archives

Methodology

This category contains 101 posts

Using Technology To Get Results: Think Outside The Silo

by Johann Hofmann, Griffeye In an article series of three, published in the Interpol Newsletter, Griffeye explores the possibilities of technology in digital media investigations. In this second article, Johann Hofmann, Director & Head of Griffeye, talks about the limitations for investigators working in silos. We explore what happens if investigators can’t access, use or share critical information … Continue reading

Forensic Analysis of Damaged SQLite Databases

by Oleg Skulkin & Igor Mikhaylov SQLite databases are very common sources of forensic artifacts nowadays. A lot of mobile applications store data in such databases: you can also find them on desktop computers and laptops as well as, for example, forensicating web-browsers, messengers and some other digital evidence sources. There are a lot of … Continue reading

Forensic Acquisition Of Solid State Drives With Open Source Tools

by Josué Ferreira Abstract From a judicial perspective, the integrity of volatile storage devices has always been a reason for great concern and therefore, it is important for a method to forensically acquire data from Solid State Drives (SSD) to be developed. The method in this paper presents a way to preserve potential volatile digital evidence, … Continue reading

New NIST Forensic Tests Help Ensure High-Quality Copies of Digital Evidence

Data found on a suspect’s computer, cell phone or tablet can prove to be crucial evidence in a legal case. A new set of software tools developed at the National Institute of Standards and Technology (NIST) aims to make sure this digital evidence will hold up in court. The software suite, referred to collectively as federated … Continue reading

Focused Digital Forensic Methodology

by Haider H. Khaleel Abstract Since the end of the 19th Century until the current time, law enforcement has been facing a rapid increase in computer-related crimes. In the present time, digital forensics has become an important aspect of not only law enforcement investigations, but also; counter-terrorism investigations, civil litigations, and investigating cyber-incidents. Due to … Continue reading

Imm2Virtual: A Windows GUI To Virtualize Directly From Disk Image File

This is a Windows 64 bit GUI for a procedure to virtualize your EWF(E01), DD(Raw), AFF disk image file without converting it, directly with VirtualBox. It is forensically proof. Continue reading

When No Conclusion Can Be A Conclusion

by James Zjalic Before CCTV systems were conceived, eye-witness accounts were the only method of identifying a suspect based on their facial features. The pitfalls of this type of identification have been well documented numerous times with regard to the brain’s ability to both forget and modify what a person thinks they witnessed, due to … Continue reading

A Method For Verifying Integrity And Authenticating Digital Media

by Martin Harran, William Farrelly & Kevin Curran Due to their massive popularity, image files, especially JPEG, offer high potential as carriers of other information. Much of the work to date on this has focused on steganographic ways of hiding information using least significant bit techniques but we believe that the findings in this project have … Continue reading

Challenges Of ISO 17025 Accreditation – Survey Results

A group of forensic practitioners has recently conducted a survey into the ISO 17025 scheme – its effectiveness, and its relevance for digital forensics. The survey was conducted using Google Forms and was aimed at forensic practitioners on the front line of investigation, rather than at managers or corporations. What follows below is a summary … Continue reading

Unscrambling Pixels: Forensic Science Is Not Forensic Fiction

by Martino Jerian, CEO and Founder, Amped Software  In every branch of forensic science, we have to fight with the falsehoods introduced by the popular series à la CSI (hence the properly called CSI effect), but probably this belief is the strongest in the field of forensic image and video analysis. From endless zooming from satellite … Continue reading

Attributing A Third Party To A Recovered (Deleted) IOS SMS Message

In a recent forensic case involving recovered deleted sms messages from an sms.db file on an IOS mobile device none of the mainstream mobile phone forensic software made the link between sender and recipient for the recovered records of interest. I have been asked a few times recently about obtaining the third party of a … Continue reading

The “I’ve Been Hacked” Defence

By: Yuri Gubanov, Oleg Afonin (C) Belkasoft Research, 2016 Abstract This article was inspired by an active discussion in one of the forensic listservs. Original post was asking on how to fight with an argument “This is not me, this is a malware”. The suspect was allegedly downloading and viewing illicit child photos and was … Continue reading

SSD and eMMC Forensics 2016

What Has Changed in 2016 in the Way SSD Drives Self-Destruct Evidence. Demystifying eMMC, M.2, NVMe, and PCI-E. by Yuri Gubanov, Oleg Afonin © Belkasoft Research 2016 This publication continues the series started with an article on SSD forensics we published in 2012. We investigated the issues of SSD self-corrosion, demystified trimming, garbage collection and … Continue reading

BitLocker: What’s New in Windows 10 November Update, And How To Break It

BitLocker is a popular full-disk encryption scheme employed in all versions of Windows (but not in every edition) since Windows Vista. BitLocker is used to protect stationary and removable volumes against outside attacks. Since Windows 8, BitLocker is activated by default on compatible devices if the administrative account logs in with Microsoft Account credentials. BitLocker … Continue reading

Investigating and Prosecuting Cyber Crime: Forensic Dependencies and Barriers to Justice

The primary goal of this research is to raise awareness regarding legal loopholes and enabling technologies, which facilitate acts of cyber crime. In pursuing these avenues of inquiry, the author seeks to identify systemic impediments which obstruct police investigations, prosecutions, and digital forensics interrogations. The secondary objective of this research encourages policy makers to reevaluate strategies for combating the ubiquitous and evolving threat posed by cybercriminality. Research in this paper has been guided by the firsthand global accounts via the author’s core involvement in the preparation of the Comprehensive Study on Cybercrime (UNODC, 2013) and is keenly focused on core issues of concern, as voiced by the international community. Continue reading

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,152 other followers