archives

Digital Forensics

This tag is associated with 57 posts

Windows Drive Acquisition

by Oleg Skulkin & Scar de Courcier Before you can begin analysing evidence from a source, it first of all needs to be imaged. This describes a forensic process in which an exact copy of a drive is made. This is an important step, especially if evidence needs to be taken to court, because forensic … Continue reading

Linux Memory Forensics: Dissecting the User Space Process Heap

by Frank Block and Andreas Dewald Abstract The analysis of memory during a forensic investigation is often an important step to reconstruct events. While prior work in this field has mostly concentrated on information residing in the kernel space (process lists, network connections, and so on) and in particular on the Microsoft Windows operating system, this … Continue reading

Focused Digital Forensic Methodology

by Haider H. Khaleel Abstract Since the end of the 19th Century until the current time, law enforcement has been facing a rapid increase in computer-related crimes. In the present time, digital forensics has become an important aspect of not only law enforcement investigations, but also; counter-terrorism investigations, civil litigations, and investigating cyber-incidents. Due to … Continue reading

Imm2Virtual: A Windows GUI To Virtualize Directly From Disk Image File

This is a Windows 64 bit GUI for a procedure to virtualize your EWF(E01), DD(Raw), AFF disk image file without converting it, directly with VirtualBox. It is forensically proof. Continue reading

Digital Forensics: Iron Bars, Cement And Superglue

by James Zjalic When most people think of digital forensics they think of CSI Miami: hackers in hoodies and Mission Impossible type biometrics. But under the superficial exterior, there is a framework of laws, regulations, best practices, guidelines, and standards surrounding digital forensics which holds the field together. This framework has never been under as … Continue reading

Cellular GPS Evidence: Waze + Cellebrite + CellHawk

by Patrick Siewert, Principal Consultant, Pro Digital Forensic Consulting It’s becoming common knowledge that location evidence on cellular devices can provide a wealth of evidence in any number of civil, criminal and investigative matters. Law enforcement agencies use cellular location evidence from service providers to help place a criminal suspect at or near a crime … Continue reading

When No Conclusion Can Be A Conclusion

by James Zjalic Before CCTV systems were conceived, eye-witness accounts were the only method of identifying a suspect based on their facial features. The pitfalls of this type of identification have been well documented numerous times with regard to the brain’s ability to both forget and modify what a person thinks they witnessed, due to … Continue reading

Physical Imaging Of A Samsung Galaxy S7 Smartphone Running Android 7.0

by Oleg Skulkin & Igor Shorokhov The release of Android Nougat has brought new challenges to mobile forensic examiners: the smartphones running this version most likely have encrypted partitions with users’ data, their bootloaders are locked and classic custom recovery acquisition, which is widely used especially for Samsung smartphones, may not work anymore. But thankfully, things … Continue reading

Techno Security 2017 – San Antonio September 18th-20th

From the 18th to the 20th of September, the Techno Security & Digital Forensics Conference will be taking place in San Antonio, Texas, USA. If there are any topics you’d particularly like to see covered, or any speakers you think we should interview, please let us know in the comments. Forensic Focus readers can enjoy … Continue reading

The Future Of ENF Systems

by James Zjalic The subject of authentication is important across the entire digital forensic field and we as examiners have various weapons at our disposal in which to defend against the onslaught of manipulators, liars and charlatans. Authentication is frequently amongst the first steps in creating a robust chain of custody for evidence received and can … Continue reading

An Introduction To Challenges In Digital Forensics

by W.Chirath De Alwis Digital forensics is a technique in the identification of computer based crimes. But digital forensics faces a few major challenges when it comes to conducting investigations. According to Fahdi, Clarke & Furnell (2013), th challenges of digital forensics can be categorized into three parts. Technical challenges – e.g. differing media formats, … Continue reading

RAM Forensic Analysis

by Eliézer Pereira 1 Goal The purpose of this article is show how to perform a RAM memory forensic analysis, presenting some examples of information that can be retrieved and analyzed to help identify indications of security incidents as well as fraud and other illegal practices through information systems. 2 Good Practices and Techniques for Computer … Continue reading

Remote Forensics Of Windows 10 Mobile Devices

by Oleg Afonin, Elcomsoft Microsoft has developed Windows 10 as the one OS for all types of devices from servers to wearables. Desktops, laptops, two-in-ones, tablets and smartphones can (and do) run a version of Windows 10. There are countless forensic tools for acquiring evidence from the desktop version of Windows 10, much less for … Continue reading

An Introduction To Theft Of Trade Secrets Investigations

by Laurence D. Lieb, Managing Director, HaystackID. The subjects we will be covering include: Defining When One Should Reasonably Panic Reasonable Triage Steps to Take in Order to Identify if There is Only Smoke or an Actual Fire The Importance of Defining “Win” Upfront and the Avoidance of Mission Creep Definition and Identification of trade … Continue reading

Challenges Of ISO 17025 Accreditation – Survey Results

A group of forensic practitioners has recently conducted a survey into the ISO 17025 scheme – its effectiveness, and its relevance for digital forensics. The survey was conducted using Google Forms and was aimed at forensic practitioners on the front line of investigation, rather than at managers or corporations. What follows below is a summary … Continue reading

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,011 other followers