Blog Series: Using F-Response In Enterprise Investigations

by

This month, Jamie McQuaid, a Forensics Consultant at Magnet Forensics, looked at how F-Response and Magnet AXIOM can be used together to recover data remotely in enterprise investigations.

In this three-part series, Jamie discusses how to establish a read-only, secure connection to a remote host allowing examiners to acquire or analyze physical disks and volatile data. The series uses Magnet AXIOM as an example of a tools that can be used to recover and examine the data, but as F-Response is tool-agnostic, any tool could conceivably be used.In the first post, Jamie walks through set up and acquisition methods using F-Response Enterprise to connect to a remote machine and analyze the contents. (Read the full post here: Using F-Response and Magnet AXIOM to Conduct Enterprise Investigations.)

In the second post, Using F-Response and Magnet AXIOM: Use Case 1 – Targeted Acquisition, Jamie discusses a specific use case. He says the bottleneck for a proper investigation on a remote host is the network – especially to retrieve a full physical disk image. Luckily, that’s not usually necessary – a targeted acquisition will help save time in acquisition and analysis.

In the third blog post, Jamie walks through another option for recovery and analysis that can save examiners time – previewing without retrieving artifacts. This method has minimal impact to the system or the user and can be facilitated using F-Response and AXIOM together. Read more here: Using F-Response and Magnet AXIOM: Use Case 2 – Preview No Artifacts.

Leave a Comment

Latest Videos

Forensic Focus

Forensic Focus
In this episode of the Forensic Focus podcast, Si and Desi recap the 18th International Conference on Cyber Warfare and Security (ICCWS). Desi shares his top picks of the best talks, which explore a range of topics, from forensic investigations on Github breaches and blockchain forensics to deepfake technology and network forensics on submarines. They also take a look at LockBit ransomware investigations and examine whether or not there has been a resurgence in 'script kiddies'. Show Notes: ICCWS 2024 program: https://docs.google.com/spreadsheets/d/1u_ajyuxeZ5Hi-989nw50KxI5tTMnKPylhg47fVTp9pk ICCWS 2023 papers (including book): https://papers.academic-conferences.org/index.php/iccws

In this episode of the Forensic Focus podcast, Si and Desi recap the 18th International Conference on Cyber Warfare and Security (ICCWS).

Desi shares his top picks of the best talks, which explore a range of topics, from forensic investigations on Github breaches and blockchain forensics to deepfake technology and network forensics on submarines.

They also take a look at LockBit ransomware investigations and examine whether or not there has been a resurgence in 'script kiddies'.

Show Notes:

ICCWS 2024 program: https://docs.google.com/spreadsheets/d/1u_ajyuxeZ5Hi-989nw50KxI5tTMnKPylhg47fVTp9pk

ICCWS 2023 papers (including book): https://papers.academic-conferences.org/index.php/iccws

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_Yh5SwnVkS1k

18th International Conference on Cyber Warfare and Security (ICCWS 2023)

Forensic Focus 29th March 2023 11:22 am

In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools. They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi. Show Notes: A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234 YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/ Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools.

They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi.

Show Notes:

A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf

Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi

A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi

European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234

YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/

Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_7QiFTiuY7Vw

AI In CSAM Investigations And The Role Of Digital Evidence In Criminal Cases

Forensic Focus 22nd March 2023 12:44 pm

Throughout the past few years, the way employees communicate with each other has changed forever. 69% of employees note that the number of business applications they use at work has increased during the pandemic. Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment. Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with. Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review. With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications. Join Monica Harris, Product Business Manager, as she showcases how investigators can: - Manage multiple cloud collections through a web interface - Cull data prior to collection to save time and money by gaining these valuable insights of the data available - Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box - Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee - Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_g6nTjfEMnsA

Tips And Tricks Data Collection For Cloud Workplace Applications

Forensic Focus 20th March 2023 12:00 pm

Load More... Subscribe
This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Digital Forensics Round-Up, March 30 2023
News

Digital Forensics Round-Up, March 30 2023

ByForensic FocusMar 30, 2023
Detego Global & Hi2 Consulting Host 7th Annual SWE Digital Forensics Conference
News

Detego Global & Hi2 Consulting Host 7th Annual SWE Digital Forensics Conference

ByDetego Digital ForensicsMar 30, 2023
File Analysis And DVR Conversion Training From Amped Software
Reviews

File Analysis And DVR Conversion Training From Amped Software

ByForensic FocusMar 29, 2023
18th International Conference On Cyber Warfare And Security (ICCWS 2023)
Podcast

18th International Conference On Cyber Warfare And Security (ICCWS 2023)

ByForensic FocusMar 29, 2023
Detego Global Teams Up With MH Service To Deliver Free Access To Cutting-Edge DFIR Tools
News

Detego Global Teams Up With MH Service To Deliver Free Access To Cutting-Edge DFIR Tools

ByDetego Digital ForensicsMar 27, 2023
Digital Forensics Round-Up, March 23 2023
News

Digital Forensics Round-Up, March 23 2023

ByForensic FocusMar 23, 2023
Share to...
BufferCopyFlipboardHacker NewsLineLinkedInMessengerMixPinterestPocketPrintRedditSMSTelegramTumblrVKWhatsAppXingYummly