±Forensic Focus Partners

±Your Account


Nickname
Password


Forgotten password/username?


Membership:
New Today: 4
New Yesterday: 7
Overall: 28068
Visitors: 39

±Forensic Focus Partner Links

Join our LinkedIn group

Subscribe to news

Subscribe to forums

Digital Forensics, Computer Forensics, eDiscovery

Secure View Mobile Forensics and Belkasoft Announce Partnership

Wednesday, March 04, 2015 (11:22:45)
Susteen Inc, and Belkasoft are happy to announce their new partnership. This partnership will allow respective users of both Susteen’s Secure View cell phone forensic software and Belkasoft's computer forensic software to receive discounts on each other's offerings. Both companies offer industry leading tools to law enforcement, military, government and corporate users. This partnership will strengthen the ability for users of both products to manage their forensic cases and increase their forensic capabilities.

Oxygen Forensics turns 15!

Tuesday, March 03, 2015 (14:27:35)
We are celebrating our 15th anniversary and want to invite you to be a part of it!
We would be more than happy if you share your story with us. We have written a rich history together, and we want to extend an opportunity to you to share your experience with Oxygen Forensics and how it has had a positive influence on your work and how we managed to make this world better and safer together.

Special prizes will be awarded to all the storytellers and three the best ones will also get a fully functional Oxygen Forensic Passware Analyst license.

Head replacement tools from HddSurgery

Wednesday, February 25, 2015 (12:18:57)
Introduction to head replacement process

Head replacement process refers to the process of replacing defective HDD heads with the heads from identical and functional hard disk drive. This process must be performed in order to recover data from disks that have suffered from head crush failure.

Process of replacing damaged HDD heads with functional ones is pretty complex task, especially if you consider risk of damaging HDD platters, which may cause permanent data loss. Various methods and techniques were used to perform head replacement process, with different percentage of success and high chances that something will go wrong.

Exam Outline For CCFP Digital Forensics Certification Available for Download

Tuesday, February 24, 2015 (19:10:21)
The Certified Cyber Forensics Professional (CCFP) certification is the only global cyber forensics credential that provides a comprehensive validation of a candidate’s knowledge and skills as a digital forensics expert. Developed by (ISC)2, a leader in the information security certification market, CCFP is for those who have been working in the field and would like to take the next step and apply their cyber forensics expertise to a variety of challenges.

According to a recent report from the Center for Strategic and International Studies (CSIS), sponsored by security firm McAfee, cybercrime costs businesses approximately $400 billion worldwide, impacting approximately 200,000 jobs in the U.S., and 150,000 jobs in the EU.
  • Posted by: (ISC)2
  • Topic: All
  • Score: 0 / 5
  • (1957 reads)

Forensic examination of SQLite Write Ahead Log (WAL) files

Tuesday, February 24, 2015 (15:59:07)
I am sure that you are aware that when an SQLite database is opened if there is an associated WAL (Write Ahead Log) file then the pages in this WAL are automatically written to the main database, thus overwriting records, and the WAL file is reset. You may not be aware though that the WAL can contain multiple copies of the same page (each with different data/records) and that there can also be a sort of WAL “slack” i.e. records from a previous database transaction, if you like records from previous WAL files. So by opening the database and committing the WAL you are potentially overwriting/missing valuable evidence.

This article describes how WAL files work and how to deal with them forensically – the steps are very straight forward with the Forensic Toolkit for SQLite and the article takes you through them.

Belkasoft Adds Forensic Support for Windows Phone 8.1

Thursday, February 19, 2015 (11:08:29)
Belkasoft updates its digital forensic solution, Belkasoft Evidence Center 2015, with the ability to perform forensic analysis of Windows Phone 8.1 images acquired via JTAG flashers and Cellebrite UFED hardware.

The new release enables automated extraction, discovery and analysis of user data available in chip-off dumps acquired from mobile devices running Windows Phone 8 and 8.1. Supported data includes Web browsing histories, contacts, call logs, chats, instant message conversations, cached social network communications, screenshots of background applications, and many other types of data.

IEF Artifact Updates Have Become a More Frequent Thing

Wednesday, February 18, 2015 (13:52:08)
To stay on top of the rapidly evolving app landscape (and ensure IEF users continue to find as much digital evidence as possible in their investigations), the Magnet Forensics team has started to release more frequent artifact updates, adding to the list of hundreds of artifacts that IEF supports on computers, smartphones and tablets.

New this month, we have released support for a number of native iOS applications including Owner Information, Saved Wi-Fi Profiles, Saved Bluetooth Devices, Spotlight Searches, Word Dictionary, Installed Applications, Calendar Events, Deleted Notes, and Contacts. This new update is available now to customers who have added the mobile artifacts module to their license...

Read More (Magnet Forensics)

AccessData MPE+ 5.5.6 has been released

Wednesday, February 18, 2015 (09:56:49)
MPE+ 5.5.6 has been released featuring a new simpler installation process as well as new analysis and reporting capabilities. Some of the new features include:

Analysis
You can now select files in both the media and the carved view to export the file to a desired location in the files’ native form. This allows you to:
Report on carved files using the attach file function in reports
Save native files to an evidence folder for later analysis
View files that are not currently viewable in the natural view

Reporting
You can now report the information from the conversation view. While in the SMS view, you may select a message, right-click, and select a conversation view or select the conversation in the conversation pane. You can elect to remove the report by following the same procedure.

Download Release Notes
Download ISO

Forensic Focus Forum Round-Up

Monday, February 16, 2015 (18:01:46)
Welcome to this round-up of recent posts to the Forensic Focus forums.

Is there an MFT equivalent for EXT or HFS filesystems?

Forum members discuss how to get started with Snapchat forensics.

Which is the best programming language to learn for computer forensics? Add your thoughts in the forum.

Forum members discuss how to examine the shellcode of malicious Office documents.

Do you have any recommendations for good books about mobile forensics? Let us know on the forum.

How should storage be set up when creating a small digital forensics lab?

Forum members discuss recovering 12GB of missing photos from a 32GB microSD card.

Do you talk about your work with friends and family? Add your view on the forum.
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1644 reads)

Forensic Analysis of SQLite Databases

Monday, February 16, 2015 (14:02:32)
SQLite is a widely popular database format that is used extensively pretty much everywhere. Both iOS and Android employ SQLite as a storage format of choice, with built-in and third-party applications relying on SQLite to keep their data. A wide range of desktop and mobile Web browsers (Chrome, Firefox) and instant messaging applications use SQLite, which includes newer versions of Skype (the older versions don’t work anyway without a forced upgrade), WhatsApp, iMessages, and many other messengers.

Forensic analysis of SQLite databases is often concluded by simply opening a database file in one or another database viewer. One common drawback of using a free or commercially available database viewer for examining SQLite databases is the inherent inability of such viewers to access and display recently deleted (erased) as well as recently added (but not yet committed) records...

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1038 reads)