archives

Data Recovery

This category contains 40 posts

Cellular Provider Record Retention Periods

by Patrick Siewert, Principal Consultant, Pro Digital Forensic Consulting I just returned from a fantastic few days at the Virginia Trial Lawyers Association 2017 annual conference. I spent 3 days meeting with litigators from all over Virginia about the various ways data can help in their cases. Part of the nuance of operating a digital forensic consultancy … Continue reading

Digital Forensic Investigational Tool For Volatile Browser Based Data Analysis in Windows 8 OS

by W.Chirath De Alwis, School of Computing, Asia Pacific Institute of Information Technology, Colombo, Sri Lanka Abstract Cyber security threats on sensitive resources have increased recently and it has increased the need for digital forensic analysis tools. Digital evidence can be extracted not only from hard drives but also from other memory resources of a computing device. … Continue reading

The Ugly Side of Two-Factor Authentication

by ElcomSoft Two-factor authentication is great when it comes to securing access to someone’s account. It’s not so great when it gets in the way of accessing your account. However, in emergency situations things can turn completely ugly. In this article we’ll discuss steps you can do to minimize the negative consequences of using two-factor … Continue reading

Attributing A Third Party To A Recovered (Deleted) IOS SMS Message

In a recent forensic case involving recovered deleted sms messages from an sms.db file on an IOS mobile device none of the mainstream mobile phone forensic software made the link between sender and recipient for the recovered records of interest. I have been asked a few times recently about obtaining the third party of a … Continue reading

Meeting A Forensic Challenge: Recovering Data From A Jolla Smartphone

by Davide Gabrini, Andrea Ghirardini, Mattia Epifani and Francesco Acchiappati Preface During the hacking camp MOCA 2016, at the end of a talk held by Davide “Rebus” Gabrini on passcode circumvention methods on mobile devices, a bystander offered an intriguing challenge: he offered for research purposes a smartphone to find out if and how someone … Continue reading

Hiding Data from Forensic Imagers – Using the Service Area of a Hard Disk Drive

By Todd G. Shipley and Bryan Door (A complete copy of this white paper and its figures, images and diagrams can be found at http://www.nfdrtc.net). I. Summary Kaspersky Labs® recently released their research regarding the compromise of hard disk drive firmware. This has confirmed our long standing suspicion that data hiding techniques using a hard disk … Continue reading

Current Challenges In Digital Forensics

What is the most urgent question facing digital forensics today? That in itself is not a question with a straightforward answer. At conferences and in research papers, academics and forensic practitioners around the world converge to anticipate the future of the discipline and work out how to overcome some of the more challenging aspects of … Continue reading

Beyond Keywords: Is Keyword Search Becoming Obsolete In The New Age Of Forensic Digital Investigation?

by James Billingsley Keyword searching is the primary tool investigators use to identify relevant evidence in a data set. However, poorly chosen keywords can miss important items or return too many irrelevant results. As data volumes grow, investigators must find better ways to focus on the items of interest within very large data sets. Expert … Continue reading

Peering Through The Cloud

by Shahaf Rozanski Obscured by clouds With there now being more mobile phones on the planet than people and smartphones set to achieve saturation in just 10 years, unlocking the data held on them has increasingly needed to be used as vital evidence for police forces. However as apps – and the data held within … Continue reading

Forensic Acquisition of Google Accounts

Google collects and retains massive amounts of data about everyone who uses their services. Gaining access to that data is essential for solving many types of crimes. Learning what Google knows about the suspect can be a matter of utter importance for investigators and forensic experts. Unfortunately, standard means of accessing this information lack transparency … Continue reading

Countering Anti-Forensic Efforts – Part 1

by Oleg Afonin, Danil Nikolaev & Yuri Gubanov © Belkasoft Research 2015 Computer forensic techniques allow investigators to collect evidence from various digital devices. Tools and techniques exist allowing discovery of evidence that is difficult to get, including destroyed, locked, or obfuscated data. At the same time, criminals routinely make attempts to counter forensic efforts … Continue reading

Evidence Acquisition and Analysis from iCloud

by Mattia Epifani & Pasquale Stirparo iCloud iCloud is a free cloud storage and cloud computing service designed by Apple to replace MobileMe. The service allows users to store data (music, pictures, videos, and applications) on remote servers and share them on devices with iOS 5 or later operating systems, on Apple computers running OS … Continue reading

Extracting data from dump of mobile devices running Android operating system

In this article, we are going to tell about opportunities of utilizing programs that are used on a day-to-day basis in computer forensics and examination for analysis of mobile devices running Android operating system. Introduction Most of the mobile devices in the world run Android operating system. It is no wonder that such devices are … Continue reading

Samsung Galaxy Android 4.3 Jelly Bean acquisition using Joint Test Action Group (JTAG)

There have been some issues during data acquisitions with Samsung Galaxy having the Android 4.3, Jelly Bean as the operating system even if using the recommended steps for Logical File Dump, File System, or Physical Acquisitions for Cellebrite UFED Touch, Classic, and UFED4PC. All were unable to connect even if the mobile device was in … Continue reading

Webmail Forensics – Digging deeper into Browsers and Mobile Applications

Almost everyone who uses the Internet has a web-based email account. Many people have two or more, so the likelihood of a forensic investigator coming across a case involving webmail communication is very high. While law enforcement examiners can ask service providers for the email contents through a court order, corporate and non-government examiners have … Continue reading