±Partners and Sponsors

±Your Account


Nickname
Password


Forgotten password/username?


Membership:
New Today: 0
New Yesterday: 8
Overall: 26918
Visitors: 81

±Follow Forensic Focus

Join our LinkedIn group

Subscribe to news

Subscribe to forums

Subscribe to blog

Subscribe to tweets

Digital Forensics, Computer Forensics, eDiscovery

Oxygen Forensic® Passware® Analyst Acquires Protected Mobile Devices Data

Wednesday, August 20, 2014 (11:37:19)
Oxygen Forensics announces the release of Oxygen Forensic® Passware® Analyst, a new mobile forensic tool integrating Oxygen’s award-winning acquisition and analytic tools with Passware’s password recovery and data extraction.

The new tool integrates mobile acquisition, data extraction, password recovery and evidence analysis into a single smooth workflow. The newly added password recovery module engages automatically if a password-protected or encrypted data backup or image is encountered, offering smooth automatic recovery and extraction of protected data with no manual operations required.

Forensic Focus Forum Round-Up

Tuesday, August 19, 2014 (08:48:45)
Welcome to this round-up of recent posts to the Forensic Focus forums.

A forum member unearths a very old hard drive; how can it be analysed?

Is it possible to retrieve IP information by logging into a Hotmail account?

Forum members discuss the reasons for using commercial vs. open source software.

An MSc student is interested in forensics professionals’ opinions about the key issues investigators face in cloud forensics.

Forum members give their recommendations for rebuilding RAID arrays.

How can an active file and a deleted file have completely identical timestamps?

Forum members discuss how to get a physical image of a Galaxy S3 handset using XRY.

Which are the best part-time training courses for forensics practitioners in the UK? Add your recommendations in the forum.

Why are LNK Files Important to Your Digital Forensics Investigation?

Monday, August 18, 2014 (13:32:55)
LNK files are excellent artifacts for forensic investigators who are trying to find files that may no longer exist on the system they’re examining. The files might have been wiped or deleted, stored on a USB or network share, so although the file might no longer be there, the LNK files associated with the original file will still exist (and reveal valuable information as to what was executed on the system).

LNK files typically contain the following items of evidentiary value...

Read More (Magnet Forensics)

Interview with Emlyn Butterfield, Course Leader, Leeds Metropolitan University

Thursday, August 14, 2014 (14:23:02)
Emlyn, you’re currently Course Leader in Computer Forensics, Security & Ethical Hacking at Leeds Metropolitan University. Could you tell us more about the role and how you entered academia?

As course leader it is my responsibility to maintain a healthy set of courses. By healthy I mean happy students, staff, good student intakes each year and courses that are fit for purpose. I, along with my team, try to ensure that the courses are designed and refreshed in line with industry: to allow us to do this we utilise industry experts as advisors, providing ideas and critical feedback on the teaching material, assessments and methods – through this we try to ensure that students receive a varied and relevant learning experience.

Read More

How to Analyze USB Device History in Windows

Tuesday, August 12, 2014 (18:49:55)
Whether you’re a corporate examiner working an intellectual property theft, or a law enforcement investigator searching for illicit images, most forensic examiners have investigated the USB device history of a computer.

There are five key pieces of information that need to be found when investigating USB device history. With the data from each of these sources, investigators can better understand how USB devices have been used on a given system, and possibly how a suspect might have used a USB device in the commission of a crime or incident...

Read More (Magnet Forensics)