±Forensic Focus Partners

Become an advertising partner

±Your Account


Forgotten password/username?

Site Members:

New Today: 4 Overall: 36232
New Yesterday: 3 Visitors: 172

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Latest Forum Posts

 Topics   Replies   Author   Views   Last Post 
  CP case - Emule - interpretation of dates from known.met 3 jfranck 355   Wed Nov 20, 2019 5:37 pm 
  How can I find out dates of auto-logins set/disabled on Mac? 2 samsacksons 388   Wed Nov 20, 2019 3:33 pm 
  Samsung Star, Tocco Lite or Avila 3 grigollo 582   Wed Nov 20, 2019 1:03 pm 
  Free computer forensic software list 5 Jonathan 980   Tue Nov 19, 2019 4:22 pm 
  WeChat Android Phone Missing Attachments 2 cs1337 512   Tue Nov 19, 2019 4:20 pm 

Viber Messenger Extraction In Oxygen Forensic Detective

Wednesday, November 20, 2019 (17:45:13)
Viber is a cross-platform voice over IP and instant messaging software operated by Rakuten. The software app is provided as freeware for Android, Apple iOS, Microsoft Windows, macOS and Linux platforms. Initially the messenger was developed in 2010 by the Israel-based Viber Media, which was then bought by Rakuten in 2014. According to Statista, there were over 1.1 billion registered users as of March 2019.

Viber’s official website states the app offers end-to-end encryption and the encryption keys only exist on user’s devices. Additionally, they state no data is stored on the Viber server and that messages are only temporarily stored when they cannot be delivered to the mobile device.

French Agency Uses Chip-Off Technique To Solve A Critical Case

Wednesday, November 20, 2019 (17:42:57)
By: Christophe Gabay, MSAB Area Sales Manager

Recovering data from mobile devices continues to bring new challenges to investigators, and using “chip-off” and Joint Test Action Group (JTAG) methods have become topics of growing interest in the law enforcement community.

When a mobile device is damaged or locked, the chip-off and JTAG methods are among the best alternative solutions for examiners looking to gain access to the memory.

JTAG is an advanced level data acquisition method which involves connecting to a device’s Test Access Ports (TAPs) and instructing the processor to transfer the raw data stored on connected memory chips. When supported, JTAG-ing is an extremely effective technique that can let examiners extract a full physical image from devices that aren’t supported with standard methods.

What's Happening In Forensics - Nov 19, 2019

Tuesday, November 19, 2019 (13:03:35)
NirSoft release a new tool, MobileFileSearch, allowing users to search files on a mobile device attached to their computer.

Arman Gungor shares some updates to Forensic Email Collector.

DFRWS has a brand new website - take a look and register for the 2020 events!
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (737 reads)

Walkthrough: XRY Photon Manual

Tuesday, November 19, 2019 (12:47:23)
XRY Photon is a solution designed for recovering smartphone app data that’s inaccessible through normal extraction techniques. Now the power of XRY Photon has been expanded to cover hundreds of additional apps, with a new manual option.

Before using XRY Photon, always check the XRY device manual first, to see if an app is supported, because that’s always the fastest route.

In this demonstration, we’ll show you how our new manual option works by extracting the conversation from the Instagram app.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (340 reads)

How To Use Griffeye Brain – Artificial Intelligence

Tuesday, November 19, 2019 (12:46:43)

The Griffeye Brain in Analyze DI Pro version 19.2 brings the power of machine learning and artificial intelligence to help you quickly locate and identify child sex abuse material within your investigations.

In addition, the Griffeye Brain now has improved object detection, allowing for multiple objects to be located within the same image. In this video, we’re going to discuss how to use the newly updated Griffeye Brain plugins with your investigation, to maximise efficiency and decrease time spent searching for relevant files.

The Griffeye Brain can now harness the power of your graphics card or GPU to analyze your case for CSA and objects roughly five times faster than running it on a CPU.

Read More

  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (301 reads)

Join Magnet Forensics In Nashville On May 11-13 For Magnet User Summit 2020

Tuesday, November 19, 2019 (12:33:25)
Magnet User Summit is coming back to the Sheraton Grand Nashville Downtown in Nashville on May 11-13 — join us to learn the latest trends and best practices in digital forensics and digital evidence.

Register today and save with early bird rates!

In addition to having the chance to network with your peers, we’re bringing lectures and industry speakers to MUS 2020. You’ll get a good look at the exciting trends and best practices in the digital forensics industry as a whole.

And with our hands-on labs, you’ll have a chance to use Magnet AXIOM and Magnet AXIOM Cyber on real case files to learn how you can maximize its use in your investigations.

BlackBag Partners With Passware To Provide Full Disk Decryption In New Release

Tuesday, November 19, 2019 (12:27:26)

BlackBag Technologies announces a new partnership with the leader in encrypted electronic evidence discovery and decryption, Passware.

BlackBag Technologies announced a partnership with Passware ahead of the upcoming release of BlackLight. BlackLight quickly analyzes computer volumes and mobile devices to shed light on user actions. With easy searching, filtering and sifting through large data sets, it’s simply the best option available for smart, comprehensive analysis.

What's Happening In Forensics - Nov 18, 2019

Monday, November 18, 2019 (21:11:57)
Amber Schroader of Paraben discusses smartphone forensics and the Internet of Things.

Magnet are now offering a new training course, in conjuncton with Grayshift.

Shellbags support has now been added to USB Detective.
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (556 reads)

Three Reasons Why Call Detail Records Analysis Is Not “Junk Science”

Monday, November 18, 2019 (19:53:12)
by Patrick Siewert

Since introducing our private sector clients to the impact that cellular call detail records (CDR) analysis & mapping can have on their cases, we’ve had a lot of robust discussions with litigators and clients about the veracity and value of this evidence. CDR analysis has been used for decades in law enforcement to help prove or disprove the approximate location of criminal defendants in major crimes.

Only in the past several years have civil litigators and insurance companies also been introduced to the value that this evidence can have on their cases and/or claims investigations.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (406 reads)

Review: MacQuisition From BlackBag

Monday, November 18, 2019 (19:33:14)
by Jade James

MacQuisition is an effective 3-in-1 tool which provides the facility to acquire data live from a running system, as well as offering targeted data collection and forensic imaging. MacQuisition runs on Mac OS X and safely boots and acquires data from over 185 different Macintosh computer models in their native environments, even Fusion Drives. The tool is contained within a 120GB dongle or a 1TB SSD.

Targeted data collection allows you to select and forensically acquire files, folders and user directories whilst avoiding known system files and other unnecessary artifacts. Acquiring live data from a running system allows you to capture valuable data such as internet usage, chats from iMessage, WhatsApp etc. and multimedia files in real time; this would be beneficial in a time sensitive investigation. With MacQuisition you are also able to forensically acquire volatile Random Access Memory. MacQuisition allows you to acquire images in a forensically sound manner and automatically recognises a Fusion drive or if FileVault is present.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (403 reads)