archives

forensics

This tag is associated with 21 posts

Nuix Web Review & Analytics: Process, Search And Review Evidence In A Single Workflow

by Scar de Courcier, Forensic Focus Background Nuix Web Review & Analytics (WR&A) was created to enable analysts and non-technical investigators to collaborate on investigations. The tool allows a senior investigator or case supervisor to allocate and assign data to individuals within a case. They can then log into the web interface to look through data, … Continue reading

Asking A VPS To Image Itself

by Chris Cohen There is a Linux Virtual Private Server (VPS) that you have been tasked to collect using a forensically sound method while ensuring confidentiality, integrity and availability. You have the password for a user who has ssh access to a shell account on that VPS and the user is in the super user … Continue reading

Unlocking The Screen of an LG Android Smartphone with AT Modem Commands

by Oleg Davydov, CTO, Oxygen Forensics Modern smartphones are much more than just a device for voice calls. Now they contain a lot of personal data – contact list, communication history, photos, videos, Geo tags etc. Most smartphones can also work as a modem. Almost every modem is Hayes-compatible which means it supports commands of the … Continue reading

Mobile Forensics Monkey Wrench: iOS 10.2 and Encryption

by Patrick Siewert, Pro Digital Forensic Consulting It’s not secret to those involved in the study and practice of mobile forensics that Apple likes to throw us curve balls with almost every new iteration of the iOS operating system. It turns out, iOS 10.2 is no different (released December 12, 2016). A conversation began recently … Continue reading

New Federal Rule of Evidence to Directly Impact Computer Forensics and eDiscovery Preservation Best Practices

by John Patzakis, X1 A key amendment to US Federal Rule of Evidence 902, in the form of new subsection (14), will go into effect on December 1, 2017. This amendment will significantly impact eDiscovery and computer forensics software and its use by establishing that electronic data recovered “by a process of digital identification” is … Continue reading

Malware Can Hide, But It Must Run

by Alissa Torres, SANS Certified Instructor It’s October, haunting season. However, in the forensics world, the hunting of evil never ends. And with Windows 10 expected to be the new normal, digital forensics and incident response (DFIR) professionals who lack the necessary (memory) hunting skills will pay the price. Investigators who do not look at … Continue reading

10 DFIR Blogs You Don’t Want to Miss

by Christa M. Miller Digital forensics is a tough job. Forensicators must evolve as rapidly as the technology does, which means being in a constant state of learning. Formal education is costly and can’t keep up. The next best alternative: learn from others’ experience. It can be a challenge, however, to share one’s forensication expertise … Continue reading

Meeting A Forensic Challenge: Recovering Data From A Jolla Smartphone

by Davide Gabrini, Andrea Ghirardini, Mattia Epifani and Francesco Acchiappati Preface During the hacking camp MOCA 2016, at the end of a talk held by Davide “Rebus” Gabrini on passcode circumvention methods on mobile devices, a bystander offered an intriguing challenge: he offered for research purposes a smartphone to find out if and how someone … Continue reading

Hiding Data from Forensic Imagers – Using the Service Area of a Hard Disk Drive

By Todd G. Shipley and Bryan Door (A complete copy of this white paper and its figures, images and diagrams can be found at http://www.nfdrtc.net). I. Summary Kaspersky Labs® recently released their research regarding the compromise of hard disk drive firmware. This has confirmed our long standing suspicion that data hiding techniques using a hard disk … Continue reading

SSD and eMMC Forensics 2016 – Part 2

What Has Changed in 2016 in the Way SSD Drives Self-Destruct Evidence. Demystifying eMMC, M.2, NVMe, and PCI-E. by Yuri Gubanov, Oleg Afonin © Belkasoft Research 2016 In the first part of this article, we reviewed different kinds of the most commonly used modern SSDs (M.2, PCI-E, NVMe devices) and talked about acquisition of these … Continue reading

The Investigative Challenges Of Live Streamed Child Abuse

Among the challenges facing digital forensic investigators today, the instantaneous nature of online communication is arguably one of the most persistent. Trying to investigate whether a crime has occurred, and if so to bring its perpetrators to justice in a space that is constantly changing, is no simple task. With the Apple App Store alone … Continue reading

SSD and eMMC Forensics 2016

What Has Changed in 2016 in the Way SSD Drives Self-Destruct Evidence. Demystifying eMMC, M.2, NVMe, and PCI-E. by Yuri Gubanov, Oleg Afonin © Belkasoft Research 2016 This publication continues the series started with an article on SSD forensics we published in 2012. We investigated the issues of SSD self-corrosion, demystified trimming, garbage collection and … Continue reading

Beyond Keywords: Is Keyword Search Becoming Obsolete In The New Age Of Forensic Digital Investigation?

by James Billingsley Keyword searching is the primary tool investigators use to identify relevant evidence in a data set. However, poorly chosen keywords can miss important items or return too many irrelevant results. As data volumes grow, investigators must find better ways to focus on the items of interest within very large data sets. Expert … Continue reading

DFRWS EU 2016 – Lausanne 29th – 31st March

From the 29th to the 31st of March 2016, Forensic Focus will be attending the European Digital Forensics Research Workshop (DFRWS EU) in Lausanne, Switzerland. If there are any topics you’d particularly like us to cover, or any speakers you think we should interview, please let us know in the comments. Below is an overview … Continue reading

Windows 8 Touch Keyboard Forensics

Microsoft released Windows 8 in 2012. With this new version, Microsoft made a fundamental shift in Windows 8 as compare to older versions of Windows. It does not only target netbooks, laptops and traditional computers, instead they decided to use the same technology in Windows 8 tablets. This is why Windows 8 operating system is … Continue reading