Friday, March 27, 2020 (14:27:12)
Apple's ever-changing features and updates can make it hard to keep up with the latest changes to the file system and understand how it impacts your investigations.
±Forensic Focus Partners
±Your Account
Site Members:
 New Today: 0
|
 Overall: 36738
|
 New Yesterday: 0
|
 Visitors: 148
|
±Latest Articles
±Latest Videos
±Latest Jobs
Back to top
Skip to content
Skip to menu
Back to top
Back to main
Skip to menu
What tools would you recommend for MacOS remote forensic collection?
Can you help CopyRight with a question about internal hard disk removal logs?
How would you process an external WD HD with WD Smartware VCD?
Can you help mhibert to bypass a Windows 10 password?
How can you tell whether a Skype call was made using video or audio?
Let’s go over a few very important points that you need to consider before analyzing WhatsApp.
Number one: always place the device in airplane mode. This is important for many reasons, but the reason specific to WhatsApp is [that] during the extraction of WhatsApp, iCloud backup or Google Drive backup or the WhatsApp cloud, entering the phone verification code will disable the previous WhatsApp installation. The application on the device will then lose its verified status.
Watch the video
There are two ways to enter into the Cloud Extractor. One is after you extract a device and you view the accounts and passwords section at the top of the screen, you will find the Cloud Extractor. If you access through here, all accounts with usernames, passwords, and tokens will automatically populate into the Extractor. The other location of your Cloud Extractor is on your home screen, under ‘extract’.
Watch the video
Thank you! It is a very exciting move for me. My career began in the Royal Military Police in 2014 where I first started out doing general police duties but then discovered a Multimedia & Evidential Imagery Team (MEIT) within the RMP, so I immediately applied to a selection process and successfully earned a spot on that team.
The team consisted of four RMP members and two civilians, together we worked on every multimedia evidence investigation for the Army, Navy and RAF worldwide.
We had a wide range of capabilities from CCTV recovery to video enhancement, crime scene reconstruction, laser scanning, and body injury mapping.
Read More
This tremendous amount of cloud data is generated and fueled in the course of building driver assistance and autonomous vehicle technologies; IoT devices including sensors in our bodies, homes, factories, and cities; high-resolution content for 360 video and augmented reality; and 5G communications globally.
As many digital forensic investigators are facing so-called ‘digital transformation’, finding evidence data from various cloud services is a highly demanding and important mission for digital forensic investigators.
Read More
The application of approximate matching (a.k.a. fuzzy hashing or similarity hashing) is often considered in the field of malware or binary analysis. Recent research showed major weaknesses of predominant fuzzy hashing techniques in the case of measuring the similarity of executables (Pagani et al., 2018).
Summarized, well known Context-Triggered Piecewise-Hashing approaches are not very reliant for the task of binary comparisons, as even benign changes heavily impact the underlying byte representation of an original binary. Modifications could be caused by benign or malicious source code changes, different compilers, and changed compiler settings.
Approaches based on the extraction of statistically improbable features (Roussev, 2010) or n-gram histograms (Oliver et al., 2013) showed a better detection performance in case of inexactly matching binaries with varying build settings or source code modifications.
Watch the presentation
Latest Forum Posts
| Topics | Replies | Author | Views | Last Post |
|---|---|---|---|---|
| Hidden files on USB Drive... how? | 11 | Suai | 1069 | Sun Mar 29, 2020 2:06 am watcher |
| AFOSI Special Agent - Digital Forensic Examiner | 1 | JSyber | 290 | Sat Mar 28, 2020 2:19 pm jamie |
| Assignment | 7 | Nab11 | 1024 | Thu Mar 26, 2020 3:33 pm Nab11 |
| Ufed 4PC not reading iPhone data | 2 | Anon | 841 | Wed Mar 25, 2020 5:51 pm Rich2005 |
| Mount PGP Encrypted disk image (SymantecDesktopEncryption)? | 4 | doublezero | 838 | Wed Mar 25, 2020 4:14 pm doublezero |
Forensic Focus Forum Round-Up
Thursday, March 26, 2020 (15:47:59)
Welcome to this month’s round-up of recent posts to the Forensic Focus forums.What tools would you recommend for MacOS remote forensic collection?
Can you help CopyRight with a question about internal hard disk removal logs?
How would you process an external WD HD with WD Smartware VCD?
Can you help mhibert to bypass a Windows 10 password?
How can you tell whether a Skype call was made using video or audio?
How To Decrypt WhatsApp Messages With Oxygen Forensic Detective
Thursday, March 26, 2020 (14:09:23)
Welcome to Oxygen Forensic Detective’s Knowledge Nuggets. In this video we’re going to discuss decrypting WhatsApp messaging.Let’s go over a few very important points that you need to consider before analyzing WhatsApp.
Number one: always place the device in airplane mode. This is important for many reasons, but the reason specific to WhatsApp is [that] during the extraction of WhatsApp, iCloud backup or Google Drive backup or the WhatsApp cloud, entering the phone verification code will disable the previous WhatsApp installation. The application on the device will then lose its verified status.
Watch the video
BlackBag Announces New Live Instructor-Led Virtual Training Courses
Oxygen Forensics Offers Free Remote Trainings During COVID-19 Crisis
Wednesday, March 25, 2020 (12:15:51)
The COVID-19 pandemic has reshaped our world almost overnight—upending daily routines and disrupting much of the global economy. Unfortunately, crime never takes a day off, not even during times of crisis. Ongoing digital forensics investigations have lost none of their urgency, and investigators still need resources that will enable them to use their tools to the fullest potential. Oxygen Forensics is here to help. - Posted by: OxygenForensics
- Topic: News
- Score:
- (1091 reads)
How To Extract Cloud Data Using Oxygen Forensic Detective’s Cloud Extractor
Tuesday, March 24, 2020 (14:39:39)
Welcome to Oxygen Forensic Detective’s knowledge nuggets. In this video, I will show you how simple it is to extract cloud data using Detective’s Cloud Extractor. If you weren’t already aware, Oxygen Forensic Detective has a lot more to it than just extracting and parsing cell phones. Our Cloud Extractor is included, meaning if you own a license for Detective, you have Cloud Extractor. There are two ways to enter into the Cloud Extractor. One is after you extract a device and you view the accounts and passwords section at the top of the screen, you will find the Cloud Extractor. If you access through here, all accounts with usernames, passwords, and tokens will automatically populate into the Extractor. The other location of your Cloud Extractor is on your home screen, under ‘extract’.
Watch the video
Register For Webinar: A Deep Dive Into Keychain And Spotlight Artifacts
Thursday, March 19, 2020 (16:20:22)
Join BlackBag for a where our experts will cover what can be extracted from the macOS keychain, what you can do to get the most out of it, and how Apple secures your passwords and other secrets. We will take a closer look at Spotlight artifacts beyond the System Level file metadata store that users are most familiar with. Come along as we explore user-specific metadata stores, user search history, and iOS metadata stores. We will walk through what Mac’s Spotlight artifacts can reveal about specific user actions. Finally, get a sneak peek of the latest Apple artifacts supported in the upcoming BlackLight 2020 R1 release.
Interview With Samuel Abbott, Software Trainer, Amped Software
Thursday, March 19, 2020 (16:06:23)
Samuel, congratulations on your new role! Tell us more about your career with the Royal Military Police. How did you come to be a video analysis expert?Thank you! It is a very exciting move for me. My career began in the Royal Military Police in 2014 where I first started out doing general police duties but then discovered a Multimedia & Evidential Imagery Team (MEIT) within the RMP, so I immediately applied to a selection process and successfully earned a spot on that team.
The team consisted of four RMP members and two civilians, together we worked on every multimedia evidence investigation for the Army, Navy and RAF worldwide.
We had a wide range of capabilities from CCTV recovery to video enhancement, crime scene reconstruction, laser scanning, and body injury mapping.
Read More
How To Acquire Cloud Data With MD-CLOUD
Wednesday, March 18, 2020 (12:55:13)
‘17.5 Zettabytes.’ This is the amount of data that the IDC estimates will be generated annually by 2025, and among those numbers, cloud traffic is expected to grow and reach 18.9 Zettabytes by 2021.This tremendous amount of cloud data is generated and fueled in the course of building driver assistance and autonomous vehicle technologies; IoT devices including sensors in our bodies, homes, factories, and cities; high-resolution content for 360 video and augmented reality; and 5G communications globally.
As many digital forensic investigators are facing so-called ‘digital transformation’, finding evidence data from various cloud services is a highly demanding and important mission for digital forensic investigators.
Read More
Toward Exact And Inexact Approximate Matching Of Executable Binaries
Tuesday, March 17, 2020 (14:05:05)
Lorenz Liebler discusses his research at DFRWS EU 2019.The application of approximate matching (a.k.a. fuzzy hashing or similarity hashing) is often considered in the field of malware or binary analysis. Recent research showed major weaknesses of predominant fuzzy hashing techniques in the case of measuring the similarity of executables (Pagani et al., 2018).
Summarized, well known Context-Triggered Piecewise-Hashing approaches are not very reliant for the task of binary comparisons, as even benign changes heavily impact the underlying byte representation of an original binary. Modifications could be caused by benign or malicious source code changes, different compilers, and changed compiler settings.
Approaches based on the extraction of statistically improbable features (Roussev, 2010) or n-gram histograms (Oliver et al., 2013) showed a better detection performance in case of inexactly matching binaries with varying build settings or source code modifications.
Watch the presentation