archives

Uncategorized

This category contains 30 posts

Making Smart Technology Decisions To Improve Case Collaboration

by Christa Miller, Magnet Forensics An estimated 6.1 billion smartphones will be in the world by 2020, and as development of the Internet of Things—connected wearables, household appliances, vehicles, and more—continues, that number will be dwarfed by the 20.4 billion total connected devices. Understanding how these technologies work, where and how they store data, and … Continue reading

Linux Memory Forensics: Dissecting the User Space Process Heap

by Frank Block and Andreas Dewald Abstract The analysis of memory during a forensic investigation is often an important step to reconstruct events. While prior work in this field has mostly concentrated on information residing in the kernel space (process lists, network connections, and so on) and in particular on the Microsoft Windows operating system, this … Continue reading

Imm2Virtual: A Windows GUI To Virtualize Directly From Disk Image File

This is a Windows 64 bit GUI for a procedure to virtualize your EWF(E01), DD(Raw), AFF disk image file without converting it, directly with VirtualBox. It is forensically proof. Continue reading

Touch Screen Lexicon Forensics (TextHarvester / WaitList.dat)

By Barnaby Skeggs Preamble Since the release of Windows 8, and the ‘Metro’ interface, touch screen input has been implemented in a rapidly rising number of Windows devices including Microsoft Surface Pro/Book, 2-in-1s, convertible laptops and tablets. Microsoft has catered for this trend, implementing conversion between touch/pen handwriting to computer text in software such as … Continue reading

InSig2 LawTech 2016 – Brussels 7th – 8th November

From the 7th – 8th of November 2016, Forensic Focus will be attending InSig2’s Law Tech Europe conference in Brussels, Belgium. If there are any topics you’d particularly like us to cover, or any speakers you think we should interview, please let us know in the comments. Below is an overview of the subjects and speakers that will … Continue reading

10 DFIR Blogs You Don’t Want to Miss

by Christa M. Miller Digital forensics is a tough job. Forensicators must evolve as rapidly as the technology does, which means being in a constant state of learning. Formal education is costly and can’t keep up. The next best alternative: learn from others’ experience. It can be a challenge, however, to share one’s forensication expertise … Continue reading

How to Stop Worrying and Learn to Love Your Inner Impostor

by Christa M. Miller It’s pretty much impossible to work in a small, niche community like DFIR and not eventually rub elbows with a rock star. You go to a conference and get to talking with someone, and you don’t even realize until 20 minutes later — when, inspired by the conversation, you finally ask … Continue reading

Virtual Hard Disk Image Format – A Forensic Overview

by Anil Kumar Types of Virtual Hard Disk Image Format The hard disk of a VM is implemented as the files, which live on their native file systems of the host machine. MS Virtual PC & MS Virtual Server support the below mentioned types of virtual hard disk formats: Fixed – The fixed hard disk … Continue reading

Countering Anti-Forensic Efforts – Part 2

by Oleg Afonin, Danil Nikolaev, Yuri Gubanov © Belkasoft Research 2015 In the first part of this paper we talked about the most common – and also some of the simplest – ways suspects can try to cover their tracks in an attempt to slow down the investigation. This part of the article is dedicated … Continue reading

Electronic Voiceprints: The Crime Solving Power of Biometric Forensics

By Jared Stern Fingerprinting has been used for years to determine the individuality of a person. But, newer technology allows investigators to capture a person’s voice, a so-called “voiceprint.” Sometimes, a person’s voice is the only clue that police and forensic teams have to go on. What Is It? Voiceprinting is a new kind of … Continue reading

Forensic Analysis of SQLite Databases: Free Lists, Write Ahead Log, Unallocated Space and Carving

SQLite is a widely popular database format that is used extensively pretty much everywhere. Both iOS and Android employ SQLite as a storage format of choice, with built-in and third-party applications relying on SQLite to keep their data. A wide range of desktop and mobile Web browsers (Chrome, Firefox) and instant messaging applications use SQLite, … Continue reading

A guide to RegRipper and the art of timeline building

Background I have often heard RegRipper mentioned on forums and websites and how it was supposed to make examining event logs, registry files and other similar files a breeze (the event logs and the other files isn’t per say examined by RegRipper, but they will be used for creating timelines further on in this post with … Continue reading

Recovering Evidence from SSD Drives in 2014: Understanding TRIM, Garbage Collection and Exclusions

We published an article on SSD forensics in 2012. SSD self-corrosion, TRIM and garbage collection were little known and poorly understood phenomena at that time, while encrypting and compressing SSD controllers were relatively uncommon. In 2014, many changes happened. We processed numerous cases involving the use of SSD drives and gathered a lot of statistical … Continue reading

Understanding Cyber Bullying – Notes for Digital Forensics Examiners

by Carole Phillips The phenomenon of cyber bullying has received a significant amount of attention in the last decade and literature in this field has grown exponentially with advice and guidance on how to deal with cyber bullying. Yet the term cyber bullying did not exist in the public’s consciousness a decade ago and the … Continue reading

Coming apart at the SIEMs …

Security Information and Event Management (SIEM)1 systems are all the rage at the moment – and with good cause. As you are all aware, one item of data2 does not a case make, it is the combination & correlation between _all_ of the data that creates “evidence” – and here in the SIEM we are … Continue reading

Build a Mobile Site
View Site in Mobile | Classic
Share by: