Configuring the decryption of multiple disk images has long been a headache for computer forensics. In the past, they needed to specify the settings for each image, depending on the FDE vendor, in order to set up the password recovery … Read more
Tiffanie: Hi, my name is Tiffanie Edwards, and I’m gonna be presenting the paper “BlockQuery: Toward Forensically Sound Cryptocurrency Investigation”.
So this is a little bit of background on the authors of this paper. Tyler Thomas is a primary … Read more
In this video from DFRWS-EU 2022, Pedro Fernandez-Alvarez describes research focused on the Telegram Desktop client, in particular the client process contents in a Windows system’s RAM.
Session Chair: We are now in the topic of memory forensics, and … Read more
Matthew: Welcome to our presentation. I’m Matthew Piscitelli.
Tyler: And I’m Tyler Thomas.
Matthew: And we performed memory forensics on USB attack platforms. This work was supported by National Science Foundation Grant number 1921813. We looked at two USB … Read more
Oleg Afonin, Danil Nikolaev, Yuri Gubanov
© Belkasoft Research 2015
While Windows desktops and laptops are relatively easy to acquire, the same cannot be said about portable Windows devices such as tablets and convertibles (devices with detachable keyboards). Having no … Read more
The former way to acquire the Windows logon password of user is to get a NTML hash value through the Windows logon session and registry then crack it. [Figure 1] shows the well-known ways to get a NTML … Read more