±Forensic Focus Partners

Become an advertising partner

±Your Account


Forgotten password/username?

Site Members:

New Today: 3 Overall: 31547
New Yesterday: 12 Visitors: 117

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News   Forums   Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

Page 3

Comprehensive Forensic Chat Examination with Belkasoft

Thursday, December 22, 2016 (10:06:20)
Call logs, SMSes, emails, social networks communications and, of course, chats in instant messengers can give you a lot of important information in a course of a forensic investigation. Let's see how one single chat product can be examined from different aspects, each of which gives one more – unique! – part of puzzle.

In our case, the suspect had Skype installed on his laptop and mobile device which were seized and investigated with Belkasoft Evidence Center 2017.

First part of the analysis is easy: chats are extracted from existing main.db, a SQLite database where Skype stores its history logs.

Forensic Focus Forum Round-Up

Wednesday, December 21, 2016 (20:42:23)
Welcome to this month’s round-up of recent posts to the Forensic Focus forums.

Forum members discuss how to extract data from a device with a faulty USB connection.

What is the most forensically sound way to acquire RAM on a PC? Add your thoughts in the forum.

Is it possible to tell whether data has already been extracted from a phone?

Do you have any recommendations for good digital forensics books?

How would you show evidence that someone had tried to access a Windows shared drive? Chime in on the forum.

Can you help giandega forensically analyse a Garmin Navigator?

Forum members discuss how to bypass iPhone 5 & 6 encrypted backups.

Renfantino is looking for a way to extract data from a CCTV system - can you help?

Can you recommend some software to brute force EFS decryption?
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (2211 reads)

Oxygen Forensics and Passware Team Up to Provide Extraction of iOS Photo Stream

Wednesday, December 21, 2016 (10:52:06)
Oxygen Forensics, the worldwide developer and provider of advanced forensic data examination tools for mobile devices and cloud services, announced today that it is teaming with Passware Inc. to provide customers the ability for instant extraction of iOS Photo Stream files.

“We’ve been working with Passware Inc. since 2013, and we’re very pleased to join forces again to show our customers the distinct advantage of combining data extraction with decryption as they work hard to solve crimes and other mysteries that only mobile devices can tell,” said Lee Reiber, Oxygen Forensics COO. “Law enforcement and eDiscovery professionals will great benefit in time savings with both Oxygen Forensic Detective and Passware Kit Forensic harmoniously working side by side.”

Elcomsoft Extracts iPhone Calls, Contacts, Calendars and Web Browsing Activities

Wednesday, December 21, 2016 (09:01:16)
ElcomSoft Co. Ltd. updates Elcomsoft Phone Breaker, the company’s mobile acquisition tool. Version 6.30 gains the ability to extract information about the user’s recent Web browsing activities, notes and calendars from the cloud. In contrast with cloud backups, this information along with call logs and contacts is available with little or no delay, enabling near real-time access to essential user activity data. This can be essential for the law enforcement and forensic experts who may need urgent access to the most recent data that has not become part of a cloud backup.

Webinar: Acquiring Removable Drives, Mobile Devices, RAM And Cloud Storage

Tuesday, December 20, 2016 (12:44:49)
A recording of the webinar "Acquiring Removable Drives, Mobile Devices, RAM And Cloud Storage" is now online and available to view here.

Join the forum discussion here.
View the webinar on YouTube here.
Read a full transcript of the webinar here.
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1762 reads)

The Ugly Side of Two-Factor Authentication

Tuesday, December 20, 2016 (10:48:06)
by ElcomSoft

Two-factor authentication is great when it comes to securing access to someone’s account. It’s not so great when it gets in the way of accessing your account. However, in emergency situations things can turn completely ugly. In this article we’ll discuss steps you can do to minimize the negative consequences of using two-factor authentication if you lose access to your trusted device and your trusted phone number. In order to keep the size of this text reasonable we’ll only talk about Apple’s implementation, namely Two-Step Verification and Two-Factor Authentication.

Two-Factor Authentication in Emergencies

What’s an emergency? For the purpose of this article, we’ll look at a common scenario of a traveler going abroad with an iPhone. The iPhone goes missing or gets stolen.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1908 reads)

BlackBag's Forensic Certification Courses Scheduled for 2017

Tuesday, December 20, 2016 (08:15:17)
BlackBag®'s EFT I and II are now open for registration for 2017. Sign up now to reserve your spot!

SAN JOSE, CA - FEB 6, 2017
STAFFORD, UK - FEB 20, 2017
LARGO, FL - MAY 1, 2017

SAN JOSE, CA - FEB 13, 2017
STAFFORD, UK - FEB 27, 2017
LARGO, FL - MAY 8, 2017

Each course is one week long taught by industry-leading experts in a professional training setting. Please click on the corresponding course for more information or to register. If you are unsure if you are qualified to take the EFT II course take our placement exam.

New Federal Rule of Evidence to Impact Computer Forensics and eDiscovery

Monday, December 19, 2016 (13:52:34)
by John Patzakis, X1

A key amendment to US Federal Rule of Evidence 902, in the form of new subsection (14), will go into effect on December 1, 2017. This amendment will significantly impact eDiscovery and computer forensics software and its use by establishing that electronic data recovered “by a process of digital identification” is to be self-authenticating, thereby not routinely necessitating the trial testimony of a forensic or technical expert where best practices are employed, as certified through a written affidavit by a “qualified person.”

Notably, the accompanying official Advisory Committee notes specifically reference the importance of both generating “hash values” and verifying them post-collection as a means to meet this standard for self-authentication. This digital identification and verification process can only be achieved with purpose-built computer forensics or eDiscovery collection and preservation tools.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (2051 reads)

Nuix Released Version 7.2 Of Its Patented Processing Engine

Thursday, December 15, 2016 (15:45:40)
Nuix 7.2 Conquers Search Speed and Scale, Streamlines Workflows for Discovery and Investigation, and Adds More Cloud and Mobile Data. Nuix 7.2 delivers real benefits you can use today while building a platform for the future. Learn more here.

BlackBag's BlackLight 2016 R3 is Now Available!

Thursday, December 15, 2016 (07:18:13)
BlackBag Technologies is pleased to announce the third major release of BlackLight for 2016. This comprehensive Windows, Android, iPhone/iPad and Mac forensic analysis software just keeps getting better. Update your software now!

BlackLight 2016 R3 implements several new features and improvements, including the following:

- Windows 8 and 10 hiberfil.sys and Raw Memory Parsing, Searching, and Analysis
- Windows Event Log and Apple System Log Parsing and Analysis
- iOS and OS X Recents Database Parsing
- Additional iOS 10 Encrypted Backup Support
- New Data Structure Templates


- Windows Hash Set Included
- Type-down Feature in List Views
- Go To Position (Offset) in Hex View
- Internet History Parsing for Internet Explorer 10, 11, and Edge
- Social Media Parsing of ooVoo, Kik attachments, iOS Messsage GPS
- Time Machine Folder Hard Links Now Resolved

View a more detailed description of the features on our blog or attend our webinar for a live demonstration.