archives

evidence acquisition

This tag is associated with 13 posts

ICDF2C 2018 – Recap

This article is a recap of some of the main highlights from the ICDF2C conference 2018, which took place in New Orleans, LA, USA from the 10th-12th September. The program began on Monday 10th September with the usual welcome registration. The conference was held at Chateau LeMoyne in New Orleans’ French Quarter: a beautiful hotel complete … Continue reading

Walkthrough: Oxygen Forensic Detective Latest Features

Within Oxygen, you’re able to not only connect one device, but several devices, and image them simultaneously. Oxygen’s extractor runs independently of Oxygen Detective, and that’s what allows you to run several different extractions at the same time, and there is no limit other than what the machine you were using will allow. So again, … Continue reading

Word Forensic Analysis And Compound File Binary Format

by Arman Gungor Microsoft Word forensic analysis is something digital forensic investigators do quite often for document authentication. Because of the great popularity of Microsoft Office, many important business documents such as contracts and memoranda are created using Word. When things go south, some of these documents become key evidence and subject to forensic authentication. My goal … Continue reading

SSD and eMMC Forensics 2016 – Part 2

What Has Changed in 2016 in the Way SSD Drives Self-Destruct Evidence. Demystifying eMMC, M.2, NVMe, and PCI-E. by Yuri Gubanov, Oleg Afonin © Belkasoft Research 2016 In the first part of this article, we reviewed different kinds of the most commonly used modern SSDs (M.2, PCI-E, NVMe devices) and talked about acquisition of these … Continue reading

SSD and eMMC Forensics 2016

What Has Changed in 2016 in the Way SSD Drives Self-Destruct Evidence. Demystifying eMMC, M.2, NVMe, and PCI-E. by Yuri Gubanov, Oleg Afonin © Belkasoft Research 2016 This publication continues the series started with an article on SSD forensics we published in 2012. We investigated the issues of SSD self-corrosion, demystified trimming, garbage collection and … Continue reading

The Future of Mobile Forensics: November 2015 Follow-Up

by Oleg Afonin, Danil Nikolaev, Yuri Gubanov Mobile forensics is a moving target. In our recent article, “The Future of Mobile Forensics”, we described acquisition techniques that used to be state-of-the art back then. Weeks later, some things had changed already. Three months after the publication a lot of things have changed. Our publication was … Continue reading

Acquiring Windows PCs

by Oleg Afonin, Danil Nikolaev and Yuri Gubanov In our previous article, we talked about acquiring tablets running Windows 8 and 8.1. In this publication, we will talk about the acquisition of Windows computers – desktops and laptops. This class of devices has their own share of surprises when it comes to acquisition. The obvious … Continue reading

Bitcoin Forensics Part II: The Secret Web Strikes Back

In last week’s post, we talked about Bitcoin, Tor and some of the hidden websites only accessible via Tor, such as Silk Road, which was shut down by the FBI on October 1st. Well, just over a month later and Silk Road is back online: You can reach the new site at this link (again, … Continue reading

Bitcoin Forensics – A Journey into the Dark Web

There has been a lot of buzz around Tor, Bitcoin, and the so-called “dark web” (or “deep web”) since the FBI shut down the underground website “Silk Road” on Oct 1st. As many of you already know, Tor is a network of encrypted, virtual tunnels that allows people to use the internet anonymously, hiding their … Continue reading

Analysis Of iOS Notes App

As part of my third year studying Digital Security,Forensics & Ethical Hacking at GCU, I took part in a group research project to study the artifacts created when using the notes app on an iPad Mini, and if they could be used as evidence. This post is really just going to explain what I did, … Continue reading

Forensic Imaging of Hard Disk Drives- What we thought we knew

By Todd G. Shipley and Bryan Door (A complete copy of this white paper and its figures and diagrams can be found at http://www.nfdrtc.net). WHAT WE HAVE BEEN TAUGHT Imaging of hard drives has been the main stay of the “Science” part of digital forensics for many years.  It has been articulated by many, including us, … Continue reading

Digital Forensics and ‘self-tracking’

by Dr Chris Hargreaves, lecturer at the Centre for Forensic Computing at Cranfield University in Shrivenham, UK This month’s article is based very loosely around a recent 5-minute talk from Gary Wolf (link here) which explores the concept of ‘self-tracking’ (the trend for people to record aspects of their life) and how this can now … Continue reading

Flash drives and acquisition

First published June 2010 by Dominik Weber, Senior Software Architect for Guidance Software, Inc. “Take a look at this”. It started simply with that.A co-worker was looking into some strange issue with an acquisition of a flash drive. It seemed that the acquisition hash changed every time the drive was acquired. The write switch was … Continue reading

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,152 other followers