±Forensic Focus Partners

Become an advertising partner

±Your Account


Forgotten password/username?

Site Members:

New Today: 0 Overall: 31267
New Yesterday: 3 Visitors: 113

±Latest Articles

RSS Feed Widget

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News   Forums   Articles

Page 3

Touch Screen Lexicon Forensics (TextHarvester / WaitList.dat)

Thursday, November 03, 2016 (10:38:12)
By Barnaby Skeggs

Since the release of Windows 8, and the ‘Metro’ interface, touch screen input has been implemented in a rapidly rising number of Windows devices including Microsoft Surface Pro/Book, 2-in-1s, convertible laptops and tablets. Microsoft has catered for this trend, implementing conversion between touch/pen handwriting to computer text in software such as OneNote. In this paper I will detail my research into the forensic artefact ‘Waitlist.dat’, which I believe to be associated with this functionality.

I identified the ‘WaitList.dat’ artefact while investigating a Windows 8.1 PC for the presence of a known email. I was provided with a copy of this email, and part of the investigation involved identifying whether or not this email ever existed on the custodian’s computer. After processing the .PST and .OST mailbox archives on the PC, I did not identify the existence of the email.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1682 reads)

Susteen's New Service To Break Pincodes / Passcodes On Thousands Of Cell Phones

Wednesday, November 02, 2016 (11:26:20)
Susteen is pleased to announce our new service available for law enforcement agencies. Agencies can now opt to send in locked cell phones and have our engineers open them for extraction. The cost of our new service starts at $495 per phone and thousands of different phone and tablets can be opened. For a complete list of phones, contact us today! If you have phones that you are unable to unlock, contact us today.

All-New, End-to-End Forensic Tool Now Available: Digital Evidence Investigator™

Wednesday, November 02, 2016 (10:17:34)
ADF Solutions, a leading provider of digital forensic and media exploitation tools, has released Digital Evidence Investigator™ (DEI), an end-to-end solution designed to streamline digital investigations. DEI has been built from the ground up and leverages ADF’s proven track record of reducing forensic backlogs.

Improved Searching And Filtering In Magnet AXIOM

Friday, October 28, 2016 (07:15:16)
One feature enhancement in Magnet AXIOM that IEF users will appreciate is improvements in searching and filtering. In AXIOM, we’ve made searching and filtering almost instant. You can stack filters to help narrow your search criteria and swap out any that no longer apply or aren’t needed.

Searching and filtering in IEF allowed for a lot of customization, but it was generally slower to search through all the evidence recovered. AXIOM definitely speeds this up and creates a more intuitive flow for layered searches and filters.

Malware Can Hide, But It Must Run

Thursday, October 27, 2016 (09:43:36)
It’s October, haunting season. However, in the forensics world, the hunting of evil never ends. And with Windows 10 expected to be the new normal, digital forensics and incident response (DFIR) professionals who lack the necessary (memory) hunting skills will pay the price.

Investigators who do not look at volatile memory are leaving evidence at the crime scene. RAM content holds evidence of user actions, as well as evil processes and furtive behaviors implemented by malicious code. It is this evidence that often proves to be the smoking gun that unravels the story of what happened on a system.

Although Microsoft is not expected to reach its Windows 10 rollout goal of one billion devices in the next two years, their glossiest OS to date currently makes up 22% of desktop systems according to netmarketshare.com.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1992 reads)

Breaking the Android Puzzle with Oxygen Forensic® Detective v. 9.0

Monday, October 24, 2016 (15:35:32)
Oxygen Forensics, the worldwide developer and provider of advanced forensic data examination tools for mobile devices and cloud services, announced today that it has added a Jet-Imager module to its Oxygen Forensic® Detective product that allows users to acquire data from Android devices faster saving experts critical time while solving law enforcement cases.
“With the new Jet-Imager module, experts using our products will be able to speed up data acquisition on Android devices which will save them minutes or maybe even hours in some cases and that directly translates to closing cases faster,” said Lee Reiber, Oxygen Forensics COO. “Oxygen Forensics will continue to seek ways to speed up the time it takes for forensics experts to do their job since budgets are always in the crosshairs and organizations are constantly looking for ways to save on overtime as well as solve cases more effectively”.

The “I’ve Been Hacked” Defence

Monday, October 24, 2016 (10:10:48)
by Yuri Gubanov, Oleg Afonin
(C) Belkasoft Research, 2016

This article was inspired by an active discussion in one of the forensic listservs. Original post was asking on how to fight with an argument “This is not me, this is a malware”. The suspect was allegedly downloading and viewing illicit child photos and was denying that, explaining the fact of these photos’ presence by malicious software they presumably had.

I’ve Been Hacked
The “I’ve been hacked” tactic is the most common defense when it comes to crimes committed on or with computers. However obvious it might be, the burden of proof lies on you and not on the suspect. So how can you figure out whether or not the suspect’s computer has actually been subject to unauthorized activities?

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1988 reads)

Arsenal Recon Launches Breakthrough Microsoft Windows Hibernation Forensic Tool

Saturday, October 22, 2016 (08:59:39)
Hibernation Recon Provides Digital Forensics Experts with Unprecedented Access to Hibernation Data

Arsenal Recon, digital forensics experts building powerful tools to improve the analysis of electronic evidence, announced the formal release of Hibernation Recon today. Hibernation Recon extracts valuable information from Microsoft Windows® XP, Vista, 7, 8, 8.1, and 10 hibernation files that other tools have failed to reveal for many years. Digital forensics experts armed with Hibernation Recon are now able to exploit not only the active contents of Windows hibernation files, but also massive volumes of information in the multiple levels of slack space within them.

New Performance Enhancements in Magnet AXIOM Mean Faster Results

Friday, October 21, 2016 (10:15:05)
Processing Times Reduced Dramatically in AXIOM 1.0.6

By Jad Saliba, Founder and CTO at Magnet Forensics

Last week, we released Magnet AXIOM version 1.0.6. This update included a number of features and fixes, but one of the main goals was to address issues we, and our customers, had seen in processing times. And we did it! AXIOM Process times are now testing as being equal to, or slightly faster than, IEF.

Here’s how we did it…

BlackBag® helps Saskatoon Police Service put a criminal behind bars

Wednesday, October 19, 2016 (09:28:59)
BlackBag® Technologies’ premiere digital forensic software, BlackLight® helped put a man, convicted of possessing 450 child pornography images, behind bars. Marcel Cole Beuker, whose trial was held in March of this year, claimed the images found on a hard drive connected to his iMac, were not his. It took three long years for the Saskatchewan Internet Child Exploitation (ICE) unit to bring him to justice, but their diligent work secured a conviction. Beuker received an 18-month sentence, plus 4 months for disobeying release conditions.

During the trial, BlackLight®’s .fseventsd feature was featured prominently. The ICE unit had their work cut out for them, as Beuker was an experienced programmer and very tech savvy. Using tools, including BlackLight®, they were able to show almost all of the communication originated from the accused’s system, and no other devices.