±Forensic Focus Partners

Become an advertising partner

±Your Account


Forgotten password/username?

Site Members:

New Today: 0 Overall: 36223
New Yesterday: 2 Visitors: 162

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Digital Forensics, Computer Forensics, eDiscovery

What's Happening In Forensics - Nov 18, 2019

Monday, November 18, 2019 (21:11:57)
Amber Schroader of Paraben discusses smartphone forensics and the Internet of Things.

Magnet are now offering a new training course, in conjuncton with Grayshift.

Shellbags support has now been added to USB Detective.
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (215 reads)

Three Reasons Why Call Detail Records Analysis Is Not “Junk Science”

Monday, November 18, 2019 (19:53:12)
by Patrick Siewert

Since introducing our private sector clients to the impact that cellular call detail records (CDR) analysis & mapping can have on their cases, we’ve had a lot of robust discussions with litigators and clients about the veracity and value of this evidence. CDR analysis has been used for decades in law enforcement to help prove or disprove the approximate location of criminal defendants in major crimes.

Only in the past several years have civil litigators and insurance companies also been introduced to the value that this evidence can have on their cases and/or claims investigations.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (184 reads)

Review: MacQuisition From BlackBag

Monday, November 18, 2019 (19:33:14)
by Jade James

MacQuisition is an effective 3-in-1 tool which provides the facility to acquire data live from a running system, as well as offering targeted data collection and forensic imaging. MacQuisition runs on Mac OS X and safely boots and acquires data from over 185 different Macintosh computer models in their native environments, even Fusion Drives. The tool is contained within a 120GB dongle or a 1TB SSD.

Targeted data collection allows you to select and forensically acquire files, folders and user directories whilst avoiding known system files and other unnecessary artifacts. Acquiring live data from a running system allows you to capture valuable data such as internet usage, chats from iMessage, WhatsApp etc. and multimedia files in real time; this would be beneficial in a time sensitive investigation. With MacQuisition you are also able to forensically acquire volatile Random Access Memory. MacQuisition allows you to acquire images in a forensically sound manner and automatically recognises a Fusion drive or if FileVault is present.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (199 reads)

First Responder Capability: Prof. John Walker Joins Belkasoft's Webinar

Monday, November 18, 2019 (17:43:20)
Belkasoft's next webinar is going to be a special one.

The reason is that this talk will be delivered not only by Brad Robin, Belkasoft's Pre-Sales Manager and law enforcement professional. Our special guest, Prof. John Walker, will also participate in this deep and informative session.

Webinar: New Triage Capabilities In BlackLight

Friday, November 15, 2019 (13:21:48)
Quickly triage systems with new BlackLight features in this upcoming webinar with BlackBag Technologies and Passware, Inc.

How To Save Time With XAMN’s Dynamic Artifact Count Feature

Friday, November 15, 2019 (13:03:25)
At MSAB, we’re always looking to improve our software and make every product more user-friendly, intuitive, and valuable; and to help save you time.

We’ve recently improved the way that XAMN displays and counts artifacts. Let’s take a look at the new functionality.

We’ve opened this case in XAMN, and from the start we can get a lot of information from just looking at the filter pane on the left. The numbers next to each category tell how many artifacts have been extracted for each of them.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (663 reads)

How To Integrate LACE Carver With Griffeye Analyze DI Pro

Friday, November 15, 2019 (12:58:12)
Let’s talk about the exciting new LACE Carver integration with Analyze DI Pro.

Once you have the proper license, you can head over to your Downloads page on MyGriffeye.com and go to the LACE Carver download.

Once the app package has been downloaded, we can go back to Griffeye and install it under Settings –> Plugins –> and click on the ‘Install’ button, selecting the file we just downloaded from the internet.

Once the file is fully extracted and the plugin has been installed you can head over to the Analyze Forensic Marketplace, where we now have LACE Carver integration.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (419 reads)

How To Use AXIOM In Malware Investigations: Part II

Thursday, November 14, 2019 (18:00:37)
Hey everyone, Tara Nelson here with Magnet Forensics. Today I’m going to give a little insight into how AXIOM can help with some of your day-to-day investigations. In this video we’re going to talk a little bit about malware investigations.

There is a Part I to this segment, in which I focus on reviewing memory as part of a malware investigation in AXIOM, so if you haven’t seen that yet, I encourage you to go check it out. This video will focus on additional key features that AXIOM has to offer that could also be useful in a malware examination.

To start off, I’ve identified this process of interest, named ‘Fake Intel’, through our Volatility output from memory, that I believe could be malicious.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (692 reads)

How To Boot Scan A Microsoft Surface Pro

Thursday, November 14, 2019 (11:34:15)

Hi, I’m Rich Frawley, and I’m the Digital Forensic Specialist with ADF Solutions. Today we’re going to conduct a boot scan of a Microsoft Surface Pro with BitLocker activated.

At this point you have decided on a search profile, or search profiles, to use and prepared your collection key.

When conducting a boot scan, Digital Evidence Investigator is forensically sound. This means that no changes are made to the target media.

Prior to conducting a boot scan, establish how many USB ports are available, and determine if the four-port USB hub is required.

Read More

  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (710 reads)

What Changes Do We Need To See In eDiscovery? Part VI

Wednesday, November 13, 2019 (16:27:36)
by Harold Burt-Gerrans

Several years ago, we hosted what I believe was the first true single-language review of multi-lingual documents. At that time, Google search could only find one eDiscovery or processing software vendor that included bulk/mass machine language translation as a feature, and that was just being released in their most recent processing engine. As they were making it available to their clients, we had already hosted a complete case.

In our case, all the documents were primary language identified and machine translated to English. All the indexing and analytics were done using both the original text and English text. The whole review team was English. This approach worked well in this specific matter and it saved the client from having to build review teams for specific languages – especially helpful since many email threads would have needed to be split among review teams as the languages often varied between forwards and replies.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (637 reads)