±Forensic Focus Partners

Become an advertising partner

±Your Account


Forgotten password/username?

Site Members:

New Today: 0 Overall: 32893
New Yesterday: 9 Visitors: 207

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

Latest Forum Posts

 Topics   Replies   Author   Views   Last Post 
  New File System on Macs 14 randomaccess 3638   Tue Oct 17, 2017 11:30 am 
  Teamviewer Forensics 2 sirjeimz 362   Tue Oct 17, 2017 10:22 am 
  How can we decrypt and export Whastapp database (Android 7) 1 killikli 163   Tue Oct 17, 2017 10:03 am 
  Experienced Mobile Phone Analyst opportunity in the Midlands 0 Disklabs 127   Tue Oct 17, 2017 8:10 am 
  W2L? 5G - your entry point 21 RolfGutmann 5626   Mon Oct 16, 2017 7:27 pm 

Forensic Focus Forum Round-Up

Tuesday, October 17, 2017 (11:56:22)
Welcome to this month’s round-up of recent posts to the Forensic Focus forums.

Apple have announced a new file system - share your thoughts on the forum.

Are these encrypted files, and if so, how would you access them?

Forum members discuss last written times on MountPoints2.

What do you think of balloon powered internet? Chime in on the forum.

Can you help marcyu to decrypt Microsoft Word 2003 40-bit encryption?
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (100 reads)

Free Live Webinars Of Our Most Requested AccessData Training Sessions

Monday, October 16, 2017 (15:39:34)
AccessData is offering a series of live training webinars based on some of our most popular sessions of the recent past. Our trainers have 30 years of experience in delivering superior training and certifications for digital forensics and legal e-discovery. Your seat is free, so register soon—they won't last long!


Linux Memory Forensics: Dissecting the User Space Process Heap

Monday, October 16, 2017 (12:45:20)
by Frank Block and Andreas Dewald

The analysis of memory during a forensic investigation is often an important step to reconstruct events. While prior work in this field has mostly concentrated on information residing in the kernel space (process lists, network connections, and so on) and in particular on the Microsoft Windows operating system, this work focuses on Linux user space processes as they might also contain valuable information for an investigation. Because a lot of process data is located in the heap, this work in the first place concentrates on the analysis of Glibc’s heap implementation and on how and where heap related information is stored in the virtual memory of Linux processes that use the Glibc heap implementation. Up to now, the heap was mostly considered a large cohesive memory region from a memory forensics perspective, making it rather hard manual work to identify relevant information inside.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (233 reads)

Focused Digital Forensic Methodology

Friday, October 13, 2017 (11:38:54)
by Haider H. Khaleel

Since the end of the 19th Century until the current time, law enforcement has been facing a rapid increase in computer-related crimes. In the present time, digital forensics has become an important aspect of not only law enforcement investigations, but also; counter-terrorism investigations, civil litigations, and investigating cyber-incidents. Due to rapid developing and evolving technology, these types of forensic investigations can become complex and intricate. However, creating a general framework for digital forensic professionals to follow during those investigations would lead to a successful retrieval of relevant digital evidence.

The digital forensic framework or methodologies should be able to highlight all the proper phases that a digital forensic investigation would endure to ensure accurate and reliable results. One of the challenges that digital forensic professionals have been facing in the recent years is the volume of data submitted for analysis.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (453 reads)

Video: Bit Errors As A Source Of Information In Nand Flash MemoryBit Errors

Thursday, October 12, 2017 (08:50:23)
This year at DFRWS EU, Jan Peter van Zandwijk from the Netherlands Forensic Institute presented research into bit-errors.

Take a look at the video and the full transcript here.
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (442 reads)

Interview With Cinthya Grajeda Mendez, University Of New Haven

Wednesday, October 11, 2017 (11:05:17)
Cinthya, tell us a bit about yourself. What's your role, and what does a day in your life look like?

I am a U.S. Army veteran. I recently fulfilled one of my biggest achievements, which was being awarded a Bachelor’s degree in Cyber Systems from the University of New Haven and now, I am working on my Master’s degree in the same field. Thus, my days a are a little busy since I’m a full-time graduate student.

I also work for the Cyber Forensics Research and Education Group (www.UNHcFREG.com) conducting research and administering a digital forensics platform known as the Artifact Genome Project (AGP).

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (439 reads)

Interview With Jan-Niclas Hilgert, Research Assistant, Fraunhofer FKIE

Tuesday, October 10, 2017 (08:44:04)
Jan, tell us a bit about yourself. What's your role, and what does a typical day in your life look like?

Well, I am a research assistant of the Cyber Analysis & Defense department of the Fraunhofer FKIE in Bonn, Germany. We are doing a lot of research in the area of malware and firmware analysis, but also digital forensics. So this is currently also my research topic, especially file system forensics.

Besides working on my own research, we are doing a lot of teaching with the University of Bonn and are working closely together with federal agencies for other projects.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (454 reads)

Imm2Virtual: A Windows GUI To Virtualize Directly From Disk Image File

Monday, October 09, 2017 (12:39:23)
by Nanni Bassetti

Sometimes during a computer forensic investigation, we need to virtualize our image disk, because it could be useful for checking or finding something of interest.

If we need to virtualize a disk image file, we can:

1. Convert the image file in VDI/VMDK
2. Use GNU/Linux and XMount

The first point is very space and time consuming, indeed if we have a disk image of 1Tb in size, we need another 1Tb to store the VDI/VMDK virtual disk for feeding our Virtual Machine and the conversion process is time wasting.

In GNU/Linux we can use XMount which is very comfortable because we don’t need to convert the image file in Virtual Disk file format, it “allows you to convert on-the-fly between multiple input and output harddisk image types. Xmount creates a virtual file system using FUSE (Filesystem in Userspace) that contains a virtual representation of the input image.“

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (693 reads)

Industry Veteran Tim O’Rourke Joins Oxygen Forensics As VP Of Sales

Friday, October 06, 2017 (11:11:52)
Oxygen Forensics, a worldwide developer and provider of advanced forensic data examination tools for mobile devices and cloud services, today announced that Tim O’Rourke has been appointed as Vice President of Sales.

As a former engineer, O’Rourke brings a strategic and analytical approach to sales with a bias for action and problem solving. O’Rourke has a strong and demonstrated history of sales management, strategic relationships, account management, and leading teams to triple-digit revenue growth. With over 15 years of sales and leadership experience in the cybersecurity and government space, O’Rourke most recently worked for SecureWorks, a division of Dell Technologies as head of the Federal Cyber Security department. He served as VP of Sales for Nuix and Parallels, and logged sales experience with Trustwave and AccessData.

DC3 Validation Report For The SuperImager Plus Desktop Gen-2 Units

Friday, October 06, 2017 (10:17:14)
The DC3 Validation Report for The SuperImager Plus Desktop Gen-2 units has been just released, please contact MediaClone staff if you are interested to view the report.

The SuperImager Plus Forensic application has been used on all the SuperImager Forensic models, including the 12” Rugged Forensic Field unit, 8” Forensic Field unit, T3 8” Forensic Field unit (Thunderbolt), 7” Mini Forensic Field unit, and the Thunderbolt Forensic unit

Thank you
MediaClone Managment
  • Posted by: ekohavi
  • Topic: News
  • Score: 0 / 5
  • (536 reads)