archives

Digital Forensics

This tag is associated with 36 posts

Techno Security 2017 – Myrtle Beach 4th – 7th June

From the 4th to the 7th of June 2017, Forensic Focus will be attending the Techno Security & Digital Forensics Conference in Myrtle Beach, South Carolina, USA. If there are any topics you’d particularly like us to cover, or any speakers you think we should interview, please let us know in the comments. Below is … Continue reading

Nuix Web Review & Analytics: Process, Search And Review Evidence In A Single Workflow

by Scar de Courcier, Forensic Focus Background Nuix Web Review & Analytics (WR&A) was created to enable analysts and non-technical investigators to collaborate on investigations. The tool allows a senior investigator or case supervisor to allocate and assign data to individuals within a case. They can then log into the web interface to look through data, … Continue reading

Asking A VPS To Image Itself

by Chris Cohen There is a Linux Virtual Private Server (VPS) that you have been tasked to collect using a forensically sound method while ensuring confidentiality, integrity and availability. You have the password for a user who has ssh access to a shell account on that VPS and the user is in the super user … Continue reading

Samsung sBrowser – Android Forensics: A Look Into The Cache Files

by Robert Craig and Michael Lambert Abstract Samsung devices are a large portion of the Android OS market.  Samsung has its own Internet Browser, “sbrowser”, installed onto their devices.  All web browsers leave artifacts from user activity.  The “sbrowser” cache files were similar to other browsers.  An embedded source URL gave insight where the cached … Continue reading

Unlocking The Screen of an LG Android Smartphone with AT Modem Commands

by Oleg Davydov, CTO, Oxygen Forensics Modern smartphones are much more than just a device for voice calls. Now they contain a lot of personal data – contact list, communication history, photos, videos, Geo tags etc. Most smartphones can also work as a modem. Almost every modem is Hayes-compatible which means it supports commands of the … Continue reading

Mobile Forensics Monkey Wrench: iOS 10.2 and Encryption

by Patrick Siewert, Pro Digital Forensic Consulting It’s not secret to those involved in the study and practice of mobile forensics that Apple likes to throw us curve balls with almost every new iteration of the iOS operating system. It turns out, iOS 10.2 is no different (released December 12, 2016). A conversation began recently … Continue reading

Windows 10 PE for Digital Forensics

by Robin Brocks, IT Forensic Expert and Incident Responder Only a few years ago, it was a real pain creating a portable Windows on CD/ DVD or thumb drive, because the Operating System was not prepared to run on those media. There have been numerous projects and volunteers, like BartPE or the WindowsFE (Forensic Edition), to … Continue reading

Digital Forensic Investigational Tool For Volatile Browser Based Data Analysis in Windows 8 OS

by W.Chirath De Alwis, School of Computing, Asia Pacific Institute of Information Technology, Colombo, Sri Lanka Abstract Cyber security threats on sensitive resources have increased recently and it has increased the need for digital forensic analysis tools. Digital evidence can be extracted not only from hard drives but also from other memory resources of a computing device. … Continue reading

New Federal Rule of Evidence to Directly Impact Computer Forensics and eDiscovery Preservation Best Practices

by John Patzakis, X1 A key amendment to US Federal Rule of Evidence 902, in the form of new subsection (14), will go into effect on December 1, 2017. This amendment will significantly impact eDiscovery and computer forensics software and its use by establishing that electronic data recovered “by a process of digital identification” is … Continue reading

Forensic Implications of iOS Lockdown (Pairing) Records

by ElcomSoft In recent versions of iOS, successful acquisition of a locked device is no longer a given. Multiple protection layers and Apple’s new policy on handling government requests make forensic experts look elsewhere when investigating Apple smartphones. In this publication, we’ll discuss acquisition approach to an iOS device under these specific circumstances: Runs iOS … Continue reading

Malware Can Hide, But It Must Run

by Alissa Torres, SANS Certified Instructor It’s October, haunting season. However, in the forensics world, the hunting of evil never ends. And with Windows 10 expected to be the new normal, digital forensics and incident response (DFIR) professionals who lack the necessary (memory) hunting skills will pay the price. Investigators who do not look at … Continue reading

InSig2 LawTech 2016 – Brussels 7th – 8th November

From the 7th – 8th of November 2016, Forensic Focus will be attending InSig2’s Law Tech Europe conference in Brussels, Belgium. If there are any topics you’d particularly like us to cover, or any speakers you think we should interview, please let us know in the comments. Below is an overview of the subjects and speakers that will … Continue reading

10 DFIR Blogs You Don’t Want to Miss

by Christa M. Miller Digital forensics is a tough job. Forensicators must evolve as rapidly as the technology does, which means being in a constant state of learning. Formal education is costly and can’t keep up. The next best alternative: learn from others’ experience. It can be a challenge, however, to share one’s forensication expertise … Continue reading

Meeting A Forensic Challenge: Recovering Data From A Jolla Smartphone

by Davide Gabrini, Andrea Ghirardini, Mattia Epifani and Francesco Acchiappati Preface During the hacking camp MOCA 2016, at the end of a talk held by Davide “Rebus” Gabrini on passcode circumvention methods on mobile devices, a bystander offered an intriguing challenge: he offered for research purposes a smartphone to find out if and how someone … Continue reading

Hiding Data from Forensic Imagers – Using the Service Area of a Hard Disk Drive

By Todd G. Shipley and Bryan Door (A complete copy of this white paper and its figures, images and diagrams can be found at http://www.nfdrtc.net). I. Summary Kaspersky Labs® recently released their research regarding the compromise of hard disk drive firmware. This has confirmed our long standing suspicion that data hiding techniques using a hard disk … Continue reading