archives

Digital Forensics

This tag is associated with 41 posts

Classifying Illegal Activities On Tor Network Based On Web Textual Contents

by Mhd Wesam Al Nabki, Eduardo Fidalgo, Enrique Alegre & Ivan de Paz; Department of Electrical, Systems and Automation, University of Leon, Spain & INCIBE Spanish National Cybersecurity Institute Abstract The freedom of the Deep Web offers a safe place where people can express themselves anonymously but they also can conduct illegal activities. In this paper, we … Continue reading

Internet Of Things Mobility Forensics

by K M Sabidur Rahman & Matt Bishop (University of California Davis) and Albert Holt (NSA) Abstract The Internet of Things (IoT) comes with great possibilities as well as major security and privacy issues. Although digital forensics has long been studied in both academia and industry, mobility forensics is relatively new and unexplored. Mobility forensics deals … Continue reading

Enfuse 2017 – Las Vegas 22-25 May

From the 22nd to the 25th of May 2017, Forensic Focus will be attending Enfuse (formerly known as CEIC) in Las Vegas, Nevada, USA. If there are any topics you’d particularly like us to cover, or any speakers you think we should interview, please let us know in the comments. Below is an overview of … Continue reading

How Do Criminals Communicate Online?

Flashpoint, a business intelligence agency specialising in the deep and dark web, recently published a report on the economy of criminal networks online. The report looks not only at where criminals go to communicate on the internet, but also how their communications are structured, and the ways in which online communication has changed the criminal … Continue reading

A Survey On Data Carving In Digital Forensics

by Nadeem Alherbawi*, Zarina Shukur & Rossilawati Sulaiman; Faculty of Information Science and Technology, Universiti Kebangsaan Malaysia Abstract Data carving is a very important topic in digital investigation and computer forensics. And for that reason research is needed to focus on improving data carving techniques to enable digital investigators to retrieve important data and evidence from damaged … Continue reading

Techno Security 2017 – Myrtle Beach 4th – 7th June

From the 4th to the 7th of June 2017, Forensic Focus will be attending the Techno Security & Digital Forensics Conference in Myrtle Beach, South Carolina, USA. If there are any topics you’d particularly like us to cover, or any speakers you think we should interview, please let us know in the comments. Below is … Continue reading

Nuix Web Review & Analytics: Process, Search And Review Evidence In A Single Workflow

by Scar de Courcier, Forensic Focus Background Nuix Web Review & Analytics (WR&A) was created to enable analysts and non-technical investigators to collaborate on investigations. The tool allows a senior investigator or case supervisor to allocate and assign data to individuals within a case. They can then log into the web interface to look through data, … Continue reading

Asking A VPS To Image Itself

by Chris Cohen There is a Linux Virtual Private Server (VPS) that you have been tasked to collect using a forensically sound method while ensuring confidentiality, integrity and availability. You have the password for a user who has ssh access to a shell account on that VPS and the user is in the super user … Continue reading

Samsung sBrowser – Android Forensics: A Look Into The Cache Files

by Robert Craig and Michael Lambert Abstract Samsung devices are a large portion of the Android OS market.  Samsung has its own Internet Browser, “sbrowser”, installed onto their devices.  All web browsers leave artifacts from user activity.  The “sbrowser” cache files were similar to other browsers.  An embedded source URL gave insight where the cached … Continue reading

Unlocking The Screen of an LG Android Smartphone with AT Modem Commands

by Oleg Davydov, CTO, Oxygen Forensics Modern smartphones are much more than just a device for voice calls. Now they contain a lot of personal data – contact list, communication history, photos, videos, Geo tags etc. Most smartphones can also work as a modem. Almost every modem is Hayes-compatible which means it supports commands of the … Continue reading

Mobile Forensics Monkey Wrench: iOS 10.2 and Encryption

by Patrick Siewert, Pro Digital Forensic Consulting It’s not secret to those involved in the study and practice of mobile forensics that Apple likes to throw us curve balls with almost every new iteration of the iOS operating system. It turns out, iOS 10.2 is no different (released December 12, 2016). A conversation began recently … Continue reading

Windows 10 PE for Digital Forensics

by Robin Brocks, IT Forensic Expert and Incident Responder Only a few years ago, it was a real pain creating a portable Windows on CD/ DVD or thumb drive, because the Operating System was not prepared to run on those media. There have been numerous projects and volunteers, like BartPE or the WindowsFE (Forensic Edition), to … Continue reading

Digital Forensic Investigational Tool For Volatile Browser Based Data Analysis in Windows 8 OS

by W.Chirath De Alwis, School of Computing, Asia Pacific Institute of Information Technology, Colombo, Sri Lanka Abstract Cyber security threats on sensitive resources have increased recently and it has increased the need for digital forensic analysis tools. Digital evidence can be extracted not only from hard drives but also from other memory resources of a computing device. … Continue reading

New Federal Rule of Evidence to Directly Impact Computer Forensics and eDiscovery Preservation Best Practices

by John Patzakis, X1 A key amendment to US Federal Rule of Evidence 902, in the form of new subsection (14), will go into effect on December 1, 2017. This amendment will significantly impact eDiscovery and computer forensics software and its use by establishing that electronic data recovered “by a process of digital identification” is … Continue reading

Forensic Implications of iOS Lockdown (Pairing) Records

by ElcomSoft In recent versions of iOS, successful acquisition of a locked device is no longer a given. Multiple protection layers and Apple’s new policy on handling government requests make forensic experts look elsewhere when investigating Apple smartphones. In this publication, we’ll discuss acquisition approach to an iOS device under these specific circumstances: Runs iOS … Continue reading