reading

Linux Memory Forensics: Dissecting the User Space Process Heap

by Frank Block and Andreas Dewald Abstract The analysis of memory during a forensic investigation is often an important step to reconstruct events. While prior work in this field has mostly concentrated on information residing in the kernel space (process lists, network connections, and so on) and in particular on the Microsoft Windows operating system, this … Continue reading

Focused Digital Forensic Methodology

by Haider H. Khaleel Abstract Since the end of the 19th Century until the current time, law enforcement has been facing a rapid increase in computer-related crimes. In the present time, digital forensics has become an important aspect of not only law enforcement investigations, but also; counter-terrorism investigations, civil litigations, and investigating cyber-incidents. Due to … Continue reading

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,057 other followers