±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 1 Overall: 35755
New Yesterday: 5 Visitors: 136

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Search found 117 matches

Re: Recover server deleted logs using FTK

Post Posted: Jul 01, 19 10:22

First, you have to learn how to do digital forensics.

Then, take your image of the server and retry.
redcat
Topic: Recover server deleted logs using FTK
Replies: 2
Views: 1954
 

Re: FTK Image Properties

Post Posted: Jul 01, 19 10:20

Just mount the AD1 in FTK Imager as you have done and then image the contents uncompressed to another AD1 or whatever container you prefer to use. Then the size is the size.

But I agree, this is a ...
redcat
Topic: FTK Image Properties
Replies: 4
Views: 1304
 

Re: Oxygen Forensics , XRY or Cellebrite - Which one is bet

Post Posted: May 27, 19 19:56

Cellebrite is easier to work with, seems to support more devices, and has better reporting capabilities. If I had to choose a single mobile forensic tool it would always be Cellebrite. That said, the ...
redcat
Topic: Oxygen Forensics , XRY or Cellebrite - Which one is better?
Replies: 12
Views: 10346
 

Re: How best to deal with paranoid/delusional clients

Post Posted: Apr 23, 19 09:37

Interesting topic. I have encountered this on several occasions over the years; like you, mental health issues are usually suspected. Similarly, I don't really know how to broach this, as it's a diffi ...
redcat
Topic: How best to deal with paranoid/delusional clients
Replies: 5
Views: 1387
 

Re: A question about operating systems

Post Posted: Jan 08, 19 19:58

A competent forensic investigator should be comfortable using all major versions of Windows, Linux, and MacOS and will use whichever is most appropriate for whatever they are investigating.
redcat
Topic: A question about operating systems
Replies: 5
Views: 1939
 

Windows 8.1 x64 Process ID behaviour

Post Posted: Oct 18, 18 12:28

Does anybody out there know off the top of their heads how Windows 8.1 (or 10) behaves in terms of allocating and then releasing and/or reissuing PIDs please? Specifically if process A gets PID 1234 t ...
redcat
Topic: Windows 8.1 x64 Process ID behaviour
Replies: 1
Views: 885
 

Re: Office 365 forensic

Post Posted: Aug 10, 18 17:02

My former colleague Adam Harrison has published some decent research into this very area:

https://blog.1234n6.com/2018/07/investigating-office365-account_12.html
redcat
Topic: Office 365 forensic
Replies: 5
Views: 2577
 
Page 1 of 17
Page 1, 2, 3 ... 15, 16, 17  Next