archives

Forensics 101

This category contains 54 posts

New Security Measures In iOS 11 And Their Forensic Implications

by Oleg Afonin, Elcomsoft Apple is about to launch its next-generation iOS in just a few days. Researching developer betas, we discovered that iOS 11 implements a number of new security measures. The purpose of these measures is better protecting the privacy of Apple customers and once again increasing security of device data. While some … Continue reading

An Introduction To Challenges In Digital Forensics

by W.Chirath De Alwis Digital forensics is a technique in the identification of computer based crimes. But digital forensics faces a few major challenges when it comes to conducting investigations. According to Fahdi, Clarke & Furnell (2013), th challenges of digital forensics can be categorized into three parts. Technical challenges – e.g. differing media formats, … Continue reading

RAM Forensic Analysis

by Eliézer Pereira 1 Goal The purpose of this article is show how to perform a RAM memory forensic analysis, presenting some examples of information that can be retrieved and analyzed to help identify indications of security incidents as well as fraud and other illegal practices through information systems. 2 Good Practices and Techniques for Computer … Continue reading

An Introduction To Theft Of Trade Secrets Investigations

by Laurence D. Lieb, Managing Director, HaystackID. The subjects we will be covering include: Defining When One Should Reasonably Panic Reasonable Triage Steps to Take in Order to Identify if There is Only Smoke or an Actual Fire The Importance of Defining “Win” Upfront and the Avoidance of Mission Creep Definition and Identification of trade … Continue reading

Internet Of Things Mobility Forensics

by K M Sabidur Rahman & Matt Bishop (University of California Davis) and Albert Holt (NSA) Abstract The Internet of Things (IoT) comes with great possibilities as well as major security and privacy issues. Although digital forensics has long been studied in both academia and industry, mobility forensics is relatively new and unexplored. Mobility forensics deals … Continue reading

Asking A VPS To Image Itself

by Chris Cohen There is a Linux Virtual Private Server (VPS) that you have been tasked to collect using a forensically sound method while ensuring confidentiality, integrity and availability. You have the password for a user who has ssh access to a shell account on that VPS and the user is in the super user … Continue reading

Samsung sBrowser – Android Forensics: A Look Into The Cache Files

by Robert Craig and Michael Lambert Abstract Samsung devices are a large portion of the Android OS market.  Samsung has its own Internet Browser, “sbrowser”, installed onto their devices.  All web browsers leave artifacts from user activity.  The “sbrowser” cache files were similar to other browsers.  An embedded source URL gave insight where the cached … Continue reading

Unlocking The Screen of an LG Android Smartphone with AT Modem Commands

by Oleg Davydov, CTO, Oxygen Forensics Modern smartphones are much more than just a device for voice calls. Now they contain a lot of personal data – contact list, communication history, photos, videos, Geo tags etc. Most smartphones can also work as a modem. Almost every modem is Hayes-compatible which means it supports commands of the … Continue reading

Mobile Forensics Monkey Wrench: iOS 10.2 and Encryption

by Patrick Siewert, Pro Digital Forensic Consulting It’s not secret to those involved in the study and practice of mobile forensics that Apple likes to throw us curve balls with almost every new iteration of the iOS operating system. It turns out, iOS 10.2 is no different (released December 12, 2016). A conversation began recently … Continue reading

Windows 10 PE for Digital Forensics

by Robin Brocks, IT Forensic Expert and Incident Responder Only a few years ago, it was a real pain creating a portable Windows on CD/ DVD or thumb drive, because the Operating System was not prepared to run on those media. There have been numerous projects and volunteers, like BartPE or the WindowsFE (Forensic Edition), to … Continue reading

New Federal Rule of Evidence to Directly Impact Computer Forensics and eDiscovery Preservation Best Practices

by John Patzakis, X1 A key amendment to US Federal Rule of Evidence 902, in the form of new subsection (14), will go into effect on December 1, 2017. This amendment will significantly impact eDiscovery and computer forensics software and its use by establishing that electronic data recovered “by a process of digital identification” is … Continue reading

Forensic Implications of iOS Lockdown (Pairing) Records

by ElcomSoft In recent versions of iOS, successful acquisition of a locked device is no longer a given. Multiple protection layers and Apple’s new policy on handling government requests make forensic experts look elsewhere when investigating Apple smartphones. In this publication, we’ll discuss acquisition approach to an iOS device under these specific circumstances: Runs iOS … Continue reading

SQLite Database Forensics – ‘Sleep Cycle’ Case Study

Recently one of our users, Dan Saunders, was kind enough to write up his experience using the Forensic Browser for SQLite on a database that was not supported by any other forensics tools – this is his story: SQLite databases are becoming more and more of a focus point for the present day Digital Forensics … Continue reading

Using SQL as a date/time conversion tool

A few weeks ago I spent a little time looking at Triggers and to get to know them better I wanted to make use of them and so I knocked up a small application where if an integer is pasted into a cell in a table (the base cell in the screen shot below) then … Continue reading

Investigation and Intelligence Framework (IIF) – an evidence extraction model for investigation

Authors Alan, Kelvin, Anthony and Zetta (VXRL) Disclaimer This framework was first introduced in DFRWS EU 2014 (the first DFRWS conference in Europe) at Amsterdam held in May and later presented at Hacks in Taiwan 2014 (HITCON) which is a high-tech security conference in Taiwan held in August. Abstract Digital forensics investigators are facing new challenges every … Continue reading

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 986 other followers