Articles

Malware Can Hide, But It Must Run

by Alissa Torres, SANS Certified Instructor It’s October, haunting season. However, in the forensics world, the hunting of evil never ends. And with Windows 10 expected to be the new normal, digital forensics and incident response (DFIR) professionals who lack

The “I’ve Been Hacked” Defence

By: Yuri Gubanov, Oleg Afonin (C) Belkasoft Research, 2016 Abstract This article was inspired by an active discussion in one of the forensic listservs. Original post was asking on how to fight with an argument “This is not me, this

10 DFIR Blogs You Don’t Want to Miss

by Christa M. Miller Digital forensics is a tough job. Forensicators must evolve as rapidly as the technology does, which means being in a constant state of learning. Formal education is costly and can’t keep up. The next best alternative:

Meeting A Forensic Challenge: Recovering Data From A Jolla Smartphone

by Davide Gabrini, Andrea Ghirardini, Mattia Epifani and Francesco Acchiappati Preface During the hacking camp MOCA 2016, at the end of a talk held by Davide “Rebus” Gabrini on passcode circumvention methods on mobile devices, a bystander offered an intriguing

How to Stop Worrying and Learn to Love Your Inner Impostor

by Christa M. Miller It’s pretty much impossible to work in a small, niche community like DFIR and not eventually rub elbows with a rock star. You go to a conference and get to talking with someone, and you don’t

SSD and eMMC Forensics 2016 – Part 3

What Has Changed in 2016 in the Way SSD Drives Self-Destruct Evidence: Demystifying eMMC, M.2, NVMe, and PCI-E. by Yuri Gubanov & Oleg Afonin © Belkasoft Research 2016 In the previous part of the article, we talked about eMMC storages

Current Challenges In Digital Forensics

What is the most urgent question facing digital forensics today? That in itself is not a question with a straightforward answer. At conferences and in research papers, academics and forensic practitioners around the world converge to anticipate the future of

SSD and eMMC Forensics 2016 – Part 2

What Has Changed in 2016 in the Way SSD Drives Self-Destruct Evidence. Demystifying eMMC, M.2, NVMe, and PCI-E. by Yuri Gubanov, Oleg Afonin © Belkasoft Research 2016 In the first part of this article, we reviewed different kinds of the

The Investigative Challenges Of Live Streamed Child Abuse

Among the challenges facing digital forensic investigators today, the instantaneous nature of online communication is arguably one of the most persistent. Trying to investigate whether a crime has occurred, and if so to bring its perpetrators to justice in a

SSD and eMMC Forensics 2016

What Has Changed in 2016 in the Way SSD Drives Self-Destruct Evidence. Demystifying eMMC, M.2, NVMe, and PCI-E. by Yuri Gubanov, Oleg Afonin © Belkasoft Research 2016 This publication continues the series started with an article on SSD forensics we

BitLocker: What’s New in Windows 10 November Update, And How To Break It

BitLocker is a popular full-disk encryption scheme employed in all versions of Windows (but not in every edition) since Windows Vista. BitLocker is used to protect stationary and removable volumes against outside attacks. Since Windows 8, BitLocker is activated by

Peering Through The Cloud

by Shahaf Rozanski Obscured by clouds With there now being more mobile phones on the planet than people and smartphones set to achieve saturation in just 10 years, unlocking the data held on them has increasingly needed to be used

Multi-Factor Authentication in Digital Forensics

Two-factor authentication is probably the best secure thing since passwords were invented. Two-factor authentication goes a long way towards protecting one’s accounts against being hacked. A password alone, no matter how long or secure, is no longer enough to provide

Forensic Acquisition of Google Accounts

Google collects and retains massive amounts of data about everyone who uses their services. Gaining access to that data is essential for solving many types of crimes. Learning what Google knows about the suspect can be a matter of utter