Adroit Photo Forensics released by Digital Assembly

Digital Assembly has released Adroit Photo Forensics, an advanced photo carving and forensics tool. It allows recovery of heavily fragmented photos and preparation of reports. Download a free trial from http://digital-assembly.com/products/adroit-photo-forensics/ (Note: Download is free, to save carved images, purchase is necessary).→ Seamless support for multiple media formats
→ Simple, no-training-required workflow
→ Thorough recovery like you have never seen before
→ Comprehensive integrity checks of evidence
→ Supports many popular file systems
→ Recovers many popular photo formats
→ And, many more…

See what top experts in forensics have to say …

“Now, new software is smart enough to find and reassemble fragmented digital photographs, even when the directions for locating them have been deleted. The feat is similar to assembling a million pieces of a jigsaw puzzle with no guiding box-top image.”
—NY Times

“Adroit Photo Forensics is the best quality carver on the supported files at this moment. The APF carver uses the latest carving techniques and has the best recall and precision scores on recovering files from known datasets like the DFRWS carving datasets.””
—Robert-Jan Mora, Hoffmann Investigations – creators of Libewf used by Adroit Photo Forensics, Libpff and the open source carver Revit

Get The Latest DFIR News!

Top DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

“Most applications simply don’t handle images that have been torn into pieces and scrambled that well. His (Dr. Memon) technique takes those shreds and puts them back together.”
—Golden G. Richard III, a professor of computer science at the University of New Orleans

“This program is a big step forward”
—Marcus K. Rogers, head of the graduate Cyber Forensics Program at Purdue University

“The Adroit Photo Forensics recovery tool is the most sophisticated image carving tool available today. It is the only tool that verifies recovered JPEGs the way a human would—by programmatically looking at the images to see if the make sense. Adroit is also the only commercially available tool that can reassemble JPEGs that are fragmented into multiple pieces—something that’s especially important when recovering images from digital cameras and cell phones. I can’t imagine doing a serious investigation without Adroit.”
—Simson Garfinkel, co-author Practical UNIX and Internet Security

Leave a Comment

Latest Videos

Quantifying Data Volatility for IoT Forensics With Examples From Contiki OS

Forensic Focus 22nd June 2022 5:00 am

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run. 

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems. 

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run.

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems.

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i0zd7HtluzY

A Systematic Approach to Understanding MACB Timestamps on Unixlike Systems

Forensic Focus 21st June 2022 5:00 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...