±Forensic Focus Partners

Become an advertising partner

±Your Account


Forgotten password/username?

New Today: 0
New Yesterday: 1
Overall: 28497
Visitors: 59

±Follow Forensic Focus

Join our LinkedIn group

Subscribe to news

Subscribe to forums

Digital Forensics, Computer Forensics, eDiscovery

Acquiring Windows PCs

Tuesday, May 26, 2015 (17:21:59)
by Oleg Afonin, Danil Nikolaev and Yuri Gubanov

In our previous article, we talked about acquiring tablets running Windows 8 and 8.1. In this publication, we will talk about the acquisition of Windows computers – desktops and laptops. This class of devices has their own share of surprises when it comes to acquisition.

The obvious path of acquiring a Windows PC has always been “pull the plug, take the disk out, connect to an imaging device and collect evidence”. Sound familiar? Well, in today’s connected world things do not work quite like that.

In this article, we will have a look at measures the investigator has to take before taking the disk out, and even before pulling the plug, review Windows security measures and how they can work in combination with the computer’s hardware.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1098 reads)

Interview with Philipp Amann, Senior Strategic Analyst, Europol

Tuesday, May 26, 2015 (11:51:26)
Philipp, you presented a paper at DFRWS about robustness and resilience in digital forensics laboratories. Could you briefly outline your research for our readers?

The main focus of our research is on identifying the key elements of resilience and robustness in digital forensics frameworks. In this paper, we aimed to identify the elements that allow an organization with digital forensic capabilities to adapt to change in a controlled and managed way; one of the main questions was how organisations can sustain their digital forensics capabilities and stay agile within controlled boundaries when dealing with new technological advances, new modi operandi, staff turnover, etc., while at the same time minimizing the risk of non-conformity i.e. ensuring that the basic principles of police work are maintained while adapting to a changing environment.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (738 reads)

Webinar: Analyzing Evidence from Mobile Devices - Hidden and Deleted Data

Monday, May 25, 2015 (14:07:00)

Date: Tuesday May 26, 2015
Time: 7am PT/10am ET/2pm GMT/3pm BST

Presenter: Tatiana Pankova, Marketing Manager, Oxygen Forensics

Learn how to uncover a suspect or victim's activities with timeline, communication and location data. Discover how investigators can track user locations, build and map their historic routes, and clearly see all activities performed by the user at each location. Learn how to discover social connections between the users of multiple mobile devices and produce charts and tables revealing the user's closest circle at a glance. Find out what information mobile devices can hide about the device owner and what data can be uncovered which might otherwise be overlooked.

Register now at: https://attendee.gotowebinar.com/register/6044973458626959618
  • Posted by: jamie
  • Topic: News
  • Score: 0 / 5
  • (1221 reads)

Online Harassment A New Legal Concern

Monday, May 25, 2015 (09:59:27)
Wood County Prosecutor Jason Wharton said computer crime related to harassment or abuse of individuals via social media is a developing and relatively new area of law.

"As technology changes and the way people use that technology changes, legislatures must address whether amendments are necessary to address the technological changes," he said.

Presently, as it relates to harassment or abuse of an individual, many of the remedies available to a victim are civil in nature.

"There are, however, some limited contexts in which actions taken or statements made in social media may constitute a criminal offense under the laws of the State of West Virginia," Wharton said.

The West Virginia Computer Crime and Abuse Act makes it unlawful for a person to use a computer, mobile phone, personal digital assistant or other electronic communication device to threaten to commit a crime against any person or property.

Read More (News And Sentinel)
  • Posted by: scar
  • Topic: All
  • Score: 0 / 5
  • (1050 reads)

Unifying investigative teams from field to lab

Friday, May 22, 2015 (14:11:54)
Nearly two-thirds of respondents to Cellebrite’s 2015 mobile forensics trends survey rated “important” the ability to extend mobile evidence collection capabilities into the field. The reasons are many: the costs of overtime, outsourcing, and even human errors are mounting, while lab service delivery times diminish.

Improving investigators’ ability to make decisions about their cases, including whether they need to escalate mobile evidence to a forensic lab at all, is the focus for many organizations in both law enforcement and the private sector. This focus reflects a need for in-field mobile device forensic solutions that span field locations: both stationary kiosks at satellite offices or stations, and mobile data extraction devices.

Cellebrite Launches UFED InField Kiosk

Friday, May 22, 2015 (11:38:20)
Unlock the Intelligence of Mobile Forensic Data in the Field

Cellebrite is pleased to announce the launch of its new UFED InField Kiosk, a key component to the UFED Field Series. Leveraging the trusted UFED Platform, the UFED InField Kiosk extends basic logical extraction and analysis capabilities to first responders and detectives, allowing users to quickly view, qualify and act on potential evidence - all while ensuring strict access control and data management.

Designed specifically with field personnel in mind, the UFED InField Kiosk features an intuitive interface which makes extracting and analyzing live device data simple. Whether located at a police station, border check point or airport, this fully networked solution delivers the actionable intelligence necessary to focus forensic examinations, reduce device backlogs and shorten case cycle times.

Interview with Elena Pakhomova, Co-Founder, ReclaiMe

Friday, May 22, 2015 (09:20:02)
Elena, you co-founded ReclaiMe; could you tell us a bit about what made you decide to start the company?

Data recovery is our family business. Initially my sister and her husband were involved in data recovery. Then I became a part of the team. If someone long ago had said that I would do this, I would probably have laughed. However, at this point I associate myself only with this business. No wonder they say that life is unpredictable.

What does your day to day role entail? Which aspects do you find the most challenging, and the most rewarding?

Every working day starts with the support. Basically it includes some routine questions, like differences in licenses, software activation, and so on. However, sometimes we face the complex cases that cannot be resolved quickly.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1750 reads)

Head combs for hard drives with ramp

Thursday, May 21, 2015 (13:33:13)
In the late nineties, IBM has adapted principle of heads parking outside platters, used in some older hard drives, on one of its new 2.5'' models. Ramp - special plastic part located outside HDD platters was introduced.

Its purpose was reception of hard drive heads while device is turned off. This way, flat surfaces of head sliders and HDD platters don't come in contact in any moment and stiction problem had become history.

Introduction of load/unload technology (ramp parking principle) was a huge step towards increase of capacity and lifetime of hard drives, as well as greater durability and data security as a result of enhanced shock tolerance. Also, great results were achieved in decreasing power consumption.

Forensic Browser for SQLite - basic joins, pictures and filtering data

Thursday, May 21, 2015 (10:54:50)
In this article I cover a few of the areas where the Forensic Browser for SQLite provides features that are missing in other browsers or where it complements other more generic forensic software by providing features that are specific to general databases rather than specific ones. The Browser does this by providing a Visual Query Building environment (drag and drop SQL query generation) allowing the creation of very powerful and customised reports often without typing a single character.

I include some simple and very short animations that show off these features.

Read More

Evidence Acquisition and Analysis from iCloud

Thursday, May 21, 2015 (08:56:01)
by Mattia Epifani & Pasquale Stirparo


iCloud is a free cloud storage and cloud computing service designed by Apple to replace MobileMe. The service allows users to store data (music, pictures, videos, and applications) on remote servers and share them on devices with iOS 5 or later operating systems, on Apple computers running OS X Lion or later, or on a PC with Windows Vista or later. Similar to its predecessor, MobileMe, iCloud allows users to synchronize data between devices (e-mail, contacts, calendars, bookmarks, notes, reminders, iWork documents, and so on), or to make a backup of an iOS device (iPhone, iPad, or iPod touch) on remote servers rather than using iTunes and your local computer.

The iCloud service was announced on June 6, 2011 during the Apple Worldwide Developers Conference but became operational to the public from October 12, 2011.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1389 reads)