This is a Windows 64 bit GUI for a procedure to virtualize your EWF(E01), DD(Raw), AFF disk image file without converting it, directly with VirtualBox. It is forensically proof. Continue reading →
ABSTRACT: This is a procedure for locating and parsing deleted messages timestamps in Android WhatsApp database. I did a little reverse engineering, using the hexadecimal tool of Physical Analyzer (UFED by Cellebrite), of the database of the popular messaging app WhatsApp for Android, because P.A. 3.8.6 does not display deleted messages WhatsApp, at least on … Continue reading →
KS – an open source bash script for indexing data ABSTRACT: This is a keywords searching tool working on the allocated, unallocated data and the slackspace, using an indexer software and a database storage . Often during a computer forensics analysis we need to have all the keywords indexed into a database for making many … Continue reading →
ABSTRACT This is a description how the Apple Ipod/Iphone stores the timestamps into their plist files. After an experiment we tried to order the various ways that Apple Idevices manage and store these data. We found the timestamps into PlayCounts.plist are in local time and not in absolute time GMT. During an experiment on an … Continue reading →
All logos and trademarks in this site are property of Forensic Focus.
The comments are property of their posters, remainder Copyright © 2000-2015 Forensic Focus. All Rights Reserved.