archives

scar

Scar de Courcier is an assistant editor at Forensic Focus.
scar has written 97 posts for Forensic Focus – Articles

Changes To Forensic Laboratory Accreditation Requirements – ISO/IEC 17025

by Tim Alcock ISO/IEC 17025:2017 – General requirements for the competence of testing and calibration laboratories is the principal international standard for the accreditation of laboratories performing testing (including sampling) and/or calibration. Originating from ISO/IEC Guide 25, the standard has been through several iterations culminating in the latest version released in November 2017.   ISO/IEC 17025:2017 … Continue reading

Techno Security & Digital Forensics 2018 – Myrtle Beach 3rd-6th June

From the 3rd to the 6th of June 2018, Forensic Focus will be attending the Techno Security & Digital Forensics Conference in Myrtle Beach, South Carolina, USA. If there are any topics you’d particularly like us to cover, or any speakers you think we should interview, please let us know in the comments. Below is … Continue reading

Finding Metasploit’s Meterpreter Traces With Memory Forensics

by Oleg Skulkin & Igor Mikhaylov Metasploit Framework is not only very popular among pentesters, but is also quite often used by real adversaries. So why is memory forensics important here? Because Meterpreter, for example – an advanced, dynamically extensible Metasploit payload – resides entirely in the memory and writes nothing to the victim’s drive. In … Continue reading

2018 Nuix Insider Conference Recap

by Jessica Lyford Close to 300 customers, partners, and guests converged at the Royal Lancaster London for Nuix’s annual Insider Conference last week to share their experience using Nuix or to learn something new to address their data, cybersecurity, risk, and compliance challenges. The scale of this year’s event symbolizes Nuix’s growth within the region, … Continue reading

Jailbreaking iOS 11 And All Versions Of iOS 10

by Oleg Afonin, Mobile Product Specialist at ElcomSoft Jailbreaking iOS is becoming increasingly difficult, especially considering the amounts of money Apple and independent bug hunters are paying for discovered vulnerabilities that could lead to a working exploit. Late last year, a bug hunter at Google’s Project Zero discovered one such vulnerability and developed and published an … Continue reading

Law Enforcement Professionals Need to Evaluate Digital Forensics Practices Amid Looming Constitutional Showdown Regarding Digital Searches

by L.E. “Ted” Wilson There is a fascinating constitutional showdown brewing in the U.S. that will have significant implications for how our law enforcement agencies are able to conduct digital investigations. The fundamental question at issue is whether the Fifth Amendment protection against self-incrimination can be lawfully asserted by a criminal defendant as a justification for … Continue reading

Forensic Analysis of Damaged SQLite Databases

by Oleg Skulkin & Igor Mikhaylov SQLite databases are very common sources of forensic artifacts nowadays. A lot of mobile applications store data in such databases: you can also find them on desktop computers and laptops as well as, for example, forensicating web-browsers, messengers and some other digital evidence sources. There are a lot of … Continue reading

Forensic Acquisition Of Solid State Drives With Open Source Tools

by Josué Ferreira Abstract From a judicial perspective, the integrity of volatile storage devices has always been a reason for great concern and therefore, it is important for a method to forensically acquire data from Solid State Drives (SSD) to be developed. The method in this paper presents a way to preserve potential volatile digital evidence, … Continue reading

Oxygen Drone Forensics – How To Deal With A New Threat

It was not too long ago when drones were discussed we would often think of military use or large commercial type applications. However, today drones are now in the hands of hobbyists who frequently use the devices for taking aerial pictures and shooting unique video footage. Not to mention law enforcement use them to monitor … Continue reading

Evidence Acquisition Using Accessdata FTK Imager

by Chirath De Alwis Forensic Toolkit or FTK is a computer forensics software product made by AccessData. This is a Windows based commercial product. For forensic investigations, the same development team has created a free version of the commercial product with fewer functionalities. This FTK Imager tool is capable of both acquiring and analyzing computer forensic … Continue reading

Bruteforcing Linux Full Disk Encryption (LUKS) With Hashcat

by Patrick Bell This walk-through will show you how to Bruteforce LUK volumes using hashcat, how you can mount a LUK partition, and how we can image it once it’s decrypted. Scenario: You’ve got a Macbook in. MacOS has been removed and Debian 9.0 has been installed. The suspect is using LUKS (Linux Unified Key … Continue reading

Techno Mode – The Fastest Way To Access Digital Evidence On Damaged SSDs

by Roman Morozov, NAND Data Recovery Tutor, ACE Lab Recent statistics show that solid-state drives are getting a good share of the market of storage devices. And the popularity of SSDs is only expected to grow. There is already a large number of little-known manufacturers, who cut corners on parts of their drives. As a result, … Continue reading

Memory Dump Formats

by Chirath De Alwis As in other storage devices, volatile memory also has several formats. According to the acquisition method that is in use, the captured file format can be vary. According to (Ligh et al, 2018) the most commonly used memory dump formats are: RAW memory dump. Windows crash dump. Windows hibernation files. Expert witness … Continue reading

Detection Of Backdating The System Clock In MacOS

by Oleg Skulkin & Igor Mikhaylov Recently we received a good question from one of our DFIR mates: “How can one detect backdating of the system clock forensicating macOS?”. This is a really good question, at least for us, so we decided to research it. If we are talking about Windows system clock backdating there … Continue reading

Charlatans In Digital Forensics

by James Zjalic There’s a topic that is rarely publicized in the world of digital forensics, but is well known to those within the field and stories are often traded between experts when they meet at conferences and conventions. That topic is charlatans. In my eyes, there are 3 types of charlatan: – The Innocent … Continue reading

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,080 other followers