Data Recovery

This category contains 36 posts

Meeting A Forensic Challenge: Recovering Data From A Jolla Smartphone

by Davide Gabrini, Andrea Ghirardini, Mattia Epifani and Francesco Acchiappati Preface During the hacking camp MOCA 2016, at the end of a talk held by Davide “Rebus” Gabrini on passcode circumvention methods on mobile devices, a bystander offered an intriguing challenge: he offered for research purposes a smartphone to find out if and how someone … Continue reading

Hiding Data from Forensic Imagers – Using the Service Area of a Hard Disk Drive

By Todd G. Shipley and Bryan Door (A complete copy of this white paper and its figures, images and diagrams can be found at I. Summary Kaspersky Labs® recently released their research regarding the compromise of hard disk drive firmware. This has confirmed our long standing suspicion that data hiding techniques using a hard disk … Continue reading

Current Challenges In Digital Forensics

What is the most urgent question facing digital forensics today? That in itself is not a question with a straightforward answer. At conferences and in research papers, academics and forensic practitioners around the world converge to anticipate the future of the discipline and work out how to overcome some of the more challenging aspects of … Continue reading

Beyond Keywords: Is Keyword Search Becoming Obsolete In The New Age Of Forensic Digital Investigation?

by James Billingsley Keyword searching is the primary tool investigators use to identify relevant evidence in a data set. However, poorly chosen keywords can miss important items or return too many irrelevant results. As data volumes grow, investigators must find better ways to focus on the items of interest within very large data sets. Expert … Continue reading

Peering Through The Cloud

by Shahaf Rozanski Obscured by clouds With there now being more mobile phones on the planet than people and smartphones set to achieve saturation in just 10 years, unlocking the data held on them has increasingly needed to be used as vital evidence for police forces. However as apps – and the data held within … Continue reading

Forensic Acquisition of Google Accounts

Google collects and retains massive amounts of data about everyone who uses their services. Gaining access to that data is essential for solving many types of crimes. Learning what Google knows about the suspect can be a matter of utter importance for investigators and forensic experts. Unfortunately, standard means of accessing this information lack transparency … Continue reading

Countering Anti-Forensic Efforts – Part 1

by Oleg Afonin, Danil Nikolaev & Yuri Gubanov © Belkasoft Research 2015 Computer forensic techniques allow investigators to collect evidence from various digital devices. Tools and techniques exist allowing discovery of evidence that is difficult to get, including destroyed, locked, or obfuscated data. At the same time, criminals routinely make attempts to counter forensic efforts … Continue reading

Evidence Acquisition and Analysis from iCloud

by Mattia Epifani & Pasquale Stirparo iCloud iCloud is a free cloud storage and cloud computing service designed by Apple to replace MobileMe. The service allows users to store data (music, pictures, videos, and applications) on remote servers and share them on devices with iOS 5 or later operating systems, on Apple computers running OS … Continue reading

Extracting data from dump of mobile devices running Android operating system

In this article, we are going to tell about opportunities of utilizing programs that are used on a day-to-day basis in computer forensics and examination for analysis of mobile devices running Android operating system. Introduction Most of the mobile devices in the world run Android operating system. It is no wonder that such devices are … Continue reading

Samsung Galaxy Android 4.3 Jelly Bean acquisition using Joint Test Action Group (JTAG)

There have been some issues during data acquisitions with Samsung Galaxy having the Android 4.3, Jelly Bean as the operating system even if using the recommended steps for Logical File Dump, File System, or Physical Acquisitions for Cellebrite UFED Touch, Classic, and UFED4PC. All were unable to connect even if the mobile device was in … Continue reading

Webmail Forensics – Digging deeper into Browsers and Mobile Applications

Almost everyone who uses the Internet has a web-based email account. Many people have two or more, so the likelihood of a forensic investigator coming across a case involving webmail communication is very high. While law enforcement examiners can ask service providers for the email contents through a court order, corporate and non-government examiners have … Continue reading

Forensic analysis of the ESE database in Internet Explorer 10

———————————————————— Due to me not being able to reformat our thesis in a good way I strongly suggest you look at the whole paper in PDF format here: /Philip ———————————————————— Forensic analysis of the ESE database in Internet Explorer 10 Bachelor thesis June 2013 Authors: Bonnie Malmström & Philip Teveldal Bachelor thesis School of Information … Continue reading

WhatsApp – discovering timestamps of deleted messages

ABSTRACT:  This is a procedure for locating and parsing deleted messages timestamps in Android WhatsApp database. I did a little reverse engineering, using the hexadecimal tool of Physical Analyzer (UFED by Cellebrite), of the database of the popular messaging app WhatsApp for Android, because P.A. 3.8.6 does not display deleted messages WhatsApp, at least on … Continue reading

Extracting Evidence from Destroyed Skype Logs and Cleared SQLite Databases

Summary This article describes common approaches used for the recovery of cleared Skype histories and deleted chat logs, and discusses methods and techniques for recovering evidence from cleared and damaged SQLite databases. Introduction It is difficult to underestimate popularity of Skype. Hundreds of millions of people use Skype every day, generating a lot of potential … Continue reading

Bitcoin Forensics Part II: The Secret Web Strikes Back

In last week’s post, we talked about Bitcoin, Tor and some of the hidden websites only accessible via Tor, such as Silk Road, which was shut down by the FBI on October 1st. Well, just over a month later and Silk Road is back online: You can reach the new site at this link (again, … Continue reading