BlackBag Technologies Participates In NW3C’s Apple Forensic Primer Course

Don Brister, Senior Forensic Analysis and Instructor with BlackBag® Technologies was a guest instructor for the National White Collar Crime Center (NW3C) webinar Apple Forensic Primer: Are you really prepared for your next iPhone or MacBook Pro examination?

The webinar took place on Thursday, August 4, 2016, and highlighted the forensic concepts, artifacts, and tools that are covered in NW3C’s Apple®-based forensic curriculum. To view the recording of the webinar please click here.

BlackBag® was honored to demonstrate their innovative digital forensic products, BlackLight®, Mobilyze, and MacQuisition™, which have been incorporated into NWC3’s curriculum.

BlackBag® would like to thank NW3C for the training and collaboration opportunity. We encourage other organizations and companies to contact us at [email protected] if you are in need of training courses that utilize our products.Webinar Description
“The number of Apple® devices, especially iPhones® and iPads®, that law enforcement professionals encounter in the course of an investigation continues to grow rapidly. The need for training on the proper handling, acquisition, and analysis of these devices is at an all-time high. Digital devices’ storage capacity is also increasing exponentially, and manual analysis of such large volumes of data can be daunting even for experienced technicians who understand how and where the data is stored. Investigators and forensic examiners need the support of automated forensic tools to assist in the efficient and timely examination of evidence to solve crimes.”

Get The Latest DFIR News!

Top DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.
1

About the Company
BlackBag® Technologies is a developer of innovative forensic acquisition, triage, and analysis software for Windows, Android, iPhone/iPad, and Mac OS X devices. We strive to reveal the truth in data in order to create a safer world. The company’s flagship product, BlackLight®, has been adopted worldwide by many digital forensics examiners as a primary analysis tool. Mobilyze, BlackBag®’s groundbreaking mobile device triage tool, empowers virtually all law enforcement personnel, with or without specialized experience, to capably triage and report on data from smartphones.

In addition to software, BlackBag also develops and delivers expert forensic training and certification programs, designed to meet the needs of law enforcement, military and private sector examiners. Taught by an elite team with considerable law enforcement and digital forensics experience, the courses are tailored to address realistic, multi-platform scenarios simulating the daily challenges of digital evidence.

To learn more about BlackBag®’s software and training, please contact us at 855-844-8890, or visit us at blackbagtech.com.

1
National White Collar Crime Center. (2016). August 4, 2016 Apple Forensic Primer. Retrieved from http://www.nw3c.org/events/upcoming/event/2016/08/04/default-calendar/august-4-2016-apple-forensic-primer

Leave a Comment

Latest Videos

Quantifying Data Volatility for IoT Forensics With Examples From Contiki OS

Forensic Focus 22nd June 2022 5:00 am

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run. 

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems. 

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run.

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems.

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i0zd7HtluzY

A Systematic Approach to Understanding MACB Timestamps on Unixlike Systems

Forensic Focus 21st June 2022 5:00 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...