archives

Methodology

This category contains 94 posts

A Method For Verifying Integrity And Authenticating Digital Media

by Martin Harran, William Farrelly & Kevin Curran Due to their massive popularity, image files, especially JPEG, offer high potential as carriers of other information. Much of the work to date on this has focused on steganographic ways of hiding information using least significant bit techniques but we believe that the findings in this project have … Continue reading

Challenges Of ISO 17025 Accreditation – Survey Results

A group of forensic practitioners has recently conducted a survey into the ISO 17025 scheme – its effectiveness, and its relevance for digital forensics. The survey was conducted using Google Forms and was aimed at forensic practitioners on the front line of investigation, rather than at managers or corporations. What follows below is a summary … Continue reading

Unscrambling Pixels: Forensic Science Is Not Forensic Fiction

by Martino Jerian, CEO and Founder, Amped Software  In every branch of forensic science, we have to fight with the falsehoods introduced by the popular series à la CSI (hence the properly called CSI effect), but probably this belief is the strongest in the field of forensic image and video analysis. From endless zooming from satellite … Continue reading

Attributing A Third Party To A Recovered (Deleted) IOS SMS Message

In a recent forensic case involving recovered deleted sms messages from an sms.db file on an IOS mobile device none of the mainstream mobile phone forensic software made the link between sender and recipient for the recovered records of interest. I have been asked a few times recently about obtaining the third party of a … Continue reading

The “I’ve Been Hacked” Defence

By: Yuri Gubanov, Oleg Afonin (C) Belkasoft Research, 2016 Abstract This article was inspired by an active discussion in one of the forensic listservs. Original post was asking on how to fight with an argument “This is not me, this is a malware”. The suspect was allegedly downloading and viewing illicit child photos and was … Continue reading

SSD and eMMC Forensics 2016

What Has Changed in 2016 in the Way SSD Drives Self-Destruct Evidence. Demystifying eMMC, M.2, NVMe, and PCI-E. by Yuri Gubanov, Oleg Afonin © Belkasoft Research 2016 This publication continues the series started with an article on SSD forensics we published in 2012. We investigated the issues of SSD self-corrosion, demystified trimming, garbage collection and … Continue reading

BitLocker: What’s New in Windows 10 November Update, And How To Break It

BitLocker is a popular full-disk encryption scheme employed in all versions of Windows (but not in every edition) since Windows Vista. BitLocker is used to protect stationary and removable volumes against outside attacks. Since Windows 8, BitLocker is activated by default on compatible devices if the administrative account logs in with Microsoft Account credentials. BitLocker … Continue reading

Investigating and Prosecuting Cyber Crime: Forensic Dependencies and Barriers to Justice

The primary goal of this research is to raise awareness regarding legal loopholes and enabling technologies, which facilitate acts of cyber crime. In pursuing these avenues of inquiry, the author seeks to identify systemic impediments which obstruct police investigations, prosecutions, and digital forensics interrogations. The secondary objective of this research encourages policy makers to reevaluate strategies for combating the ubiquitous and evolving threat posed by cybercriminality. Research in this paper has been guided by the firsthand global accounts via the author’s core involvement in the preparation of the Comprehensive Study on Cybercrime (UNODC, 2013) and is keenly focused on core issues of concern, as voiced by the international community. Continue reading

NAS Forensics Explained

by Oleg Afonin, Danil Nikolaev & Yuri Gubanov © Belkasoft Research 2015 Network Attached Storage (NAS) have a long track history of corporate deployments. Their scaled-down versions (ranging from single-bay to four-drive enclosures) are frequently used at homes and in offices. These smaller-size appliances are often called “personal clouds” for providing some parts of functionality … Continue reading

Acquiring Windows PCs

by Oleg Afonin, Danil Nikolaev and Yuri Gubanov In our previous article, we talked about acquiring tablets running Windows 8 and 8.1. In this publication, we will talk about the acquisition of Windows computers – desktops and laptops. This class of devices has their own share of surprises when it comes to acquisition. The obvious … Continue reading

SQLite Database Forensics – ‘Sleep Cycle’ Case Study

Recently one of our users, Dan Saunders, was kind enough to write up his experience using the Forensic Browser for SQLite on a database that was not supported by any other forensics tools – this is his story: SQLite databases are becoming more and more of a focus point for the present day Digital Forensics … Continue reading

Investigation and Intelligence Framework (IIF) – an evidence extraction model for investigation

Authors Alan, Kelvin, Anthony and Zetta (VXRL) Disclaimer This framework was first introduced in DFRWS EU 2014 (the first DFRWS conference in Europe) at Amsterdam held in May and later presented at Hacks in Taiwan 2014 (HITCON) which is a high-tech security conference in Taiwan held in August. Abstract Digital forensics investigators are facing new challenges every … Continue reading

Can You Get That License Plate?

We find ourselves analyzing new surveillance videos almost every day, and in most cases we can either solve the problem very quickly or understand (even quicker) that there is no information to recover in the video. In special cases though, where something very specific and strange happened, or the problem is very complex, it can take … Continue reading

How To Decrypt WeChat EnMicroMsg.db Database?

WeChat is a smartphone application where users can chat with their friends, share pictures, videos and audio chats. Users can also make free video calls and voice calls with their friends as long as they have Internet connection. Recently, we received a request from the law enforcement agency to extract WeChat chat messages from an Android mobile … Continue reading

Why Offender Profiling is Changing Thanks to Mobile Forensics and Increasingly ‘Social’ Criminal Activity

by Yuval Ben-Moshe, senior director of forensic technologies at Cellebrite Mobile forensics has changed the methodology when it comes to offender profiling.  The frequent use of mobile devices has provided investigators with another source for profiling criminal suspects, as well as an insight into their habits and personalities. This is not just because of the … Continue reading