Forensic Focus https://www.forensicfocus.com/ Forensic Focus - Computer Forensics News, Information and Community en-us Mon, 20 Nov 2017 00:49:09 GMT 1440 CPG-Nuke Dragonfly Forensic Focus Forums http://backend.userland.com/rss https://www.forensicfocus.com/images/logo.gif Forensic Focus https://www.forensicfocus.com/ Services Required: UK-based SME/University for joint forensic research https://www.forensicfocus.com/Forums/viewtopic/p=6591413/#6591413 We are a South Korean research institute partnered with a South Korea mobile forensics company. We are looking for a UK-based SME and university to apply for Eurostars2 joint research funding (https://www.eurostars-eureka.eu/south-korea-united-kingdom-eurostars-call-2017). The company should be a “R&D performing SME.” The SME on the UK and Korean side will be considered the PI. Project topic areas in are ICT : Internet of Things; AI & Robotics; Augmented & Virtual Reality; Cyber Security. The current consortium has several ideas for the project, and are happy to discuss. The project supports industrial innovation, and a marketable product is normally the output. If you are interested please DM me. Initial application outlines are due 2018-01-19. Mon, 20 Nov 2017 00:49:09 GMT Forensic Software: Tools for scanning dd images / Finding an encrypted file https://www.forensicfocus.com/Forums/viewtopic/p=6591412/#6591412 There is a script here to calculate the Shannon Entropy of a file. http://code.activestate.com/recipes/577476-shannon-entropy-calculation/#c3 Maybe you could modify it to instead do the same for 10MB blocks of raw disk data. Then load the result into a spread sheet. The big random parts of the disk should then be obvious and it should be a simple matter to find the exact start of the random block by visual inspection and carve it out. Sun, 19 Nov 2017 22:00:32 GMT Forensic Software: Forensics Distro for on-site ZFS analysis/Triage https://www.forensicfocus.com/Forums/viewtopic/p=6591411/#6591411 @athulin @Bunnysniper it seems that ZFS is a bit unexplored, I'm really bummed that I can't go "full lab mode" on this (right now) but I'm very thankful for your insight. We took some notes and will work on being better prepared next time. @athulin sorry, no saved logs on our attempts with live distros (we didn't use the original boot system again after it was apprehended). I also believe it's probably a ZFS release issue. Sun, 19 Nov 2017 21:19:17 GMT Education and Training: Forensics Experts challenges https://www.forensicfocus.com/Forums/viewtopic/p=6591410/#6591410 Hello, guys! I would like to ask the following question: What are the problems and challenges forensics experts face with NTFS files system. Thank you! Sun, 19 Nov 2017 18:09:29 GMT General Discussion: Strange case https://www.forensicfocus.com/Forums/viewtopic/p=6591407/#6591407 einstein9 wrote: I tried the drive in many PC`s all reports the same Any reason for this? With all due respect, you are completely failing to provide any meaningful detail. Explorer (right click) reports (not an example, what it does actually reports) .... ? while tool ..... reports .... ? What (EXACT) device is it? Whihc (EXACT) Windows version is it? Is it seen as "removable" or as "fixed" by Windows? Is it partitioned or not? Which filesystem(s) are in use? jaclaz Sun, 19 Nov 2017 16:32:41 GMT Mobile Phone Forensics: Write Blocker https://www.forensicfocus.com/Forums/viewtopic/p=6591405/#6591405 thefuf wrote: athulin wrote: Can you provide an example of such laws and such requirements? If you're thinking of national or regional legislation, ... what nation/region are you thinking of? Russia. I'm in the U.S. I'm not aware of any case law or legislation here that would make evidence from a live acquisition or mobile acquisition (using an agent, jailbreak, etc.) inadmissible. The generally accepted practice (from my readings and training) is to avoid unnecessary modification, minimize any changes you do make, and document everything. If you're in a place that prohibits a certain action or requires special permission, by all means follow your local laws. Sun, 19 Nov 2017 16:12:38 GMT Mobile Phone Forensics: W2L? 5G - your entry point https://www.forensicfocus.com/Forums/viewtopic/p=6591402/#6591402 URLLC - crack the abbrevation yourself - basis for automatic cars and com-critical applications (e.g. C2CA) http://the-mobile-network.com/2017/11/urllc-liveblog/ Sun, 19 Nov 2017 08:21:17 GMT General Discussion: youtube cache https://www.forensicfocus.com/Forums/viewtopic/p=6591399/#6591399 Has anyone had any luck at recovering cached fragments of video after a youtube video has been viewed. I can see some substabtial content but have yet to find a way to view it (which I believe to be buffered video). Tried converting it, carving, VLC etc etc. Maybe Im just not getting it??.. Sat, 18 Nov 2017 17:24:57 GMT General Discussion: Recycle Bin Dates https://www.forensicfocus.com/Forums/viewtopic/p=6591393/#6591393 As a side note besides "updates" the "windows.old" is created also in some cases of "repair" (or "reset") of the OS, in windows 8.1 there is/was also seemingly a "time bomb" of sorts: https://support.microsoft.com/en-us/help/17125/windows-8-restore-files-old-folder-upgrade of 28 days for "system files", whilst user and documents directories should remain untouched. jaclaz Sat, 18 Nov 2017 10:33:10 GMT Mobile Phone Forensics: Using hardware encrypted USB device in UFED Touch2 https://www.forensicfocus.com/Forums/viewtopic/p=6591390/#6591390 Touch 2 is running Windows 10 If this drive requires standard windows drivers, there should be no problem. Sat, 18 Nov 2017 09:05:37 GMT
Build a Mobile Site
View Site in Mobile | Classic
Share by: