evidence acquisition

ICDF2C 2018 – Recap

This article is a recap of some of the main highlights from the ICDF2C conference 2018, which took place in New Orleans, LA, USA from the 10th-12th September. The program began on Monday 10th September with the usual welcome registration.

Walkthrough: Oxygen Forensic Detective Latest Features

Within Oxygen, you’re able to not only connect one device, but several devices, and image them simultaneously. Oxygen’s extractor runs independently of Oxygen Detective, and that’s what allows you to run several different extractions at the same time, and there

Word Forensic Analysis And Compound File Binary Format

by Arman Gungor Microsoft Word forensic analysis is something digital forensic investigators do quite often for document authentication. Because of the great popularity of Microsoft Office, many important business documents such as contracts and memoranda are created using Word. When

SSD and eMMC Forensics 2016 – Part 2

What Has Changed in 2016 in the Way SSD Drives Self-Destruct Evidence. Demystifying eMMC, M.2, NVMe, and PCI-E. by Yuri Gubanov, Oleg Afonin © Belkasoft Research 2016 In the first part of this article, we reviewed different kinds of the

SSD and eMMC Forensics 2016

What Has Changed in 2016 in the Way SSD Drives Self-Destruct Evidence. Demystifying eMMC, M.2, NVMe, and PCI-E. by Yuri Gubanov, Oleg Afonin © Belkasoft Research 2016 This publication continues the series started with an article on SSD forensics we

The Future of Mobile Forensics: November 2015 Follow-Up

by Oleg Afonin, Danil Nikolaev, Yuri Gubanov Mobile forensics is a moving target. In our recent article, “The Future of Mobile Forensics”, we described acquisition techniques that used to be state-of-the art back then. Weeks later, some things had changed

Acquiring Windows PCs

by Oleg Afonin, Danil Nikolaev and Yuri Gubanov In our previous article, we talked about acquiring tablets running Windows 8 and 8.1. In this publication, we will talk about the acquisition of Windows computers – desktops and laptops. This class

Bitcoin Forensics Part II: The Secret Web Strikes Back

In last week’s post, we talked about Bitcoin, Tor and some of the hidden websites only accessible via Tor, such as Silk Road, which was shut down by the FBI on October 1st. Well, just over a month later and

Bitcoin Forensics – A Journey into the Dark Web

There has been a lot of buzz around Tor, Bitcoin, and the so-called “dark web” (or “deep web”) since the FBI shut down the underground website “Silk Road” on Oct 1st. As many of you already know, Tor is a

Analysis Of iOS Notes App

As part of my third year studying Digital Security,Forensics & Ethical Hacking at GCU, I took part in a group research project to study the artifacts created when using the notes app on an iPad Mini, and if they could

Forensic Imaging of Hard Disk Drives- What we thought we knew

By Todd G. Shipley and Bryan Door (A complete copy of this white paper and its figures and diagrams can be found at www.nfdrtc.net). WHAT WE HAVE BEEN TAUGHT Imaging of hard drives has been the main stay of the

Digital Forensics and ‘self-tracking’

by Dr Chris Hargreaves, lecturer at the Centre for Forensic Computing at Cranfield University in Shrivenham, UK This month’s article is based very loosely around a recent 5-minute talk from Gary Wolf (link here) which explores the concept of ‘self-tracking’

Flash drives and acquisition

First published June 2010 by Dominik Weber, Senior Software Architect for Guidance Software, Inc. “Take a look at this”. It started simply with that.A co-worker was looking into some strange issue with an acquisition of a flash drive. It seemed