Immediately Acquire Evidence In The Field From Any Cell Phone – Join Webinar

Susteen’s new Field Acquisition Device is designed to immediately pull evidence data from mobile devices in the field. Cutting-edge new methods of acquiring evidence, allow for the acquisition of encrypted apps, texts, images and more, in less than 5 minutes.

Susteen will be hosting a free live webinar presentation on their new Field Acquisition Device, this Wednesday, June 13th at 11:00 am pacific and Tuesday, June 19th at 1:00 pm pacific.Susteen’s new field acquisition device works with current mobile forensic software in your lab and has 4 new cutting-edge acquisition methods for acquiring immediate evidence from cell phones.

Susteen set out to make a product that was affordable for all law enforcement agencies, keeping the price under $1000 and offering complimentary training on this new technology. Easily disperse multiple field acquisition devices in your coverage area. Users in the field can acquire evidence, then send back to the lab for analyzation by digital forensic experts. This game-changer allows law enforcement agencies to acquire data at crime-scenes. Easily pull pictures, texts and more from witnesses at the scene, or do a full acquisition of evidence data from a suspect’s phone.

Get The Latest DFIR News!

Top DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

Operational Capabilities include:

Linked Screen Capture: This is a technological advancement in our industry which allows the software to interact with the phone and preserve exact screen captures of evidence data. This can be used to preserve evidence on just about any application that can be found on the phone by selecting each individual app.

“Real-Time Acquisition” This advancement in the technology allows the investigator to pull the last 30 minutes, 24 hours, 48 hours and full week of data from the cell phone. This allows investigators on scene, immediate access to evidence pertinent to the live situation.

Fast Acquisition: This method pulls calls, call history and text messages from the phone. Often in less than 5 minutes.*

Full Acquisition: This includes calls, texts, call history, images and some application data (more data if phone is rooted). For iOS devices, this includes an iTunes backup file!
Optical Capture with OCR method: This method allows the detective to capture screen shots of the device with our embedded camera. These images can be exported easily. Our OCR software finds text found in the images so you can convert pictures into searchable actionable evidence data.

Call Us Today for more info 949.341.0007

Leave a Comment

Latest Videos

Quantifying Data Volatility for IoT Forensics With Examples From Contiki OS

Forensic Focus 22nd June 2022 5:00 am

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run. 

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems. 

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run.

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems.

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i0zd7HtluzY

A Systematic Approach to Understanding MACB Timestamps on Unixlike Systems

Forensic Focus 21st June 2022 5:00 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...