±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 32922
New Yesterday: 6 Visitors: 162

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

Digital Forensics, Computer Forensics, eDiscovery

Belkasoft Evidence Center 8.5 Offers Advanced Mobile Forensics and RAM Analysis

Monday, October 23, 2017 (09:04:21)
Belkasoft updates Belkasoft Evidence Center 2018 (BEC) with multiple improvements, offering live memory analysis and malware detection for Windows 10 RAM dumps and enhancing support for Android physical acquisition. In v.8.5 Belkasoft’s digital forensic suite supports wallet apps for two of the most popular crypto-currencies Bitcoin and Ethereum, allowing experts to analyze transaction made with those crypto-currencies.

In addition, Belkasoft Evidence Center 2018 brings support for the latest mobile apps, technologies and operating systems up to date. iCloud backup downloader now supported for all versions of iOS up to and including iOS 11, while logical acquisition of Android devices now supports Android 7 Nougat.

Digital Forensics News October 2017

Friday, October 20, 2017 (09:48:42)
Magnet AXIOM 1.2 is now available for customers to download, with new features including improved access to cloud-based data.

Jon at Ciofeca Forensics discusses the forensic examination of Apple iCloud Notes.

Paraben have launched the first IoT forensics training course in collaboration with a NATO cyber school.

Magnet Forensics' Christopher Vance shares his knowledge about analysing information from new mobile apps.

BlackBag Technologies have announced Ken Basore as their new CEO.

Videos from the latest DEFCON are starting to appear on their YouTube channel.

MOBILEdit 4.2 has just been released, featuring improved cell tower data.
  • Posted by: scar
  • Topic: All
  • Score: 0 / 5
  • (701 reads)

Paraben Is Back On Top With The Tool Every Digital Forensic Lab Should Have

Thursday, October 19, 2017 (14:32:02)
SC Media states, “This belongs in every lab doing mobile device forensics. Not only is it a solid tool. It is perfect for triage. We make this our Best Buy this month.”

SC Media, a highly rated news source for the Cyber Forensics Industry, has once again named E3:DS as Best Buy in mobile forensics along with a 5-Star review on product performance. SC Media states, “This belongs in every lab doing mobile device forensics. Not only is it a solid tool. It is perfect for triage. We make this our Best Buy this month.” Paraben Corporation, the originator of mobile technology forensics with products such as PDA & Cell Seizure in 2001, continues to lead the way into the future of forensics focusing on mobile devices and IoT (Internet of Things).
  • Posted by: Shan
  • Topic: News
  • Score: 0 / 5
  • (947 reads)

Windows Drive Acquisition

Thursday, October 19, 2017 (12:00:10)
by Oleg Skulkin & Scar de Courcier

Before you can begin analysing evidence from a source, it first of all needs to be imaged. This describes a forensic process in which an exact copy of a drive is made. This is an important step, especially if evidence needs to be taken to court, because forensic investigators must be able to demonstrate that they have not altered the evidence in any way.

The term forensic image can refer to either a physical or a logical image. Physical images are precise replicas of the drives they reference, whereas a logical image is a copy of a certain volume within that drive. In general, logical images show what the machine’s user will have seen and dealt with, whereas physical images give a more comprehensive overview of how the device works at a higher level.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (373 reads)

Three Things You Need To Know About EnCase Mobile Investigator

Wednesday, October 18, 2017 (14:55:42)
Guidance Software (Now OpenText) has recently released EnCase® Forensic and EnCase Endpoint Investigator 8.05 supporting mobile device acquisitions in addition to the all-new EnCase Mobile Investigator, which offers powerful mobile data review and reporting capabilities for acquired mobile data.

Working with the forensic community, we developed EnCase Mobile Investigator with the needs of examiners in mind. Our new mobile forensics solution delivers the same level of visibility to mobile devices as delivered to traditional endpoints through EnCase Forensic. With continuous updates to mobile operating systems and popular apps, the broadest mobile device support available, and powerful investigation features, EnCase Mobile Investigator stands out from the pack — empowering examiners to find, analyze, and report on the evidence they need to close cases.

Why You Need Forensics In An IoT World

Wednesday, October 18, 2017 (12:20:58)
We live in a truly digital age. The Internet of Things (IoT) is at the forefront of almost everything we touch as consumers. From the Amazon Echo to smart door locks, we are integrating IoT devices into daily life. However, users often don’t realize how much data these devices collect and store.

The IoT is also fuelling a frenetic pace for new and changing technology. The evolution of a cell phone from the first models in the 1990’s to today’s iPhone x took 20 years. On the other hand, IoT technology is changing much more quickly. With more devices connected than ever – according to Gartner, we will hit 20 billion IoT devices by 2020 – the digital forensic community faces several unique questions:

MOBILedit 4.2 Supports New Apple HEIF Photo Format, Improves Cell Tower Data

Wednesday, October 18, 2017 (10:08:11)
Latest release of MOBILedit Forensic Express brings many great additions including support of iOS 11 and Apple's new photo format HEIF, Android user dictionary analysis, determine Android clock/time-zone manipulation, and improved deleted data and cell tower data retrieval. In 4.2 we've also improved Android call log analysis and the MTK chipset hack for physical acquisition. Many apps have been added or updated and we've improved direct viewing of video message attachments.

Forensic Focus Forum Round-Up

Tuesday, October 17, 2017 (11:56:22)
Welcome to this month’s round-up of recent posts to the Forensic Focus forums.

Apple have announced a new file system - share your thoughts on the forum.

Are these encrypted files, and if so, how would you access them?

Forum members discuss last written times on MountPoints2.

What do you think of balloon powered internet? Chime in on the forum.

Can you help marcyu to decrypt Microsoft Word 2003 40-bit encryption?
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1639 reads)

Free Live Webinars Of Our Most Requested AccessData Training Sessions

Monday, October 16, 2017 (15:39:34)
AccessData is offering a series of live training webinars based on some of our most popular sessions of the recent past. Our trainers have 30 years of experience in delivering superior training and certifications for digital forensics and legal e-discovery. Your seat is free, so register soon—they won't last long!

http://marketing.accessdata.com/bydemandwebinars

Linux Memory Forensics: Dissecting the User Space Process Heap

Monday, October 16, 2017 (12:45:20)
by Frank Block and Andreas Dewald

The analysis of memory during a forensic investigation is often an important step to reconstruct events. While prior work in this field has mostly concentrated on information residing in the kernel space (process lists, network connections, and so on) and in particular on the Microsoft Windows operating system, this work focuses on Linux user space processes as they might also contain valuable information for an investigation. Because a lot of process data is located in the heap, this work in the first place concentrates on the analysis of Glibc’s heap implementation and on how and where heap related information is stored in the virtual memory of Linux processes that use the Glibc heap implementation. Up to now, the heap was mostly considered a large cohesive memory region from a memory forensics perspective, making it rather hard manual work to identify relevant information inside.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (601 reads)