http://www.forensicfocus.com/ Forensic Focus - Computer Forensics News, Information and Community en-us Thu, 17 May 2012 21:12:00 GMT 1440 CPG-Nuke Dragonfly Forensic Focus Forums http://backend.userland.com/rss http://www.forensicfocus.com/images/logo.gif http://www.forensicfocus.com/ http://www.forensicfocus.com/Forums/viewtopic/p=6559191/#6559191 Rule #1 : If you come across it, get it off your hands (call 9-1-1 so they can take it). Don't ship it, transport, copy it, mail it, view it, show it, delete it, wipe it, modify it, or give it to anyone, including your client. 9-1-1 (PD, SO, etc...) can come and pick it up from you. Rule #2: If you need to examine it or the media it exists on, get approval Approval means a court authorized protection order or signed letter of non-prosecution by both the Federal and local prosecution authorities. I prefer a judge's order personally. "Getting rid" of it does not mean deletion or otherwise destroying it (that would be destroying evidence) Be prepared your machine may be co-mingled with criminal evidence (cache, etc...) and will need to be cleaned or could be seized, depending on circumstances. With that, forensic machines should always be 'forensic machines', not personal or business use machines (email, client files, personal files, etc...), because you never know if it becomes part of a case due to co-mingled evidence from CP. Let clients know in advance that if CP is found, all bets are off. LE has to take custody of the affected data and media. In short, "stop, drop, and roll". You can ask your local prosecutor how to handle it as well. Don't ask your local PD for help unless you speak with the forensic examiner directly. Thu, 17 May 2012 21:12:00 GMT http://www.forensicfocus.com/Forums/viewtopic/p=6559190/#6559190 Thanks for the reply Nate4n6, however I am on a Windows system. Nate4n6 wrote: Greetings, If you are looking for a quick and (not so dirty) way to get voicemails from an iOS device, you could try an application called "Phoneview". I use it for Forensic and personal use as well. It will show you the date and time the voicemail was left, the duration of the voicemail, the incoming phone number for the voicemail and the contact name. It will also let you extract the voicemails from the device. Phoneview also lets you extract all sorts of other data from iOS devices such as contacts, notes, call logs, sms/mms messages, open safari windows and safari bookmarks, music, video, photos, voice memos. Perhaps best of all, the price is only $20. Keep in mind, this software was not designed with forensics in mind, but it can still be an extremely useful tool. Here's a link Phoneview Beyond that, Oxygen Forensic Suite 2012 also does a great job of extracting voicemails and presents you with plenty of information about them. I am a huge fan of Oxygen and I certainly recommend you get your hands on it if at all possible. I hope this helps! - Nate Thu, 17 May 2012 21:09:32 GMT http://www.forensicfocus.com/Forums/viewtopic/p=6559189/#6559189 How about in Version 7? I do not see the previously offered Enscript to export the index. Any ideas>? Thanks Thu, 17 May 2012 20:50:04 GMT http://www.forensicfocus.com/Forums/viewtopic/p=6559188/#6559188 ultrain wrote: HI,guys,today i will share some rsrc with beginners; you may lean,or you may try to lean how to crack binary parse is a hard task for Forience usually we have to reverse the offical toos or or company tools to guess undocument file format. in future,we will talk about how to crack binary file. I am sorry, I have no idea what you are writing here. Thu, 17 May 2012 19:32:44 GMT http://www.forensicfocus.com/Forums/viewtopic/p=6559187/#6559187 Anyone know of a free tool that reads Quickbooks QBW files? Just tried a half a dozen "trials" and most ask for everything from my blood type to my grandma's eye color... Thu, 17 May 2012 19:28:42 GMT http://www.forensicfocus.com/Forums/viewtopic/p=6559185/#6559185 Are you getting any backlash of "unlawful, or illegal treatment/termination/favoritism/discrimination"? In my opinion, if you are going to do anything about the Facebook, possibly dismissals, you will get lawsuits. The "Moderate personal use" got many o' companies into trouble. Here are the things I would throw at you in court, Quote:: What is moderate? What is moderate for this position? What was Jimmy, Jacky and Joey doing while you got rid of Cindy for "excessive personal use"?Again, in my opinion you will be paying through the nose to settle those. Aren't you, individually, have to be digging up everything from e-mails, web logs, device logs, event logs, access card logs, time cards, HR records, etc. and providing them to each one of the complainers? And, I haven't even mentioned the myriads of Legal Holds... I think if you go down the path of "excessive" - instead of inappropriate images, you might be wanting some 30(b)(6) training real soon. <img src="images/smiles/icon_mrgreen.gif" alt="Mr. Green" title="Mr. Green" /> Good luck. Thu, 17 May 2012 19:18:51 GMT http://www.forensicfocus.com/Forums/viewtopic/p=6559184/#6559184 This sounds like an intermediary to something else. What are you trying to accomplish, discover? sirjeimz wrote: Im trying to trace ip origins of messages posted on a blog sites! Need some assistance on this. Anyone has done it successfully? Thu, 17 May 2012 18:49:37 GMT http://www.forensicfocus.com/Forums/viewtopic/p=6559180/#6559180 I had a live chat with owc they say: "OWC Mercury On-The-Go USB 3.0/2.0 External Enclosure for Apple MacBook Air 2010 & 2011 Flash Storage" is not suitable for this drive. Thu, 17 May 2012 16:27:36 GMT http://www.forensicfocus.com/Forums/viewtopic/p=6559178/#6559178 An interview with John Patzakis, Founder and CEO of X1 Discovery is now available here. John was a co-founder at Guidance Software and is now at the forefront of eDiscovery software development. I hope readers find the interview useful. Jamie Thu, 17 May 2012 14:50:51 GMT http://www.forensicfocus.com/Forums/viewtopic/p=6559176/#6559176 Where would the world be without the 'low hanging fruit' I'm sure every member of this forum could think of 100 different ways to get that information to whomever they wanted, undetected. A flash drive in a Muslim's underwear, containing porn? Holy jeez...he better be glad the German's got him, and not a Muslim border guard, LOL. Berntsson Thu, 17 May 2012 14:29:09 GMT