archives

Forensics 101

This category contains 76 posts

Email Forensics: Investigation Techniques

by Chirath De Alwis Due to the rapid spread of internet use all over the world, email has become a primary communication medium for many official activities. Not only companies, but also members of the public tend to use emails in their critical business activities such as banking, sharing official messages, and sharing confidential files. However, … Continue reading

Scene Of The Crime: You’ve Found A Drone. What Do You Do?

by Lee Reiber, COO, Oxygen Forensics, Inc. The proliferation of recreational drones and their impact on digital incident response has dramatically increased during the last several years. In January 2018, Nextgov stated the U.S. Federal Aviation Administration (FAA) reported over 1 million drone operators registered with the United States government. This number continues to grow … Continue reading

How To: Multitask With Logicube’s Forensic Falcon NEO

Welcome to Logicube’s tutorial on the Forensic Falcon NEO. In this session we’ll show you how to multitask. For this tutorial I have connected the Falcon NEO to a network, and from a PC on the same network I’ve logged into the unit using a web browser so that I can operate remotely. I’ve already … Continue reading

How To: Integrate LACE Carver With Griffeye Analyze DI Pro

Let’s talk about the exciting new LACE Carver Integration with Analyze DI Pro. Once you have the proper license, you can head over to your Downloads page on MyGriffeye.com and go to the LACE Carver download. Once the app package has been downloaded, we can go back to Griffeye and install it under Settings, Plugins, … Continue reading

Forensic Analysis Of The μTorrent Peer-to-Peer Client In Windows

by Michael R. Godfrey The μTorrent software client is the most popular BitTorrent peer-to-peer software application worldwide [1]. Contraband files such as copyrighted movies and music, child pornography and pirated content, are frequently acquired through the peer-to-peer (P2P) file sharing protocol BitTorrent. This research will include the digital forensic analysis of the μTorrent client, specifically, the … Continue reading

Word Forensic Analysis And Compound File Binary Format

by Arman Gungor Microsoft Word forensic analysis is something digital forensic investigators do quite often for document authentication. Because of the great popularity of Microsoft Office, many important business documents such as contracts and memoranda are created using Word. When things go south, some of these documents become key evidence and subject to forensic authentication. My goal … Continue reading

Drone Forensics Gets A Boost With New Data On NIST Website

by Richard Press, NIST Aerial drones might someday deliver online purchases to your home. But in some prisons, drone delivery is already a thing. Drones have been spotted flying drugs, cell phones and other contraband over prison walls, and in several cases, drug traffickers have used drones to ferry narcotics across the border. If those … Continue reading

Using IMAP Internal Date for Forensic Email Authentication

by Arman Gungor Internal Date is an IMAP Message Attribute that indicates the internal date and time of a message on an IMAP server. This is a different timestamp than the Origination Date field found in the message header and can be instrumental in authenticating email messages on an IMAP server. Let’s start with an example. The perpetrator … Continue reading

Apple iPhone Forensics: Significant Locations

by Patrick Siewert, Principal Consultant, Pro Digital Forensic Consulting I recently attended a conference of civil litigators in Virginia. During the cocktail hour and after a very interactive CLE presentation on “Leveraging Data in Insurance Fraud Investigations”, I was talking with a few attendees about the different types of data available to them in their … Continue reading

Digital Forensics Resources

by Scar de Courcier One of the most frequent questions I’m asked by digital forensics students is about resources: where can they go to continue learning, where can they find out more about the industry, what are the best blogs and social accounts out there for DFIR people? The below is by no means an … Continue reading

Searching And Filtering Emails When Forensically Collecting Mailboxes

by Arman Gungor When mailboxes are forensically preserved for eDiscovery or digital forensic investigations, their contents are almost always searched and filtered. Filtering emails helps overcome time, scope and cost constraints and alleviates privacy concerns. There are two main ways of filtering emails—before and after the forensic acquisition. Each method has its pros and cons, … Continue reading

Finding Metasploit’s Meterpreter Traces With Memory Forensics

by Oleg Skulkin & Igor Mikhaylov Metasploit Framework is not only very popular among pentesters, but is also quite often used by real adversaries. So why is memory forensics important here? Because Meterpreter, for example – an advanced, dynamically extensible Metasploit payload – resides entirely in the memory and writes nothing to the victim’s drive. In … Continue reading

Jailbreaking iOS 11 And All Versions Of iOS 10

by Oleg Afonin, Mobile Product Specialist at ElcomSoft Jailbreaking iOS is becoming increasingly difficult, especially considering the amounts of money Apple and independent bug hunters are paying for discovered vulnerabilities that could lead to a working exploit. Late last year, a bug hunter at Google’s Project Zero discovered one such vulnerability and developed and published an … Continue reading

Oxygen Drone Forensics – How To Deal With A New Threat

It was not too long ago when drones were discussed we would often think of military use or large commercial type applications. However, today drones are now in the hands of hobbyists who frequently use the devices for taking aerial pictures and shooting unique video footage. Not to mention law enforcement use them to monitor … Continue reading

Evidence Acquisition Using Accessdata FTK Imager

by Chirath De Alwis Forensic Toolkit or FTK is a computer forensics software product made by AccessData. This is a Windows based commercial product. For forensic investigations, the same development team has created a free version of the commercial product with fewer functionalities. This FTK Imager tool is capable of both acquiring and analyzing computer forensic … Continue reading

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,172 other followers