Forensic Focus

Commercial/Proprietary Software: 5GB of Data off of a 4GB SD Card??

Thu, 02 Sep 2010 17:26:15 GMT

Sorry, the OLE Metadata shows in Pinpoint. I am pretty sure I checked the box to carve for meta files in FTK but didn't see any returned. I have seen the seperate meta files that you are referring to in past examinations.

Mobile Phone Forensics: Jailbreaking using jailbreakme.com for defence exam

Thu, 02 Sep 2010 15:40:56 GMT

I would suggest the Zdziarski Method found on www.iphoneinsecurity.com. We use this method to create a forensic image that we then examine with Encase. We find much more information from this sort of exam versus Cellebrite, Paraben, Device Seizure, etc.

General Discussion: jpegENX files?

Thu, 02 Sep 2010 15:30:46 GMT

yunus wrote: Do you know how to open files with jpegENX extension?NO, but 30 (thirty seconds) <img src="images/smiles/icon_rolleyes.gif" alt="Rolling Eyes" title="Rolling Eyes" border="0" /> of googling led me to Egis/Egistec: http://www.egistec.com/en/index.aspx And 30 (thirty) seconds more on Egis site led me here: http://www.egistec.com/en/products/protectionsuite.aspx and yes, there is an Acer specific version: http://www.egistec.com/oem-acer001/ I don't think there is any "easy" way for them. <img src="images/smiles/icon_question.gif" alt="Question" title="Question" border="0" /> jaclaz

Classifieds: WTB - EnCase 6 dongle

Thu, 02 Sep 2010 15:09:43 GMT

Looking to cut down on costs - does anybody have any for sale, or know of any? Thanks, AK

General Discussion: What software do "you" use for Computer Forensics?

Thu, 02 Sep 2010 14:03:01 GMT

Hi guys, I'm a newbie to forensics, so apologies in advance for asking what might seem a silly question. I've got a friends Mac Powerbook G4 which I'm trying to image. I've used Raptor PowerCD to boot into a live state but had no joy. Raptor just keeps freezing. Which tools would you guys recommend I use to capture a clone onto an external usb drive. Thanks Nathan

General Discussion: Software audit - how to?

Thu, 02 Sep 2010 13:34:16 GMT

Interesting. You should look at how NSRL does this. See http://www.nsrl.nist.gov/Documents/yapc2004/index.html We have the capability to run any tool against all files in our collection; I may try running FVI against a set. johnsmithx wrote: Hi everyone, I just implemented the magic library into my FVI tool. ... I originally wanted to just add information from PE section of executable files, in particular whether a file is a GUI or a console application. Then I thought i would add also this and also that,.. and at the end I just ended with using the external library :D

General Discussion: Common File hashes - Data manipulation/deletion software

Thu, 02 Sep 2010 13:24:16 GMT

stezer2000 is correct, we do have hashes of such software. And we take suggestions of what to collect, if we don't have what you need.

General Discussion: Top 100 Computer Forensics Twitterers to Follow

Thu, 02 Sep 2010 13:17:29 GMT

http://twitter.com/forensicsman Add if you like

General Discussion: UK law

Thu, 02 Sep 2010 10:58:14 GMT

Jonathan wrote: As as I'm aware there's no UK statute which deals with or even mentions digital forensics. The ACPO guidelines are just that; guidelines, though they are widely respected and adhered to. Correct - Spot on ....... Its not law. Everyone seems to be frightened of Principle 2 'In circumstances where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions'

General Discussion: Winhex - split image

Thu, 02 Sep 2010 10:32:44 GMT

jimmy wrote: I have 250GB of imaged data using ICS SOLO with fragment size as 1GB each. I want to know how can we open these files in WinHex without using the option concatenate. it may not be Expert Witness File(E0x extension) but simple RAW image in files with extension 001-0x. Just add image by adding first image file, should work.