±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 33492
New Yesterday: 0 Visitors: 190

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

Page 2

Memory Dump Formats

Thursday, February 08, 2018 (09:05:47)
As in other storage devices, volatile memory also has several formats. According to the acquisition method that is in use, the captured file format can be vary. According to (Ligh et al, 2018) the most commonly used memory dump formats are:

- RAW memory dump.
- Windows crash dump.
- Windows hibernation files.
- Expert witness format (EWF).
- HPAK format.

Raw memory dump is the most commonly used memory dump format by modern analysis tools. According to (Ligh et al, 2018) these raw file formatted memory dumps do not contain headers, metadata, or magic values.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (662 reads)

Now Open - Register For The Magnet User Summit Series 2018

Wednesday, February 07, 2018 (16:23:55)
The Magnet User Summit Series is back, and it’s coming to more cities this year! We’re bringing news, hands-on learning, and our observations on industry issues to Las Vegas, US; London, England; Paris, France; and Dusseldorf, Germany. Visit the Magnet User Summit site for more details and to register.

Interview With Harlan Carvey, Director Of Intelligence Integration, Nuix

Wednesday, February 07, 2018 (13:40:56)
Harlan, tell us about your job role and your background.

My title at Nuix is “Director, Intelligence Integration”. What this means is that my role is to help our own team, as well as clients, look for ways to incorporate intelligence, in its various forms and from various sources into our products, and by extension, workflows using our products. This includes, but is not limited to, the Security & Intelligence products.

The Nuix S&I products augment the entire Nuix product line, extending their coverage over client issues, and providing the ‘single pane of glass’ to meet the investigative challenges our clients face. By adding the S&I product line, Nuix is not leaving its bread-and-butter behind; quite the opposite, in fact.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (680 reads)

How To Ingest Images From Various Tools And Acquisition Methods

Wednesday, February 07, 2018 (10:45:43)
Credible. Verifiable. Repeatable.

Magnet Forensics Founder and CTO, Jad Saliba, and Jamie McQuaid, our Forensics Consultant, have made it clear how fundamental these elements are to an investigation. They both insist that a tool box approach is the only “right” way to investigate evidence and achieve these results.

Jamie McQuaid and Jessica Hyde, our Director of Forensics, have written a series of blog posts that will walk through how to ingest various images from third-party sources (Cellebrite, XRY, and Oxygen) into AXIOM and how to export an AXIOM image for use with other tools.

Interview With Barbara Guttman, Software Quality Group Manager, NIST

Tuesday, February 06, 2018 (10:14:25)
Barbara, tell us a bit about yourself. What's your role, and what does a typical day in your life look like?

As the Manager of the Software Quality Group, I work on 3 major projects including digital forensics, software assurance and software metrology. Even in digital forensics there are several projects, so I get to move from topic to topic.

Friday, I gave a 5 year review of our digital forensics program to NIST management, helped a fellow manager in the Applied Security Division create a vacancy announcement, and spent some time reading about about new approaches to software assurance.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (515 reads)

Interview With Tod Ewasko, Director Of Product Management, AccessData

Thursday, February 01, 2018 (09:23:20)
Tod, you have recently moved into the role of Director of Product Management and Development at AccessData. Congratulations! Can you tell us a little more about your role and what your day to day job is like?

Yes, thank you. I’m very excited the step into this role, and the opportunity it brings to interact more with our customers. AccessData has always been committed to helping to solve the issues and concerns of the market. We are continually striving to give clients a greater voice so that we can elevate our products and their success. As such, over the past few years, we have shifted to a pragmatic marketing approach to product management and development, which means we take a much deeper look into each feature request to fully understand the context of why you are asking for that feature or what is causing an issue.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (682 reads)

Detection Of Backdating The System Clock In MacOS

Wednesday, January 31, 2018 (10:42:44)
by Oleg Skulkin & Igor Mikhaylov

Recently we received a good question from one of our DFIR mates: “How can one detect backdating of the system clock forensicating macOS?”. This is a really good question, at least for us, so we decided to research it. If we are talking about Windows system clock backdating there are a lot of information to help, for example, this SANS white paper by Xiaoxi Fan, but there is nothing about macOS.

Let’s start from macOS timestamps as they are very interesting and have a lot of evidentiary value. Let’s start from running mdls command on a sample file.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (783 reads)

Digital Forensics News January 2018

Monday, January 29, 2018 (17:47:00)
BlackBag Technologies have released the latest version of MacQuisition: 2018 R1.

Oxygen Forensics have teamed up with Project VIC to help fight child exploitation.

Susteen's Burner Breaker won Popular Science's vote for Best of What's New in 2018.

DriveSavers Data Recovery shared an important article about how to ensure you're collecting evidence legally.

AXIOM 1.2.3, the latest version of Magnet's popular solution, now includes improved smartphone acquisition features.

Magnet Forensics have released a white paper on Windows password cracking.
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1084 reads)

Forensic Focus Forum Round-Up

Monday, January 29, 2018 (13:19:43)
Welcome to this month’s round-up of recent posts to the Forensic Focus forums.

Do you agree with ISO 17025 being the new standard for digital forensics? Take a look at the poll and join in the discussion on the forum!

Can you help spg93 to verify whether a hard drive is blank?

What would you do with a USB stick that was misreporting its capacity?

dmanh shares tips on recovering data with Autopsy and BitLocker images.

Can everything in digital forensics be factually established? Share your thoughts on the forum.

Forum members discuss the latest news from the UK Forensic Regulator.
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (862 reads)

MacQuisition 2018 R1 Is Now Available

Friday, January 26, 2018 (13:15:36)
We are very excited to announce our first major release of 2018 - MacQuisition 2018 R1 is now available! MacQuisition continues to be the leading and most advanced forensic imaging software for Mac OS X and macOS.