±Forensic Focus Partners

Become an advertising partner

±Your Account


Forgotten password/username?

Site Members:

New Today: 0 Overall: 31952
New Yesterday: 1 Visitors: 77

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

Page 3

Asking A VPS To Image Itself

Wednesday, February 15, 2017 (12:19:58)
by Chris Cohen

There is a Linux Virtual Private Server (VPS) that you have been tasked to collect using a forensically sound method while ensuring confidentiality, integrity and availability. You have the password for a user who has ssh access to a shell account on that VPS and the user is in the super user group. You do not have access to the VPS control panel, and the VPS is located in a country which does not respect any legal notices from the country you are in. You need to log into the VPS via ssh and ask it to image itself.

To ensure forensic soundness we must keep any changes we make to the VPS to a minimum, to this end we will not be installing additional software. This means we will be limited to using only the default installed applications and that we will have to transmit the forensic image across the internet as it is being created. (1) To receive the image we require a Linux collection system we control with a public IP address and enough disk space for the image.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (873 reads)

Bridging The Gap Between Mobile And Computer Forensics (Webinar)

Friday, February 10, 2017 (18:44:38)
In this webinar, we will look at the trends and challenges in acquiring and analysis mobile devices. We will also discuss the techniques and workflows for optimising investigations that include mobile devices, computers, and cloud-based evidence.
Register now!

Registration For The Magnet User Summit // 2017 Series Is Now Open

Friday, February 10, 2017 (15:20:28)
You can now register for the Magnet User Summit 2017 Series.

In May, the team is heading to London and Las Vegas to bring our customers all the latest news, product features, hands-on learning, and our take on industry issues.

Interview With Victor Limongelli, Chairman & Chief Executive Officer, AccessData

Wednesday, February 08, 2017 (19:47:21)
Congratulations on being named CEO of AccessData. You previously served as President and CEO of Guidance. Why AccessData? Why now?

I’ve been in the industry since 2003, I’ve known – and competed against – AccessData for many years, and I long viewed FTK as one of the key products in forensics. After becoming Chairman in 2015, I had an opportunity to see the company up close, and when I was asked to take over as CEO I was very comfortable in the strength of the product set, the dedication of the employees worldwide, and the opportunity to grow the business. In particular, the AD Lab product struck me as the future of forensics, enabling scalability and collaboration that is not possible with the traditional, stand-alone forensics approach. That is a big focus of AccessData in 2017.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1140 reads)

Google's new AI system unscrambles pixelated faces

Wednesday, February 08, 2017 (13:26:12)
Google’s neural networks have achieved the dream of CSI viewers everywhere: the company has revealed a new AI system capable of “enhancing” an eight-pixel square image, increasing the resolution 16-fold and effectively restoring lost data.

The neural network could be used to increase the resolution of blurred or pixelated faces, in a way previously thought impossible; a similar system was demonstrated for enhancing images of bedrooms, again creating a 32x32 pixel image from an 8x8 one.

More (Guardian)
  • Posted by: jamie
  • Topic: News
  • Score: 0 / 5
  • (1637 reads)

Samsung sBrowser – Android Forensics: A Look Into The Cache Files

Monday, February 06, 2017 (20:49:53)
by Robert Craig and Michael Lambert

Samsung devices are a large portion of the Android OS market. Samsung has its own Internet Browser, “sbrowser”, installed onto their devices. All web browsers leave artifacts from user activity. The “sbrowser” cache files were similar to other browsers. An embedded source URL gave insight where the cached image came from. Looking at Internet History, cookies, and the cache file itself, an investigator can gain insight where the cached image came from and the likely web page it came from.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1964 reads)

Unlocking The Screen Of An LG Android Smartphone With AT Modem Commands

Friday, February 03, 2017 (16:38:41)
by Oleg Davydov, CTO, Oxygen Forensics

Modern smartphones are much more than just a device for voice calls. Now they contain a lot of personal data – contact list, communication history, photos, videos, Geo tags etc. Most smartphones can also work as a modem.

Almost every modem is Hayes-compatible which means it supports commands of the AT language developed in 1977 by Hayes. Every model supports some basic set of commands which is defined by the manufacturer. Sometimes this set can be extended and can contain very interesting commands.

Let us study behavior of an LG smartphone. When you connect it to the computer by USB you get access to the modem automatically (pic. 1). What is peculiar for LG is that the modem is available even if the phone’s screen is locked.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (2188 reads)

Using Keywords With Magnet AXIOM

Wednesday, February 01, 2017 (14:40:17)
Keywords are an essential part of many forensic examinations. While running keyword lists shouldn’t be the extent of an investigation, the right keyword list can help examiners quickly get to the relevant evidence for their case.

Magnet AXIOM allows examiners to run several different keyword searches either before or after processing your case. Let’s take a look at some of the options available.

Review Of Windows OS Training From AccessData

Friday, January 27, 2017 (17:38:58)
Reviewed by Scar de Courcier, Forensic Focus

From the 6th-8th of December 2016, AccessData ran a Windows course in a training centre overlooking Trafalgar Square in London, UK. The aim of the course was to familiarise forensic investigators with the Windows operating system and give an in-depth understanding of its potential for analysis in digital forensic investigations.

The course was open to all levels, from those who had never conducted an investigation to those who were more familiar with digital forensic techniques. Some level of familiarity with AccessData’s products was assumed, although everything was explained in great detail throughout the course, making it accessible for those who were just starting out as well.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (2098 reads)

This Month In Forensics

Thursday, January 26, 2017 (20:26:46)
Curated by Phill Moore

Russ McRee updated the Incident Response Hierarchy of Needs to a DFIR Hierarchy of Needs & Critical Security Controls.

Oxygen Forensic Detective released version 9.1.1.

Joshua James demonstrated how to compile The Sleuth Kit in Linux.

Lee Reiber discussed the logs.db file in Samsung Android devices.

Jonathon Poling talked about why it's so important to understand your tools.
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1696 reads)