±Forensic Focus Partners
|New Today: 0||Overall: 36738|
|New Yesterday: 0||Visitors: 141|
Latest Forum Posts
|Hidden files on USB Drive... how?||11||Suai||1025|| Sun Mar 29, 2020 2:06 am
|AFOSI Special Agent - Digital Forensic Examiner||1||JSyber||282|| Sat Mar 28, 2020 2:19 pm
|Assignment||7||Nab11||1005|| Thu Mar 26, 2020 3:33 pm
|Ufed 4PC not reading iPhone data||2||Anon||831|| Wed Mar 25, 2020 5:51 pm
|Mount PGP Encrypted disk image (SymantecDesktopEncryption)?||4||doublezero||827|| Wed Mar 25, 2020 4:14 pm
What tools would you recommend for MacOS remote forensic collection?
Can you help CopyRight with a question about internal hard disk removal logs?
How would you process an external WD HD with WD Smartware VCD?
Can you help mhibert to bypass a Windows 10 password?
How can you tell whether a Skype call was made using video or audio?
Let’s go over a few very important points that you need to consider before analyzing WhatsApp.
Number one: always place the device in airplane mode. This is important for many reasons, but the reason specific to WhatsApp is [that] during the extraction of WhatsApp, iCloud backup or Google Drive backup or the WhatsApp cloud, entering the phone verification code will disable the previous WhatsApp installation. The application on the device will then lose its verified status.
Watch the video
There are two ways to enter into the Cloud Extractor. One is after you extract a device and you view the accounts and passwords section at the top of the screen, you will find the Cloud Extractor. If you access through here, all accounts with usernames, passwords, and tokens will automatically populate into the Extractor. The other location of your Cloud Extractor is on your home screen, under ‘extract’.
Watch the video
Join BlackBag for a where our experts will cover what can be extracted from the macOS keychain, what you can do to get the most out of it, and how Apple secures your passwords and other secrets. We will take a closer look at Spotlight artifacts beyond the System Level file metadata store that users are most familiar with. Come along as we explore user-specific metadata stores, user search history, and iOS metadata stores. We will walk through what Mac’s Spotlight artifacts can reveal about specific user actions. Finally, get a sneak peek of the latest Apple artifacts supported in the upcoming BlackLight 2020 R1 release.
Thank you! It is a very exciting move for me. My career began in the Royal Military Police in 2014 where I first started out doing general police duties but then discovered a Multimedia & Evidential Imagery Team (MEIT) within the RMP, so I immediately applied to a selection process and successfully earned a spot on that team.
The team consisted of four RMP members and two civilians, together we worked on every multimedia evidence investigation for the Army, Navy and RAF worldwide.
We had a wide range of capabilities from CCTV recovery to video enhancement, crime scene reconstruction, laser scanning, and body injury mapping.
This tremendous amount of cloud data is generated and fueled in the course of building driver assistance and autonomous vehicle technologies; IoT devices including sensors in our bodies, homes, factories, and cities; high-resolution content for 360 video and augmented reality; and 5G communications globally.
As many digital forensic investigators are facing so-called ‘digital transformation’, finding evidence data from various cloud services is a highly demanding and important mission for digital forensic investigators.
The application of approximate matching (a.k.a. fuzzy hashing or similarity hashing) is often considered in the field of malware or binary analysis. Recent research showed major weaknesses of predominant fuzzy hashing techniques in the case of measuring the similarity of executables (Pagani et al., 2018).
Summarized, well known Context-Triggered Piecewise-Hashing approaches are not very reliant for the task of binary comparisons, as even benign changes heavily impact the underlying byte representation of an original binary. Modifications could be caused by benign or malicious source code changes, different compilers, and changed compiler settings.
Approaches based on the extraction of statistically improbable features (Roussev, 2010) or n-gram histograms (Oliver et al., 2013) showed a better detection performance in case of inexactly matching binaries with varying build settings or source code modifications.
Watch the presentation