forensic investigation

Burnout in DFIR (And Beyond)

Posted by scar ⋅ March 15, 2019 ⋅ 2 Comments

by Christa Miller, Forensic Focus Quite a lot has been written over recent weeks about burnout. Not only DFIR-specific posts, first from Richard Bejtlich and then, in follow-up from Eric Huber and Brett Shavers; but also news articles including: Why Are Young People Pretending to Love Work? (The New York Times) How Millennials Became The … Continue reading →

How To: Multitask With Logicube’s Forensic Falcon NEO

Posted by scar ⋅ December 4, 2018 ⋅ Leave a comment

Welcome to Logicube’s tutorial on the Forensic Falcon NEO. In this session we’ll show you how to multitask. For this tutorial I have connected the Falcon NEO to a network, and from a PC on the same network I’ve logged into the unit using a web browser so that I can operate remotely. I’ve already … Continue reading →

ICDF2C 2018 – Recap

Posted by scar ⋅ October 9, 2018 ⋅ Leave a comment

This article is a recap of some of the main highlights from the ICDF2C conference 2018, which took place in New Orleans, LA, USA from the 10th-12th September. The program began on Monday 10th September with the usual welcome registration. The conference was held at Chateau LeMoyne in New Orleans’ French Quarter: a beautiful hotel complete … Continue reading →

Walkthrough: Oxygen Forensic Detective Latest Features

Posted by scar ⋅ October 5, 2018 ⋅ Leave a comment

Within Oxygen, you’re able to not only connect one device, but several devices, and image them simultaneously. Oxygen’s extractor runs independently of Oxygen Detective, and that’s what allows you to run several different extractions at the same time, and there is no limit other than what the machine you were using will allow. So again, … Continue reading →

Word Forensic Analysis And Compound File Binary Format

Posted by scar ⋅ September 18, 2018 ⋅ 1 Comment

by Arman Gungor Microsoft Word forensic analysis is something digital forensic investigators do quite often for document authentication. Because of the great popularity of Microsoft Office, many important business documents such as contracts and memoranda are created using Word. When things go south, some of these documents become key evidence and subject to forensic authentication. My goal … Continue reading →

Using IMAP Internal Date for Forensic Email Authentication

Posted by scar ⋅ June 29, 2018 ⋅ Leave a comment

by Arman Gungor Internal Date is an IMAP Message Attribute that indicates the internal date and time of a message on an IMAP server. This is a different timestamp than the Origination Date field found in the message header and can be instrumental in authenticating email messages on an IMAP server. Let’s start with an example. The perpetrator … Continue reading →

Deep Learning At The Shallow End: Malware Classification For Non-Domain Experts

Posted by scar ⋅ June 20, 2018 ⋅ Leave a comment

by Quan Le, Oisín Boydell, Brian Mac Namee & Mark Scanlon Abstract Current malware detection and classification approaches generally rely on time consuming and knowledge intensive processes to extract patterns (signatures) and behaviors from malware, which are then used for identification. Moreover, these signatures are often limited to local, contiguous sequences within the data whilst … Continue reading →

Techno Security Myrtle Beach 2018 – Recap

Posted by scar ⋅ June 17, 2018 ⋅ 3 Comments

by Scar de Courcier This article is a recap of some of the main highlights from the Techno Security & Forensic Investigation Conference 2018, which took place in Myrtle Beach, SC from the 3rd-6th June 2018. Under the sunny skies of South Carolina, the digital forensic community got together at the beginning of June this year … Continue reading →

Techno Security & Digital Forensics 2018 – Myrtle Beach 3rd-6th June

Posted by scar ⋅ April 19, 2018 ⋅ 1 Comment

From the 3rd to the 6th of June 2018, Forensic Focus will be attending the Techno Security & Digital Forensics Conference in Myrtle Beach, South Carolina, USA. If there are any topics you’d particularly like us to cover, or any speakers you think we should interview, please let us know in the comments. Below is … Continue reading →

Nuix Web Review & Analytics: Process, Search And Review Evidence In A Single Workflow

Posted by scar ⋅ February 20, 2017 ⋅ 1 Comment

by Scar de Courcier, Forensic Focus Background Nuix Web Review & Analytics (WR&A) was created to enable analysts and non-technical investigators to collaborate on investigations. The tool allows a senior investigator or case supervisor to allocate and assign data to individuals within a case. They can then log into the web interface to look through data, … Continue reading →

Current Challenges In Digital Forensics

Posted by scar ⋅ May 11, 2016 ⋅ 1 Comment

What is the most urgent question facing digital forensics today? That in itself is not a question with a straightforward answer. At conferences and in research papers, academics and forensic practitioners around the world converge to anticipate the future of the discipline and work out how to overcome some of the more challenging aspects of … Continue reading →

Forensic Focus – Articles

Search