Nuix And MSAB Announce Partnership To Streamline Computer And Mobile Forensics

Global technology company Nuix and MSAB, a pioneer in mobile device forensic examination, today announced a partnership focused on harmonizing the Nuix digital investigation platform with MSAB’s suite of market-leading mobile forensics solutions. This partnership offers a streamlined workflow for investigators seeking to reduce their case backlogs and become more efficient in examining the dramatically growing volumes of digital evidence involved in investigative cases.“Mobile devices are a prime source of digital evidence—our law enforcement customers tell us they examine up to five times as many mobile devices as traditional PCs in a typical investigation,” said Paul Slater, Nuix’s Global Head of Investigations. “This integration with MSAB will help customers accelerate the digital investigation process, especially at scale, giving them a better way to search and analyze all the evidence from mobile devices, computers, and many other data sources.”

Closer integration of these two leading technologies will enable customers to work easily between MSAB’s mobile device forensics products and Nuix’s digital investigation software. They will be able to extract and decode forensic artifacts from mobile devices before automatically transferring files and associated metadata to the Nuix platform – including tags and comments from MSAB’s suite of tools.

“We are led by customer demand and want to ensure that our customers get the best possible solutions available in the digital forensics industry,” said Joel Bollo, CEO of MSAB. “Working in collaboration with other companies, we aim to build a leading consortium of providers. Nuix have shown their analytical platform capabilities provide users with excellent functionality, so we are excited about the opportunity to work closer with them.”

For questions on the partnership or a demonstration of the joint workflow please contact:

Get The Latest DFIR News!

Top DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

MSAB
Joel Bollo, CEO, MSAB
+46 (0) 70 930 07 20
[email protected]

Nuix
Paul Slater, Global Head of Investigations, Nuix
[email protected]

Leave a Comment

Latest Videos

Quantifying Data Volatility for IoT Forensics With Examples From Contiki OS

Forensic Focus 22nd June 2022 5:00 am

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run. 

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems. 

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run.

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems.

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i0zd7HtluzY

A Systematic Approach to Understanding MACB Timestamps on Unixlike Systems

Forensic Focus 21st June 2022 5:00 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...