±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 2 Overall: 34976
New Yesterday: 5 Visitors: 165

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

Digital Forensics, Computer Forensics, eDiscovery

OpenForensics: A Digital Forensics GPU Pattern Matching Approach

Friday, January 18, 2019 (12:49:23)
Ethan Bayne discusses his research at DFRWS EU 2018.

Ethan: Hello, everyone. I understand I am the last talk separating you between coffee, so I’ll try to keep it brief.

So, my name is Ethan Bayne, I’m coming today from Abertay University. Thank you very much for that introduction. For anyone that doesn’t know, that’s in Scotland. So, not sunny or what it’s like here.

Before I start, I’m just going to say a little bit about myself. I’m a lecturer at the university. But before I became a lecturer, I actually did my PhD in what I’m talking to you about today – OpenForensics. If this talk does interest you and you want to see exactly how the progression to this point in time has gone, certainly have a look at my thesis, and you’ll find all the answers in there.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (258 reads)

Analysis And Circumvention Of Samsung Secure Boot Enforced Common Criteria Mode

Wednesday, January 16, 2019 (15:42:57)
Gunnar Alendal discusses his research at DFRWS EU 2018.

Gunnar: Now to something completely different, as they say. My name is Gunnar Alendal, I’m a PhD student in Norway at the Norwegian University of Science & Technology. I’m mainly doing work in digital forensics, and mainly concerning the digital acquisition – that means getting access to data, in the first hand, not so much the analysis of it. And I will try to look into using more offensive techniques to get data in digital forensics. That’s sort of the goal.

So, you can see this paper, and this is sort of a contribution in that sense, sort of a case study. And this is also a long and complicated title, which promises probably more than it actually is giving you, as it implies something about common criteria. But if any of you are experts in common criteria, you’ll soon know that we are moving away from this; it’s just the name that it bears. So, you’ll soon see.
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (482 reads)

Digital Forensics News January 2019

Tuesday, January 15, 2019 (16:31:32)
OpenText have released EnCase Forensic 8.08, with new cloud and encryption capabilities.

There's only one week left to submit your proposals for DFRWS US 2019, which takes place in Portland, OR in July.

The latest version of BlackLight from BlackBag has been released, featuring improved tagging and support for Android MMS on Samsung devices.

Atola's new version of TaskForce, 2018.12, includes NVMe support and a new interface.

BlackBag have released their APFS source code to The Sleuth Kit framework.

Adam Harrison wrote about testing SRUM on Windows Server 2019.
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (857 reads)

Forensic Focus Forum Round-Up

Monday, January 14, 2019 (21:58:20)
Welcome to this month’s round-up of recent posts to the Forensic Focus forums.

What are your current best practices when you encounter a device that's full disk encrypted?

Would you be interested in attending a forensics get-together in the US Midwest? Armresl and UnallocatedClusters are organising one - find out more here.

Can you help tootypeg to find some information about deepfake creation?

Forum members discuss app data acquisition on the Samsung Galaxy S9.

How would you ascertain the history of OS installations on this machine? Share your recommendations on the forum.
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (666 reads)

Powerful Digital Forensics With OpenText™ EnCase™ Forensic 8.08

Monday, January 14, 2019 (12:00:28)

Take digital investigations to the next level with new features in OpenText™ EnCase™ Forensic 8.08. Whether in the field or the lab, digital forensic examiners must overcome investigation roadblocks like OS updates, encryption, new file types, acquisition from the cloud, and more. OpenText™ EnCase™ Forensic, the industry’s leading digital forensic solution, is more-than up to the task and provides regular updates to keep pace with technology advancements. For more information, visit our website.

Interview With Andrew McDonnell, Regional Forensic CCTV Manager, West Yorkshire

Monday, January 14, 2019 (09:26:36)
Andy, you're Regional CCTV Manager for a forensic laboratory in Yorkshire & the Humber. Tell us about your role: what does a typical day in your life look like?

I usually start each day by checking emails on my laptop at home while having breakfast and trying to find out what the day's operational workload is likely to consist of.

Once in the office, as cliché as it sounds, it's true to say that every day is different. A "typical day” can vary from quality assurance meetings (implementation of ISO17025 and ISO17020 in line with the Forensic Science Regulator's requirements is a significant project for everybody in our sector at the moment), to balancing our resources against the demands of four police forces investigating a wide range of crime types.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (458 reads)

How Trustworthy Is Digital Evidence?

Wednesday, January 09, 2019 (15:57:29)
Leonhard Hosch shares his research at DFRWS EU 2018.

Leonhard: Thank you. I’ll be presenting the paper ‘Controlled Experiments in Digital Evidence Tampering, or How Trustworthy is Digital Evidence?’ I’m Leonhard Hosch, I’m with Felix Freiling, I’m currently doing my master’s thesis, and … yeah, I work for him.

What actually is digital evidence? In our case, we use quite simple definition. We say that the evidence we get is on a hard drive, and of course this isn’t always the case, but mostly. And how does it come into existence? It’s some input to some device, and depending on the inputs, something gets written to the hard drive and we have our evidence. It’s not really that easy. I guess some of you already know this cartoon from P. Steiner from 1993. Actually, the year I was born. And yeah, that’s kind of a problem.
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (805 reads)

BlackBag Technologies Releases BlackLight 2018 R4

Wednesday, January 09, 2019 (11:06:20)

BlackLight 2018 R4 is officially released! There are several important updates and improvements that will help your software run as efficiently as possible.
What's New and Improved?


- Apple’s latest picture and video formats (HEIC/HEVC) support
- Tagging Improvements
- iPhone XS, XR, and iPad Pro device support
- Improved support for Android MMS on Samsung devices
- Parsing “Recent Items” on macOS 10.13
- Easier license management of BlackBag dongles
- BlackLight is now exclusively a 64-bit application

To learn more about the latest BlackLight release, click here.

Dissecting Malicious Network Traffic To Identify Botnet Communication

Monday, January 07, 2019 (17:15:39)
by Swasti Bhushan Deb

Botnets are well-known in the domains of information security, digital forensics and incident response for hosting illegal data, launching DDOS attacks, stealing information, spamming, bitcoin mining, spreading ransomware, launching brute force attacks, managing remote access to connected devices, and even propagating infection to other devices, among other things. Internet Relay Chat (IRC) networks are a popular medium for controlling bot networks. IRC-based bots with unpredictable degrees of sophistication and customized commands have something in common. An IRC bot, when executed in a client machine, connects to IRC server on random higher ports, logs into a definite predefined channel and listens for commands issued by the bot master.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (909 reads)

Forensic Email Collector Power User Webinar by Metaspike

Friday, December 28, 2018 (08:53:41)
Metaspike is kicking off the new year with a power user webinar for Forensic Email Collector users. Join Metaspike's founder, Arman Gungor, for a 60-minute webinar where you'll learn:

* How to configure FEC for best acquisition performance.
* How to construct advanced in-place searches when acquiring from Gmail, Exchange, and IMAP servers.
* How to use delegation to acquire emails without the end users' credentials.
* Supported authentication workflows with FEC Remote Authenticator.
* Walkthrough of the new functionality in FEC v3.5.

When: Wednesday, January 16, 2019 at 11 AM (PST) / 2 PM (EST) / 6 PM (UTC)

Save your spot and join the conversation here
  • Posted by: gungora
  • Topic: News
  • Score: 0 / 5
  • (1005 reads)