±Forensic Focus Partners

Become an advertising partner

±Your Account


Forgotten password/username?

Site Members:

New Today: 0 Overall: 36290
New Yesterday: 2 Visitors: 165

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Page 3

Forensic Focus Forum Round-Up

Monday, November 25, 2019 (13:44:40)
Welcome to this month’s round-up of recent posts to the Forensic Focus forums.

Forum members advise on producing E01 images in reverse sector order.

How would you convert an AD1 image to a dd?

Can you help roncfluey to image a MacBook Pro with X-Ways?

Forum members recommend Sarah Edwards' presentation on Mac logs.

Can you help with a last shared date question in this child protection case?
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1145 reads)

Sign Up For MAGaK (Magnet AXIOM And GrayKey) Advanced iOS Examinations (AX301)

Friday, November 22, 2019 (13:45:02)
If you're looking to dive deep into iOS examinations and the use of the GrayKey device and expand your knowledge of advanced forensics, then be the first to reserve your spot for the latest course from Magnet Forensics & Grayshift: MAGaK (Magnet AXIOM & GrayKey) Advanced iOS Examinations (AX301)!

In this expert-level four-day training course, you will get hands-on use of the GrayKey device and learn how to fully operate it — including how to establish a proper workflow for handing iOS devices in the field to the lab and how to acquire a full file system image of iOS devices.

Students must be part of a law-enforcement agency who has been cleared by Grayshift in order to attend this course.

How To Transfer A Password Recovery Process To A Different Computer

Friday, November 22, 2019 (13:26:11)
Did you know that Passware Kit can create a snapshot of a password recovery process at any time and resume it on a different computer?

Running a password recovery attack, especially for multiple files or drives, might be a long process that requires a lot of hardware resources.

In some cases, it might be necessary to put an attack on hold to launch a different attack, or to resume the same attack on a more powerful hardware setup with multiple Passware Kit Agents.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (662 reads)

How To Use The Griffeye Intelligence Database

Friday, November 22, 2019 (13:25:31)
Beginning with version 19, Griffeye Analyze DI Pro and Core will start using the new Griffeye Intelligence Database, or GID, to replace the legacy intelligence manager.

In this video, we’re going to discuss the changes that the GID brings to the Analyze DI interface, and how to use the Griffeye Intelligence Database system within your cases.

First off, let’s create a new case and take a look at the differences in the case creation process, which are very minor.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (581 reads)

Hunting For Attackers’ Tactics And Techniques With Prefetch Files

Thursday, November 21, 2019 (14:13:22)
by Oleg Skulkin

Windows Prefetch files were introduced in Windows XP, and since that time they have helped digital forensics analysts and incident responders to find evidence of execution.

These files are stored under %SystemRoot%\Prefetch, and are designed to speed up applications’ startup processes. If we look at any prefetch files, we can see that their names consist of two parts: an executable name, and an eight-character hash of the executable’s location.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (750 reads)

How To Decrypt BitLocker Volumes With Passware

Thursday, November 21, 2019 (14:12:28)
Decrypting BitLocker volumes or images is challenging due to the various encryption options offered by BitLocker that require different information for decryption.

This article explains BitLocker protectors and talks about the best ways to get the data decrypted, even for computers that are turned off.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (893 reads)

What's Happening In Forensics - Nov 20, 2019

Wednesday, November 20, 2019 (21:31:54)
Oleg Afonin talks about the forensic analysis of Synology NAS devices.

Alexis Brignoni shares a realm database storage primer for digital forensic examiners.

Amped show how to resize images with Amped Replay.

Passware announce a new partnership with BlackBag.

OpenText announce their Heroes at the conclusion of the Enfuse conference.
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (983 reads)

How To Use Magnet AXIOM In Mac USB Investigations

Wednesday, November 20, 2019 (20:07:38)
Hey everyone, Trey Amick from Magnet Forensics here. Today we’re talking about Mac USB investigations, and what happens when we’ve been alerted that a USB has been inserted into an end point.

Different organisations handle USB policies differently. Some have alerting mechanisms in place for when USBs are detected, while others may encrypt the drive when it’s inserted into the end point. Other organisations may block the external drive from being mounted altogether, or may only allow specific external drives to be used by employees. Lastly, we have some organisations that tell staff it’s against policy to use USBs, but don’t take any additional steps to further protect the end point.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (761 reads)

Can Your Investigation Interpret Emoji?

Wednesday, November 20, 2019 (19:27:10)
by Christa Miller, Forensic Focus

Emoji are everywhere — including in your evidence. Used across private-messaging apps and email, social media, and even in passwords and account names, emoji are pictographic representations of objects, moods, and words. They’re a convenient shortcut for users who want to convey tone and emotion in digital communication without using a lot of words.

Preston Farley, a Special Investigator with the Federal Aviation Administration (FAA), believes “emoji will emerge as a prominent form of communication sooner rather than later,” and that there are potential ramifications for digital forensics examiners and investigators when it comes to analyzing and testifying about emoji.

Presenting at the Techno Security and Digital Investigations conference in Myrtle Beach in June 2019, Farley explained that emoji present two distinct challenges.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (624 reads)

Viber Messenger Extraction In Oxygen Forensic Detective

Wednesday, November 20, 2019 (17:45:13)
Viber is a cross-platform voice over IP and instant messaging software operated by Rakuten. The software app is provided as freeware for Android, Apple iOS, Microsoft Windows, macOS and Linux platforms. Initially the messenger was developed in 2010 by the Israel-based Viber Media, which was then bought by Rakuten in 2014. According to Statista, there were over 1.1 billion registered users as of March 2019.

Viber’s official website states the app offers end-to-end encryption and the encryption keys only exist on user’s devices. Additionally, they state no data is stored on the Viber server and that messages are only temporarily stored when they cannot be delivered to the mobile device.