±Forensic Focus Partners

Become an advertising partner

±Your Account


Forgotten password/username?

Site Members:

New Today: 3 Overall: 29891
New Yesterday: 8 Visitors: 54

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

Subscribe to news

Subscribe to forums

Digital Forensics, Computer Forensics, eDiscovery

Using Large Dictionaries for Password Cracking in a Network Environment

Thursday, February 11, 2016 (14:40:25)
Passware has recently released a new version of its flagship product - Passware Kit Forensic 2016.1, which supports shared dictionaries. What does this mean for corporations and forensic investigators?

Large custom wordlists and even memory image files can be used by Passware Kit as dictionaries to recover a password. Such files are often stored on network-shared drives, while the password recovery process is launched on different workstations.

Passware customers no longer have to copy large dictionary files to local computers running Passware Kit or Passware Kit Agents. The dictionary should be compiled first with Passware Kit into its *.dic format, and can afterwards be stored on a network drive. A customer has to specify the location of the dictionary folder in the Passware Kit settings once — the program would import the dictionaries automatically from the location specified. For distributed password recovery processes, these dictionaries will also be shared among the Passware Kit Agents.

Review Of Lima Forensic Case Management, Laboratory Edition

Tuesday, February 09, 2016 (15:41:18)
Reviewer: Richard Bunnell, Digital Forensics, LLC

Executive Summary

Lima Laboratory is an amazing product. If I was on a medium to large digital forensics team, I would not hesitate to recommend that this product be purchased and used. A good selling point would be the compliance with the international standards ISO 9001, ISO 27001 and ISO 17025 and US Standards such as ASCLD accreditation. One of the goals for us when I worked in a large corporate environment was to bring the lab up to these standards. We had two obstacles: finding the time to research how the standards applied to us, and then actually setting goals to move from where we were to processes and procedures that would meet the standards. With this product, most of that work is already done.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1124 reads)

Dark Web Browser Tor Is Overwhelmingly Used For Crime, Says Study

Thursday, February 04, 2016 (12:27:15)
There is an "overwhelming" amount of illicit and illegal content on the dark web, a new study shows.

That statement might seem self-evident. But the Tor browser - also known as the dark web or deep web - was created to protect the anonymity of vulnerable people online. It is a web browser just like Google Chrome or Internet Explorer, but it masks the identity of who is browsing and what they're looking at.

In the first study of its kind, researchers at King's College London found that 57 per cent of sites on Tor facilitate criminal activity, including drugs, illicit finance, and extreme pornography.

Read More (Telegraph)
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (3301 reads)

Multi-Factor Authentication in Digital Forensics

Wednesday, February 03, 2016 (09:50:08)
Two-factor authentication is probably the best secure thing since passwords were invented. Two-factor authentication goes a long way towards protecting one’s accounts against being hacked. A password alone, no matter how long or secure, is no longer enough to provide sufficient protection. Social engineering, linked security breaches, leaked passwords and hacked mailboxes all contribute to the insecurity of password-based protection. Once the intruder gets ahold of someone’s password, they can access the account without a fuss. Worse even, they can work further to gain access to other accounts by e.g. using the hacked email address to request password resets on other connected services. Two-factor authentication aims to address this problem.

LinkedIn. Yahoo! Mail. Dropbox. Battle.net. IEEE. Adobe Connect. PayPal. eBay. Twitter. These are just a few recent examples of big name service providers being hacked, with literally millions of passwords leaked.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (2088 reads)

Review Of Cellebrite Certified Mobile Examiner Training And Certification

Tuesday, February 02, 2016 (09:47:28)
Reviewed by Clark Walton

In January 2014, I took both the Cellebrite Certified Logical Operator (CCLO) and Cellebrite Certified Physical Analyst (CCPA) trainings in a one-week course held in Washington, DC and taught by Cellebrite Certified Instructor, Joe Duke. The CCLO and CCPA are required predicates for Cellebrite Certified Mobile Examiner (CCME) certification, Cellebrite’s “capstone” forensic examiner certification. The course trains investigators and examiners to perform file system extractions, physical extractions, password bypasses and the advanced analysis of evidentiary items using the UFED Physical Analyzer software.

In June 2015, I took Cellebrite’s half-day review for the CCME examination. I then took and passed the CCME certification that same day. The aim of these three certifications, each building upon one another, is to determine proficiency and mastery of mobile device forensics and examination using Cellebrite’s first-in-class forensic tools.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (2077 reads)

Oxygen Forensics Introduces Physical Image Collection of Locked Samsung Devices

Monday, February 01, 2016 (09:40:09)
Oxygen Forensics, the worldwide developer and provider of advanced forensic data examination tools for mobile devices, announced today that it is releasing Oxygen Forensic® Detective 8.1 which now offers the complete physical collection of locked Samsung smart devices, as well as the ability to use Oxygen Forensic® Maps offline. Experts can now download the offline maps from anywhere in the world, install to Oxygen Forensic® Detective, and immediately use within Oxygen Forensic® Maps.

Oxygen Forensic® Detective 8.1 provides extra capabilities for Oxygen Forensic® Extractor, Oxygen Forensic® Maps and Oxygen Forensic® Cloud Extractor. It also introduces the new Data Scout feature allowing US LE customers to retrieve additional private data from extracted phone numbers using the Whooster™ Number to Name Lookup Service to gather live subscriber information. This industry first service will bring a new level of investigation to an examiners mobile device collection.

Call For Projects: Digital Forensics

Thursday, January 28, 2016 (11:47:26)
Amsterdam University of Applied Sciences is currently looking for projects to run as part of the Digital Forensics minor.

Projects run for about five months, roughly early February to the end of June. Students spend about 2.5 days per week working on the project in a team. Teams consist of 4-5 students, and students can come from various disciplines (Business IT, Software Engineering, System & Network Engineering, and others). The teams should be largely self-sufficient, but an 'employer' and a day-to-day guide/team-leader from the organization/company is required.
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (3455 reads)

Civilians To Help Police Investigate Cybercrimes

Wednesday, January 20, 2016 (10:01:03)
Civilian recruits will help police solve cybercrime under an expansion of the role of volunteers in England and Wales, the home secretary has said.

The plans include measures to give more power to support staff and volunteers.

Forces will be able to identify volunteers who specialise in accountancy or computing for cyber and finance inquiries, Theresa May said.

Read More (BBC)
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (4248 reads)

Forensic Focus Forum Round-Up

Monday, January 18, 2016 (13:37:41)
Welcome to this month’s round-up of recent posts to the Forensic Focus forums.

Forum members advise digital forensics students on how to get started in the industry.

Should you acquire first and then hash, or acquire and hash at the same time? Add your thoughts on the forum.

Is there a way to get around CryptoLocker ransomware?

Forum members discuss whether it is possible to retrieve data from an iPhone 4S that has been reset.

Is it possible to physically image a device over wifi?

How would you break the passcode on an Alcatel Fierce 2 device? Chime in on the forum.

Forum member 4144414D is asking for feedback on his open-source tool.
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (3985 reads)

International Action Against DD4BC Cybercriminal Group

Tuesday, January 12, 2016 (14:17:21)
On 15 and 16 December, law enforcement agencies from Austria, Bosnia and Herzegovina, Germany and the United Kingdom joined forces with Europol in the framework of an operation against the cybercriminal group DD4BC (Distributed Denial of Service – DDoS - for Bitcoin).

The action was initiated as part of a global law enforcement response against the criminal organisation. Key members of the organised network were identified in Bosnia and Herzegovina by the UK Metropolitan Police Cyber Crime Unit (MPCCU) which provided vital information to the investigation. Police authorities from Australia, France, Japan, Romania, the USA, Switzerland and INTERPOL supported the coordinated activities.

Operation Pleiades resulted in the arrest of a main target and one more suspect detained. Multiple property searches were carried out and an extensive amount of evidence was seized.

Read More (Europol)
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (4212 reads)