±Forensic Focus Partners

±Your Account


Forgotten password/username?

New Today: 0
New Yesterday: 0
Overall: 27614
Visitors: 35

±Follow Forensic Focus

Join our LinkedIn group

Subscribe to news

Subscribe to forums

Subscribe to blog

Subscribe to tweets

Digital Forensics, Computer Forensics, eDiscovery

Police, digital forensics and the case against encryption

Wednesday, December 17, 2014 (12:17:36)
Mark Stokes, head of digital and electronics forensics services at the Met Police, keynote speaker at the (ISC)² EMEA Congress in London on Tuesday, detailed the techniques and technologies used to forensically investigate criminals who, he says, are increasingly reliant on smartphones, cloud services, hard disk drives (HDDs) and solid-state drives (SSDs) to hide their activities or crimes.

This deluge of data is becoming hard to investigate, says Stokes, who cited the increasing number of devices used(terrorists are said to have up to six mobile phones each on average), and this is happening in a digital economy which is already seeing the arrival of 1TB USB thumb drives and new US data centres hosting exabytes or Yottabytes of data...

Read More (SC Magazine UK)
  • Posted by: jamie
  • Topic: News
  • Score: 0 / 5
  • (1260 reads)

Recovering Live System Artifacts with IEF

Tuesday, December 16, 2014 (12:00:16)
The collection of volatile data has become an essential component of a forensic examiner’s processes. While traditional forensic practices have always focused around avoiding any modification of evidence in order to preserve the integrity of the data, this is no longer an option for many investigations. Capturing memory and other live system artifacts is essential to understanding the activity on a system, and can sometimes be the only source of relevant evidence for a case.

Many times, I have worked on malware or intrusion cases where the only evidence found on a live system was in memory. If I had followed the traditional forensic practices of shutting down the computer, I would have destroyed the only clue to understanding how the infection took place...

Read More (Magnet Forensics)

Evidence extraction from an Android device using MPE+ dSOLO

Monday, December 15, 2014 (13:05:55)
Data Specialist Group has created a self-extraction kit that includes an SD card pre-loaded with AccessData's MPE+ dSOLO Android collection capability. dSOLO gives the end user the ability to extract data onsite from any Android smart phone, utilizing just a preconfigured MicroSD card.

This video demonstrates how quick and easy the kit is to use.

The MPE+ dSOLO is a built-in feature that allows users to create an extraction profile and then compile that profile to a MicroSD card. Users can then insert the provisioned MicroSD card into an Android device independent of any connection to MPE+. The configured dSOLO application is then initiated on the Android device and the previously selected extraction capabilities are extracted from the device onto the SD Card in a format that can only be read in MPE+. When extraction completes, users can read the MicroSD card containing the dSOLO data using the “Read dSOLO File” option from the MPE+ toolbar. Once the data is read, it is immediately available for preview, reporting, and analysis in MPE+.

More Information:
MPE+ dSOLO video
MPE+ Brochure
  • Posted by: jamie
  • Topic: News
  • Score: 0 / 5
  • (772 reads)

FTK 5.6 Software Release

Friday, December 12, 2014 (15:48:04)
AccessData's Forensic Toolkit 5.6 software upgrade is now available.


- System Information tab allows you to view system information that contains detailed information about disk images in an easy to read format.
- Entity Extraction processing options to identify and extract specific types of data in your evidence such as credit card numbers, phone numbers and social security numbers
- Exchange 2013 Support
- KFF improvements
- IPv6 support
- and more

Download Release Notes (pdf)
Download Software Upgrade

Analyzing Windows Phone Artifacts with IEF

Wednesday, December 10, 2014 (13:30:29)
New with Internet Evidence Finder (IEF) v6.5, Magnet Forensics has added support for a number of native and third-party apps for Windows Phone. Using JTAG and Chip-off techniques, forensics examiners can use IEF to recover call logs, SMS/MMS, emails, and contacts.

One of the major challenges for Windows Phone analysis is the acquisition phase. Unlike other devices, such as iOS and Android, JTAG and Chip-off acquisitions are the only methods to acquire most Windows Phones. This means that your traditional forensic acquisition tools such as Cellebrite, XRY, MPE+, etc., cannot acquire the data from a Windows Phone...

Read More (Magnet Forensics)