±Forensic Focus Partners

±Your Account


Nickname
Password


Forgotten password/username?


Membership:
New Today: 5
New Yesterday: 9
Overall: 27212
Visitors: 67

±Follow Forensic Focus

Join our LinkedIn group

Subscribe to news

Subscribe to forums

Subscribe to blog

Subscribe to tweets

What cops need to know about Apple’s iOS 8 lockout

Wednesday, October 01, 2014 (09:12:13)
In mid-September, Apple rolled out iOS 8 for users of the more recent models of the iPhone, iPad, and Mac computers. Among many changes was a statement from Apple CEO Tim Cook that Apple would no longer assist law enforcement agencies in unlocking iPhones and iPads. Actually, Apple’s claim is that they cannot assist law enforcement in this way, because iOS 8 encrypts the data on the device with a key linked to the user’s passcode, and that passcode is not transmitted to Apple. This saves Apple from being in the middle of a subpoena/search warrant war, as they can’t give the police what they do not have. Privacy advocates lauded Apple for taking this position.

Analysis by iOS forensics experts indicates that Apple is speaking the truth. Apple doesn’t have the key to unlock a device running iOS 8. However, that doesn’t always mean that the cops can’t get access...

Read More (PoliceOne.com)
  • Posted by: jamie
  • Topic: News
  • Score: 0 / 5
  • (331 reads)

Learn How To Recover Vital Artifacts from BlackBerry Messenger

Monday, September 29, 2014 (10:54:45)
BlackBerry Messenger (BBM) was the original mobile messaging application, geared towards business users and productive consumers. Originally available only on BlackBerry devices, BBM has since gone cross-platform and is now accessible to Android and iOS users.

While consumer interest in BlackBerry devices has been on the decline, the recent OS extension of BBM has increased the application’s user-base substantially. It’s become widely popular in North America, but even more noteworthy is the adoption of BBM in countries such as Indonesia and South Africa, where it is the number one mobile chat application.

Learn how to retrieve BBM artifacts from iOS and Android devices...

Read More (Magnet Forensics)

A guide to RegRipper and the art of timeline building

Thursday, September 25, 2014 (13:19:26)
I have often heard RegRipper mentioned on forums and websites and how it was supposed to make examining event logs, registry files and other similar files a breeze. RegRipper is developed and maintained by Harlan Carvey, who is the author of several blogs, numerous books and tools, and is also very active in the forensic community in general.

RegRipper is a tool that can be used to quickly extract values of interest from within the registry. It is NOT a registry browser. You do not get the option to browse through the registry. That can quickly overwhelm any analyst.

Instead it extracts only values of potential interest and presents it in a document for easier reading. This does not mean that you will be presented with the smoking gun right off the bat...

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1406 reads)

Paraben Adds iOS 8.0 Support in Release of DDS

Wednesday, September 24, 2014 (07:20:30)
Paraben is pleased to announce the release of Deployable Device Seizure (DDS) v4.6. All current Device Seizure license holders have access to this new version.

What’s new in DDS v4.6

• Add support for iOS 7.1.x and 8.0 as well as support for the iPad Air
• Added support for Android OS 4.4.2 and below comprehensive logical acquisitions
• Added support of Windows Phone 7.5, 8, and 8.1
• Added deleted message recovery for devices with Symbian OS 7.x-9.x
• New drivers for new generations of phones have been added to the installation
• The acquisition process for devices with Android OS 4.0 and higher has been improved with new methodology
• Added Skype history collection for not-Jailbroken iPhones/iPads/IPod Touches
• Fixed minor problems in working with cases containing Unicode characters
• Improved recovered deleted data parsing for iPhone and Android devices
  • Posted by: paraben
  • Topic: News
  • Score: 0 / 5
  • (870 reads)

Recovering Evidence from SSD Drives in 2014

Tuesday, September 23, 2014 (16:27:31)
Several years ago, Solid State drives (SSD) introduced a challenge to digital forensic specialists. Forensic acquisition of computers equipped with SSD storage became very different compared to acquisition of traditional hard drives. Instead of straightforward and predictable recovery of evidence, we are in the waters of stochastic forensics with SSD drives, where nothing can be assumed as a given.

With even the most recent publications not going beyond introducing the TRIM command and making a conclusion on SSD self-corrosion, it has been common knowledge – and a common misconception, – that deleted evidence cannot be extracted from TRIM-enabled SSD drives, due to the operation of background garbage collection...

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1969 reads)