Forensic Focus

Touch Screen Lexicon Forensics (TextHarvester / WaitList.dat)

By Barnaby Skeggs Preamble Since the release of Windows 8, and the ‘Metro’ interface, touch screen input has been implemented in a rapidly rising number of Windows devices including Microsoft Surface Pro/Book, 2-in-1s, convertible laptops and tablets. Microsoft has catered

Malware Can Hide, But It Must Run

It’s October, haunting season. However, in the forensics world, the hunting of evil never ends. And with Windows 10 expected to be the new normal, digital forensics and incident response (DFIR) professionals who lack the necessary (memory) hunting skills will

Malware Can Hide, But It Must Run

by Alissa Torres, SANS Certified Instructor It’s October, haunting season. However, in the forensics world, the hunting of evil never ends. And with Windows 10 expected to be the new normal, digital forensics and incident response (DFIR) professionals who lack

The “I’ve Been Hacked” Defence

by Yuri Gubanov, Oleg Afonin(C) Belkasoft Research, 2016 AbstractThis article was inspired by an active discussion in one of the forensic listservs. Original post was asking on how to fight with an argument “This is not me, this is a

The “I’ve Been Hacked” Defence

By: Yuri Gubanov, Oleg Afonin (C) Belkasoft Research, 2016 Abstract This article was inspired by an active discussion in one of the forensic listservs. Original post was asking on how to fight with an argument “This is not me, this

Forensic Focus Forum Round-Up

Welcome to this month’s round-up of recent posts to the Forensic Focus forums. Can you help honor_the_data work out this USB storage timestamp anomaly? Forum members discuss iPhone 4S iTunes backup encryption. Should you apply for ISO/IEC 17020 and 17025

Webinar: Challenges Mobile Devices Pose in Global Investigations

11 October9:00AM ET / 2:00PM UK / 3:00PM CEST Discussion Topics: – To some extent, the ubiquity of mobile devices—and many people’s use of them as their primary digital interface—has come in the aftermath of the first wave of standards

Webinar: How To Break Passcodes / Patterns On Locked Android Phones

A recording of the webinar “How To Easily Break Pincodes / Passcodes / Patterns On Locked Android Phones” is now online and available to view here. Join the forum discussion here.View the webinar on YouTube here.Read a full transcript of

Deep Diving for Forensic Gold – Applications and Deleted Data

Presenter: Lee Reiber, COO at Oxygen Forensics Join the forum discussion here.View the webinar on YouTube here.Read a full transcript of the webinar here. Lee Reiber: …[golds] here at Oxygen Forensics. And there are still a few people still showing

Review: Oxygen Forensic Detective From Oxygen Forensics

Reviewed by K. Gus Dimitrelos CEO – Cyber Forensics 360 Opening the Oxygen Forensic Detective Dongle packaging I did not expect my forensics world of 20 years and counting to change so quickly. As a retired Secret Service agent, I

Oxygen Forensic Detective From Oxygen Forensics

Reviewed by K. Gus Dimitrelos CEO – Cyber Forensics 360 Opening the Oxygen Forensic Detective Dongle packaging I did not expect my forensics world of 20 years and counting to change so quickly. As a retired Secret Service agent, I

Forensic Focus Forum Round-Up

Welcome to this month’s round-up of recent posts to the Forensic Focus forums. Forum members discuss the detection and analysis of steganography. What would be your strategy for a large-scale investigation? Share your thoughts in the forum. What do you

InSig2 LawTech 2016 – Brussels 7th – 8th November

From the 7th – 8th of November 2016, Forensic Focus will be attending InSig2’s Law Tech Europe conference in Brussels, Belgium. If there are any topics you’d particularly like us to cover, or any speakers you think we should interview,

InSig2 LawTech 2016 – Brussels 7th – 8th November

From the 7th – 8th of November 2016, Forensic Focus will be attending InSig2’s Law Tech Europe conference in Brussels, Belgium. If there are any topics you’d particularly like us to cover, or any speakers you think we should interview,