±Forensic Focus Partners

Become an advertising partner

±Your Account


Forgotten password/username?

Site Members:

New Today: 4 Overall: 31106
New Yesterday: 9 Visitors: 121

±Latest Articles

RSS Feed Widget

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News   Forums   Articles

Latest Forum Posts

 Topics   Replies   Author   Views   Last Post 
 View latest post Determine iOS Version of ... 3 SamBrown 10280   Thu Oct 27, 2016 3:02 pm 
 View latest post X-Ways Forensic Dongle wi... 2 Bunnysniper 662   Thu Oct 27, 2016 7:30 am 
 View latest post Mobile Device Acquisition... 18 jblakley 1771   Thu Oct 27, 2016 5:58 am 
 View latest post Hibernation file vs Pagefile 0 wotsits 134   Wed Oct 26, 2016 11:02 pm 
 View latest post Looking for a little advice. 9 Preeny95 831   Wed Oct 26, 2016 10:05 pm 

Malware Can Hide, But It Must Run

Thursday, October 27, 2016 (09:43:36)
It’s October, haunting season. However, in the forensics world, the hunting of evil never ends. And with Windows 10 expected to be the new normal, digital forensics and incident response (DFIR) professionals who lack the necessary (memory) hunting skills will pay the price.

Investigators who do not look at volatile memory are leaving evidence at the crime scene. RAM content holds evidence of user actions, as well as evil processes and furtive behaviors implemented by malicious code. It is this evidence that often proves to be the smoking gun that unravels the story of what happened on a system.

Although Microsoft is not expected to reach its Windows 10 rollout goal of one billion devices in the next two years, their glossiest OS to date currently makes up 22% of desktop systems according to netmarketshare.com.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (545 reads)

Breaking the Android Puzzle with Oxygen Forensic® Detective v. 9.0

Monday, October 24, 2016 (15:35:32)
Oxygen Forensics, the worldwide developer and provider of advanced forensic data examination tools for mobile devices and cloud services, announced today that it has added a Jet-Imager module to its Oxygen Forensic® Detective product that allows users to acquire data from Android devices faster saving experts critical time while solving law enforcement cases.
“With the new Jet-Imager module, experts using our products will be able to speed up data acquisition on Android devices which will save them minutes or maybe even hours in some cases and that directly translates to closing cases faster,” said Lee Reiber, Oxygen Forensics COO. “Oxygen Forensics will continue to seek ways to speed up the time it takes for forensics experts to do their job since budgets are always in the crosshairs and organizations are constantly looking for ways to save on overtime as well as solve cases more effectively”.

The “I’ve Been Hacked” Defence

Monday, October 24, 2016 (10:10:48)
by Yuri Gubanov, Oleg Afonin
(C) Belkasoft Research, 2016

This article was inspired by an active discussion in one of the forensic listservs. Original post was asking on how to fight with an argument “This is not me, this is a malware”. The suspect was allegedly downloading and viewing illicit child photos and was denying that, explaining the fact of these photos’ presence by malicious software they presumably had.

I’ve Been Hacked
The “I’ve been hacked” tactic is the most common defense when it comes to crimes committed on or with computers. However obvious it might be, the burden of proof lies on you and not on the suspect. So how can you figure out whether or not the suspect’s computer has actually been subject to unauthorized activities?

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1016 reads)

Arsenal Recon Launches Breakthrough Microsoft Windows Hibernation Forensic Tool

Saturday, October 22, 2016 (08:59:39)
Hibernation Recon Provides Digital Forensics Experts with Unprecedented Access to Hibernation Data

Arsenal Recon, digital forensics experts building powerful tools to improve the analysis of electronic evidence, announced the formal release of Hibernation Recon today. Hibernation Recon extracts valuable information from Microsoft Windows® XP, Vista, 7, 8, 8.1, and 10 hibernation files that other tools have failed to reveal for many years. Digital forensics experts armed with Hibernation Recon are now able to exploit not only the active contents of Windows hibernation files, but also massive volumes of information in the multiple levels of slack space within them.

New Performance Enhancements in Magnet AXIOM Mean Faster Results

Friday, October 21, 2016 (10:15:05)
Processing Times Reduced Dramatically in AXIOM 1.0.6

By Jad Saliba, Founder and CTO at Magnet Forensics

Last week, we released Magnet AXIOM version 1.0.6. This update included a number of features and fixes, but one of the main goals was to address issues we, and our customers, had seen in processing times. And we did it! AXIOM Process times are now testing as being equal to, or slightly faster than, IEF.

Here’s how we did it…

BlackBag® helps Saskatoon Police Service put a criminal behind bars

Wednesday, October 19, 2016 (09:28:59)
BlackBag® Technologies’ premiere digital forensic software, BlackLight® helped put a man, convicted of possessing 450 child pornography images, behind bars. Marcel Cole Beuker, whose trial was held in March of this year, claimed the images found on a hard drive connected to his iMac, were not his. It took three long years for the Saskatchewan Internet Child Exploitation (ICE) unit to bring him to justice, but their diligent work secured a conviction. Beuker received an 18-month sentence, plus 4 months for disobeying release conditions.

During the trial, BlackLight®’s .fseventsd feature was featured prominently. The ICE unit had their work cut out for them, as Beuker was an experienced programmer and very tech savvy. Using tools, including BlackLight®, they were able to show almost all of the communication originated from the accused’s system, and no other devices.

Forensic Focus Forum Round-Up

Tuesday, October 18, 2016 (11:50:59)
Welcome to this month’s round-up of recent posts to the Forensic Focus forums.

Can you help honor_the_data work out this USB storage timestamp anomaly?

Forum members discuss iPhone 4S iTunes backup encryption.

Should you apply for ISO/IEC 17020 and 17025 if you’re a one-person organisation?

Which programming language should you learn if you’re a digital forensic examiner?

Do SSDs ‘shrink’ over time? Add your thoughts in the forum.

Forum members discuss detection of file-hollowing.

How would you bypass a PIN-locked SIM? Chime in on the forum.

Are we ready for Apple vs. the FBI round two?

Forum members discuss eSIM chip-off forensics.

How can we extract evidence from Virtual Assistants?
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (2361 reads)

Oxygen Forensics Speeds Up Forensic Processing of Android Devices

Thursday, October 13, 2016 (13:38:43)
Oxygen Forensics, the worldwide developer and provider of advanced forensic data examination tools for mobile devices, announced today an agreement with the MITRE Corporation Technology Transfer Office that will make it possible for customers of Oxygen Forensics to take advantage of faster processing times on Android devices for data extraction.

Why False Positives Are Important

Wednesday, October 12, 2016 (08:25:41)
By Jamie McQuaid

Most forensic examiners are familiar with seeing false positives in their search or processing results. False positives will always be present in tools that conduct some form of data carving in their searching and/or processing.

I often get questions from forensic examiners (both new and experienced) on whether the data that IEF or AXIOM has found is valid. Without seeing the data myself, it’s quite difficult to determine the validity of the information so I’ll typically respond with several follow up questions trying to understand what the examiner is seeing. This helps me assess the likelihood of the data being either valid or a false positive.

Webinar: Challenges Mobile Devices Pose in Global Investigations

Wednesday, October 05, 2016 (13:32:13)
11 October
9:00AM ET / 2:00PM UK / 3:00PM CEST

Discussion Topics:

- To some extent, the ubiquity of mobile devices—and many people’s use of them as their primary digital interface—has come in the aftermath of the first wave of standards being set for e-discovery, data retention, and so on.
- What are a party’s duties of control, retention, production, and so on?
- In terms of data generated on or stored in mobile devices, where is the line drawn between what the corporate entity (presumably your client) is deemed responsible for as opposed to what the individual possessing the mobile device is responsible for? Is it primarily based on (a) physical possession; (b) legal title/ownership; (c) beneficial ownership/control; or (d) some other factor or combination?
- Enforcement procedures including parties, venue, noteworthy procedural requirements?

Panelists will include: Ian De Freitas, Partner, BLP, London; Tim Hickman, Counsel, White & Case, London; Kevin DeLong, Vice President of Mobile Investigations, AccessData

Register here
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (5982 reads)