±Forensic Focus Partners

Become an advertising partner

±Your Account


Forgotten password/username?

Site Members:

New Today: 0 Overall: 36205
New Yesterday: 4 Visitors: 140

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Digital Forensics, Computer Forensics, eDiscovery

How To Use AXIOM In Malware Investigations: Part I

Monday, November 11, 2019 (19:51:00)
Hey everyone, Tara Nelson here with Magnet Forensics. Today I’m going to give a little bit of insight into how AXIOM can help with some of your day-to-day investigations.

In part one of the segment we’re going to talk a little bit about malware investigations, in particular reviewing memory as part of AXIOM. Regardless of the infection, be it a phishing email or a malicious code on a website, or what have you, memory analysis is usually a key component to a malware investigation.

I have a case open in AXIOM Examine, with both an end point and a memory image of an infected machine. This can be super beneficial in your investigation because it allows you to examine multiple pieces of evidence, including memory, in one tool.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (784 reads)

Atola TaskForce’s Productivity: Express Mode, Automation And Much More

Monday, November 11, 2019 (13:16:22)
Atola TaskForce has been designed as a tool for maximum productivity with the ability to image, hash, wipe in parallel on 12+ more ports at the top native speeds of the evidence drives and achieve an overall speed of 15 TB/hour.

Our engineers continuously develop new features to enhance the product and solve forensic examiners’ most pressing needs in the acquisition process.

The unit is equipped with 8-thread Xeon CPU 3.7 GHz, ECC RAM, and a server-grade motherboard. It also has 18 ports: 6 SATA, 6 SAS/SATA, 4 USB, and IDE drives, as well as other storage devices via Thunderbolt, Apple PCIe, and M.2 SSD extension modules. All ports are equipped with a source switch, which allows to use each port in the preferred mode and keep the source ones write-protected.
  • Posted by: Yulia
  • Topic: News
  • Score: 0 / 5
  • (862 reads)

Review: Griffeye Brain In Analyze DI Pro

Monday, November 11, 2019 (09:16:12)
by Jade James

Griffeye are currently offering a free 90-day trial of their flagship product, Analyze DI Pro, which includes access to the user portal and all the resources within it.

Analyze DI Pro comes with many benefits. You can import all types of data, including everything from CCTV to native forensic image formats, as well as data extracted in VICs. It is possible to start analysing the data straightaway: there is no need to wait for all the processing to finish. The Griffeye Intelligence database also allows you to connect to multiple shared databases to share information with other investigators internationally. The robust image and video hashing can save you valuable time by pre-categorising known data and stacking duplicates.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (472 reads)

How To Export Media Files From BlackLight Into Semantics21

Friday, November 08, 2019 (13:08:36)
So before we go to export our files from BlackLight to S21, what we will normally do is we will run the hashes against our case. In this case what we’ve done is we’ve already run these hashes against BlackLight, and as you can see, S21 has been run and it’s showing complete. These are the hashes that we’ve already set up and we’ve connected to this hash database through the MySQL interface within BlackLight. Once that is done – and in this case, the hash is done – we can then go over to our media section.

Now I’m going to choose ‘Combined.’ And what this is going to do is it’s going to show all the images, and all the thumbnails, and all the video files, that are part of this case. It’s displaying all of these pictures and videos and thumbnails for us. Now what I want to do is, I want to export all of these pictures and videos from the case, into a format that S21 will understand.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (913 reads)

Cost-Effective Tools For Small Mobile Forensic Labs

Thursday, November 07, 2019 (13:49:16)
by Alex Moeller

As the costs associated with running a mobile devices forensic laboratory can be considered to be high, this article is aimed at providing alternative options for small organisations or individuals looking to reduce overheads.

There are numerous case management systems available online which are free to download, and premium features offered by some of the paid software are not worth losing coin over at the small business stage.

These case management systems, however, are a double-edged sword. Although many have built-in data loss mitigation features such as real-time backup, the feature requires a constant internet connection. This can open up your system to possible attacks and manipulation of case information.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (806 reads)

Case Study: A Change In Toolset Saved Merseyside Police £36,000

Thursday, November 07, 2019 (12:25:33)

BlackLight was a Winner in a Cost-Benefit Analysis of Digital Forensic Tools

Detective Sergeant James Milligan, a laboratory manager for Merseyside Police, recognized his department was facing the same issue as every digital forensic lab in the world; his budget is finite. With this finite amount of money, the laboratory must remain operational. Amounts must be allocated for personnel, training, infrastructure, and forensic tools. Having the infrastructure in place, the digitals tools necessary, and the appropriately trained staff ensures a laboratory is ready and able to complete cases.

Adding to the challenges faced today is the perpetual evolution of digital artifacts and the tools used for acquisition and analysis. A decade ago, there were far fewer challenges. Encryption, mobile devices, larger quantities of data, multiple devices for each exam, and various new operating system artifacts all combine to make digital examinations more complex. At the same time, laboratories face contiguous pressure to produce results at the same rate or even faster than before.

Belkasoft Discusses Proper Timelines And How to Handle Them

Thursday, November 07, 2019 (09:52:45)
Belkasoft has published a guide covering the capabilities of Belkasoft Evidence Center related to building and analyzing proper timelines.

As the article stresses, ‘timeline is a crucial notion of digital forensics. Numerous lasting crimes are essentially sequences of actions leaving digital footprints, which are to be examined step by step in their development and interrelation. Even if one deals with a single-point crime, it always has a background and its implications constituting a coherent storyline that can be investigated on a temporal basis. That is why it is often not an exaggeration to say that digital forensics is all about resolving complex timelines. This importance is the basis of the deliberate attention Belkasoft pays to develop an advanced timeline’.

Full text available at https://belkasoft.com/building_a_timeline_with_BEC

What's Happening In Forensics - Nov 6, 2019

Wednesday, November 06, 2019 (18:55:06)
Animesh Shaw shows how to use TSK and Autopsy.

Jai Minton shares a handy digital forensics cheat sheet.

Ted Smith shares an introduction to X-Tensions for beginners with X-Ways.
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (798 reads)

Walkthrough: What’s New In XAMN v4.4

Wednesday, November 06, 2019 (18:32:58)
Hello and welcome to this video about what’s new in XAMN 4.4.

I’m going to take you through ten new improvements, as you can see listed here in the latest release of the XAMN application. Let’s get straight on to the product so we keep this video as short as possible for you.

This is the latest version of XAMN 4.4. I’m working on a beta, so some features might change before the final release, but this should be a good indication of what’s coming up.

Let’s start with this file for an iPhone 6. And the first thing we’ve done is improved the loading functionality. You can see here there are twelve XRY files to be loaded, and you get feedback in relation to where the program is. Also it’s much faster to load.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (708 reads)

VFC5: Now With Windows Live ID Exploit

Tuesday, November 05, 2019 (22:30:32)
First launched in 2007, VFC has recently had a major facelift. VFC5 brings you:

• VFC Mount™, MD5’s proprietary, complementary mount tool, supporting .e01, .ex01, .vmdk, .bin, .img, .raw, .dd, .aff4
• Command Line Interface (CLI) allows you to launch VFC from existing forensic tools
• Enhanced Password Bypass (PWB) now supports over 2,300 discrete Windows builds
• Generic Password Reset (GPR) with integral “Live ID” exploit” *
• 64-bit support brings the software bang up to date with today’s forensic laboratory environment
• Enhanced Physical Disk support allows you to virtualise a write-blocked physical drive with ease
  • Posted by: boydg1
  • Topic: News
  • Score: 0 / 5
  • (1140 reads)