digital forensics

Imaging Locked Motorola Devices Via Bootloader Exploit

Last-generation Android devices are gradually getting more secure, even approaching iOS-grade security in some usage scenarios. Equipped with fingerprint readers and compulsory encryption of the data partition, Android smartphones became a much tougher acquisition target compared to just a couple

The CSI Effect – Expectations Vs Limitations

by James Zjalic Much has been written about the CSI phenomenon within digital forensics circles, but is there a way we as experts can reduce this effect, maybe not globally but at least amongst our own clients? In just the

Windows Drive Acquisition

by Oleg Skulkin & Scar de Courcier Before you can begin analysing evidence from a source, it first of all needs to be imaged. This describes a forensic process in which an exact copy of a drive is made. This

Linux Memory Forensics: Dissecting the User Space Process Heap

by Frank Block and Andreas Dewald Abstract The analysis of memory during a forensic investigation is often an important step to reconstruct events. While prior work in this field has mostly concentrated on information residing in the kernel space (process

Focused Digital Forensic Methodology

by Haider H. Khaleel Abstract Since the end of the 19th Century until the current time, law enforcement has been facing a rapid increase in computer-related crimes. In the present time, digital forensics has become an important aspect of not

Digital Forensics: Iron Bars, Cement And Superglue

by James Zjalic When most people think of digital forensics they think of CSI Miami: hackers in hoodies and Mission Impossible type biometrics. But under the superficial exterior, there is a framework of laws, regulations, best practices, guidelines, and standards

Cellular GPS Evidence: Waze + Cellebrite + CellHawk

by Patrick Siewert, Principal Consultant, Pro Digital Forensic Consulting It’s becoming common knowledge that location evidence on cellular devices can provide a wealth of evidence in any number of civil, criminal and investigative matters. Law enforcement agencies use cellular location

When No Conclusion Can Be A Conclusion

by James Zjalic Before CCTV systems were conceived, eye-witness accounts were the only method of identifying a suspect based on their facial features. The pitfalls of this type of identification have been well documented numerous times with regard to the

Physical Imaging Of A Samsung Galaxy S7 Smartphone Running Android 7.0

by Oleg Skulkin & Igor Shorokhov The release of Android Nougat has brought new challenges to mobile forensic examiners: the smartphones running this version most likely have encrypted partitions with users’ data, their bootloaders are locked and classic custom recovery

Techno Security 2017 – San Antonio September 18th-20th

From the 18th to the 20th of September, the Techno Security & Digital Forensics Conference will be taking place in San Antonio, Texas, USA. If there are any topics you’d particularly like to see covered, or any speakers you think

The Future Of ENF Systems

by James Zjalic The subject of authentication is important across the entire digital forensic field and we as examiners have various weapons at our disposal in which to defend against the onslaught of manipulators, liars and charlatans. Authentication is frequently

An Introduction To Challenges In Digital Forensics

by W.Chirath De Alwis Digital forensics is a technique in the identification of computer based crimes. But digital forensics faces a few major challenges when it comes to conducting investigations. According to Fahdi, Clarke & Furnell (2013), th challenges of

RAM Forensic Analysis

by Eliézer Pereira 1 Goal The purpose of this article is show how to perform a RAM memory forensic analysis, presenting some examples of information that can be retrieved and analyzed to help identify indications of security incidents as well

Remote Forensics Of Windows 10 Mobile Devices

by Oleg Afonin, Elcomsoft Microsoft has developed Windows 10 as the one OS for all types of devices from servers to wearables. Desktops, laptops, two-in-ones, tablets and smartphones can (and do) run a version of Windows 10. There are countless

An Introduction To Theft Of Trade Secrets Investigations

by Laurence D. Lieb, Managing Director, HaystackID. The subjects we will be covering include: Defining When One Should Reasonably Panic Reasonable Triage Steps to Take in Order to Identify if There is Only Smoke or an Actual Fire The Importance