archives

How-Tos

This category contains 41 posts

How To Analyze Call Data Records In Oxygen Forensic Detective

Hi, this is Amanda Mangan with Oxygen Forensics. In this video, we’re going to go over Oxygen Forensics’ Call Data Expert. The first thing we’ll discuss is, what exactly is a CDR? A CDR is a call data record, and we’ll talk about the different carriers and the different information that may come with each … Continue reading

How To Parse AirDrop Artifacts In Magnet AXIOM

Hey everyone, Trey Amick from Magnet Forensics here. Today we’re going to be looking at a new set of artifacts specific to Mac investigations, which will be released as part of the AXIOM 3.8 release. Today we’re going to be looking at dedicated AirDrop artifacts that AXIOM can now parse out. AirDrop is a service … Continue reading

How To Use Social Graph In Oxygen Forensic Detective

Hello, this is Keith Lockhart from the Oxygen Forensic training department, and this video is talking about the Social Graph inside Oxygen Forensic Detective. To fully understand the Social Graph and the things it can do for you, you kind of have to understand several other facets of your data and how that data is … Continue reading

How To Search For Visual Data With Griffeye Analyze DI

In this video, we’re going to discuss how to use the ‘Search’ function to help you quickly locate files of interest within your case. Analyze DI allows users to search for not only text-based information, but also visual clues as well. Adding visual clues into your workflows can really improve efficiency and help you get … Continue reading

How To Extract Credential Data Using KeyScout

Hello, this is Keith Lockhart from Oxygen Training, and this video is going to discuss the KeyScout application. The KeyScout application is one of the tools available in the tool suite concept of the Forensic Detective product. KeyScout is a standalone application that can be run locally or on the go, we’ll look at use … Continue reading

How To Use Quin-C’s Simple Review Widget

Hello and welcome everybody to this video about Quin-C. Today we will be talking about a widget called Simple Review. Simple Review is a widget which has been designed for examiners whose everyday job is to run the index searches or keyword searches; perform tagging, bookmarking, viewing, labelling and exporting data. So if you are … Continue reading

How To Easily And Accurately Play CCTV And Other Proprietary Video With Amped Replay

by Blake Sawyer, Amped Software For Law Enforcement across the world, one of the biggest hindrances to actionable evidence comes from CCTV. There are sites devoted to providing codecs, of which there are hundreds, and IT departments that spend most of their time managing the many players from each DVR manufacturer. In my old casework, … Continue reading

How To Digital Forensic Boot Scan A Mac With APFS

by Rich Frawley  In this short 3-minute video, ADF’s digital forensic specialist Rich Frawley shows how to boot a MacBook Air (APFS, non-encrypted) with Digital Evidence Investigator. The ADF digital forensic team is hard at work putting the finishing touches on the complete package: Enabling FileVault support at boot Allowing the input of credentials, much like … Continue reading

How To Conduct A Live Forensic Scan Of A Windows Computer

Learn how to conduct a Windows live scan with ADF Solutions Digital Evidence Investigator.  Two USB ports are required to complete a scan, one for the Collection Key and one for the Authentication Key, once the scan has started the Authentication Key can be removed. A USB hub may be used in cases where the target … Continue reading

How To Use The Griffeye Intelligence Database

Beginning with version 19, Griffeye Analyze DI Pro and Core will start using the new Griffeye Intelligence Database, or GID, to replace the legacy intelligence manager. In this video, we’re going to discuss the changes that the GID brings to the Analyze DI interface, and how to use the Griffeye Intelligence Database system within your … Continue reading

How To Transfer A Password Recovery Process To A Different Computer Using Passware

Did you know that Passware Kit can create a snapshot of a password recovery process at any time and resume it on a different computer? Running a password recovery attack, especially for multiple files or drives, might be a long process that requires a lot of hardware resources. In some cases, it might be necessary … Continue reading

How To Decrypt BitLocker Volumes With Passware

Decrypting BitLocker volumes or images is challenging due to the various encryption options offered by BitLocker that require different information for decryption. This article explains BitLocker protectors and talks about the best ways to get the data decrypted, even for computers that are turned off. BitLocker Encryption Options Protectors that can be used to encrypt … Continue reading

How To Use Magnet AXIOM In Mac USB Investigations

Hey everyone, Trey Amick from Magnet Forensics here. Today we’re talking about Mac USB investigations, and what happens when we’ve been alerted that a USB has been inserted into an end point. Different organisations handle USB policies differently. Some have alerting mechanisms in place for when USBs are detected, while others may encrypt the drive … Continue reading

How To Use Griffeye Brain – Artificial Intelligence

The Griffeye Brain in Analyze DI Pro version 19.2 brings the power of machine learning and artificial intelligence to help you quickly locate and identify child sex abuse material within your investigations. In addition, the Griffeye Brain now has improved object detection, allowing for multiple objects to be located within the same image. In this … Continue reading

How To Save Time With XAMN’s Dynamic Artifact Count Feature

At MSAB, we’re always looking to improve our software and make every product more user-friendly, intuitive, and valuable; and to help save you time. We’ve recently improved the way that XAMN displays and counts artifacts. Let’s take a look at the new functionality. We’ve opened this case in XAMN, and from the start we can … Continue reading

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,301 other followers