Forensic Focushttps://www.forensicfocus.com/Forensic Focus - Computer Forensics News, Information and Communityen-usMon, 20 Nov 2017 00:49:09 GMT1440CPG-Nuke DragonflyForensic FocusForumshttp://backend.userland.com/rsshttps://www.forensicfocus.com/images/logo.gifForensic Focushttps://www.forensicfocus.com/Services Required: UK-based SME/University for joint forensic researchhttps://www.forensicfocus.com/Forums/viewtopic/p=6591413/#6591413We are a South Korean research institute partnered with a South Korea mobile forensics company. We are looking for a UK-based SME and university to apply for Eurostars2 joint research funding (https://www.eurostars-eureka.eu/south-korea-united-kingdom-eurostars-call-2017).
The company should be a “R&D performing SME.” The SME on the UK and Korean side will be considered the PI.
Project topic areas in are ICT : Internet of Things; AI & Robotics; Augmented & Virtual Reality; Cyber Security. The current consortium has several ideas for the project, and are happy to discuss.
The project supports industrial innovation, and a marketable product is normally the output. If you are interested please DM me.
Initial application outlines are due 2018-01-19.Mon, 20 Nov 2017 00:49:09 GMTForensic Software: Tools for scanning dd images / Finding an encrypted filehttps://www.forensicfocus.com/Forums/viewtopic/p=6591412/#6591412There is a script here to calculate the Shannon Entropy of a file.
Maybe you could modify it to instead do the same for 10MB blocks of raw disk data. Then load the result into a spread sheet. The big random parts of the disk should then be obvious and it should be a simple matter to find the exact start of the random block by visual inspection and carve it out.Sun, 19 Nov 2017 22:00:32 GMTForensic Software: Forensics Distro for on-site ZFS analysis/Triagehttps://www.forensicfocus.com/Forums/viewtopic/p=6591411/#6591411@athulin @Bunnysniper it seems that ZFS is a bit unexplored, I'm really bummed that I can't go "full lab mode" on this (right now) but I'm very thankful for your insight. We took some notes and will work on being better prepared next time.
@athulin sorry, no saved logs on our attempts with live distros (we didn't use the original boot system again after it was apprehended). I also believe it's probably a ZFS release issue.Sun, 19 Nov 2017 21:19:17 GMTEducation and Training: Forensics Experts challengeshttps://www.forensicfocus.com/Forums/viewtopic/p=6591410/#6591410Hello, guys! I would like to ask the following question: What are the problems and challenges forensics experts face with NTFS files system.
Thank you!Sun, 19 Nov 2017 18:09:29 GMTGeneral Discussion: Strange casehttps://www.forensicfocus.com/Forums/viewtopic/p=6591407/#6591407einstein9 wrote:
I tried the drive in many PC`s all reports the same
Any reason for this?
With all due respect, you are completely failing to provide any meaningful detail.
Explorer (right click) reports (not an example, what it does actually reports) .... ?
tool ..... reports .... ?
What (EXACT) device is it?
Whihc (EXACT) Windows version is it?
Is it seen as "removable" or as "fixed" by Windows?
Is it partitioned or not?
Which filesystem(s) are in use?
jaclazSun, 19 Nov 2017 16:32:41 GMTMobile Phone Forensics: Write Blockerhttps://www.forensicfocus.com/Forums/viewtopic/p=6591405/#6591405thefuf wrote:
Can you provide an example of such laws and such requirements?
If you're thinking of national or regional legislation, ... what nation/region are you thinking of?
I'm in the U.S. I'm not aware of any case law or legislation here that would make evidence from a live acquisition or mobile acquisition (using an agent, jailbreak, etc.) inadmissible. The generally accepted practice (from my readings and training) is to avoid unnecessary modification, minimize any changes you do make, and document everything.
If you're in a place that prohibits a certain action or requires special permission, by all means follow your local laws.Sun, 19 Nov 2017 16:12:38 GMTMobile Phone Forensics: W2L? 5G - your entry pointhttps://www.forensicfocus.com/Forums/viewtopic/p=6591402/#6591402URLLC - crack the abbrevation yourself - basis for automatic cars and com-critical applications (e.g. C2CA)
http://the-mobile-network.com/2017/11/urllc-liveblog/Sun, 19 Nov 2017 08:21:17 GMTGeneral Discussion: youtube cachehttps://www.forensicfocus.com/Forums/viewtopic/p=6591399/#6591399Has anyone had any luck at recovering cached fragments of video after a youtube video has been viewed. I can see some substabtial content but have yet to find a way to view it (which I believe to be buffered video). Tried converting it, carving, VLC etc etc. Maybe Im just not getting it??..Sat, 18 Nov 2017 17:24:57 GMTGeneral Discussion: Recycle Bin Dateshttps://www.forensicfocus.com/Forums/viewtopic/p=6591393/#6591393As a side note besides "updates" the "windows.old" is created also in some cases of "repair" (or "reset") of the OS, in windows 8.1 there is/was also seemingly a "time bomb" of sorts:
of 28 days for "system files", whilst user and documents directories should remain untouched.
jaclazSat, 18 Nov 2017 10:33:10 GMTMobile Phone Forensics: Using hardware encrypted USB device in UFED Touch2https://www.forensicfocus.com/Forums/viewtopic/p=6591390/#6591390Touch 2 is running Windows 10
If this drive requires standard windows drivers, there should be no problem.Sat, 18 Nov 2017 09:05:37 GMT