±Forensic Focus Partners

Become an advertising partner

±Your Account


Forgotten password/username?

Site Members:

New Today: 0 Overall: 36767
New Yesterday: 2 Visitors: 82

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Page 2

How To Extract Cloud Data Using Oxygen Forensic Detective’s Cloud Extractor

Tuesday, March 24, 2020 (14:39:39)
Welcome to Oxygen Forensic Detective’s knowledge nuggets. In this video, I will show you how simple it is to extract cloud data using Detective’s Cloud Extractor. If you weren’t already aware, Oxygen Forensic Detective has a lot more to it than just extracting and parsing cell phones. Our Cloud Extractor is included, meaning if you own a license for Detective, you have Cloud Extractor.

There are two ways to enter into the Cloud Extractor. One is after you extract a device and you view the accounts and passwords section at the top of the screen, you will find the Cloud Extractor. If you access through here, all accounts with usernames, passwords, and tokens will automatically populate into the Extractor. The other location of your Cloud Extractor is on your home screen, under ‘extract’.

Watch the video
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (959 reads)

Register For Webinar: A Deep Dive Into Keychain And Spotlight Artifacts

Thursday, March 19, 2020 (16:20:22)

Join BlackBag for a where our experts will cover what can be extracted from the macOS keychain, what you can do to get the most out of it, and how Apple secures your passwords and other secrets. We will take a closer look at Spotlight artifacts beyond the System Level file metadata store that users are most familiar with. Come along as we explore user-specific metadata stores, user search history, and iOS metadata stores. We will walk through what Mac’s Spotlight artifacts can reveal about specific user actions. Finally, get a sneak peek of the latest Apple artifacts supported in the upcoming BlackLight 2020 R1 release.

  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1542 reads)

Interview With Samuel Abbott, Software Trainer, Amped Software

Thursday, March 19, 2020 (16:06:23)
Samuel, congratulations on your new role! Tell us more about your career with the Royal Military Police. How did you come to be a video analysis expert?

Thank you! It is a very exciting move for me. My career began in the Royal Military Police in 2014 where I first started out doing general police duties but then discovered a Multimedia & Evidential Imagery Team (MEIT) within the RMP, so I immediately applied to a selection process and successfully earned a spot on that team.

The team consisted of four RMP members and two civilians, together we worked on every multimedia evidence investigation for the Army, Navy and RAF worldwide.

We had a wide range of capabilities from CCTV recovery to video enhancement, crime scene reconstruction, laser scanning, and body injury mapping.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1029 reads)

How To Acquire Cloud Data With MD-CLOUD

Wednesday, March 18, 2020 (12:55:13)
‘17.5 Zettabytes.’ This is the amount of data that the IDC estimates will be generated annually by 2025, and among those numbers, cloud traffic is expected to grow and reach 18.9 Zettabytes by 2021.

This tremendous amount of cloud data is generated and fueled in the course of building driver assistance and autonomous vehicle technologies; IoT devices including sensors in our bodies, homes, factories, and cities; high-resolution content for 360 video and augmented reality; and 5G communications globally.

As many digital forensic investigators are facing so-called ‘digital transformation’, finding evidence data from various cloud services is a highly demanding and important mission for digital forensic investigators.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1139 reads)

Toward Exact And Inexact Approximate Matching Of Executable Binaries

Tuesday, March 17, 2020 (14:05:05)
Lorenz Liebler discusses his research at DFRWS EU 2019.

The application of approximate matching (a.k.a. fuzzy hashing or similarity hashing) is often considered in the field of malware or binary analysis. Recent research showed major weaknesses of predominant fuzzy hashing techniques in the case of measuring the similarity of executables (Pagani et al., 2018).

Summarized, well known Context-Triggered Piecewise-Hashing approaches are not very reliant for the task of binary comparisons, as even benign changes heavily impact the underlying byte representation of an original binary. Modifications could be caused by benign or malicious source code changes, different compilers, and changed compiler settings.

Approaches based on the extraction of statistically improbable features (Roussev, 2010) or n-gram histograms (Oliver et al., 2013) showed a better detection performance in case of inexactly matching binaries with varying build settings or source code modifications.

Watch the presentation
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1084 reads)

Interview With Joe Sylve, Director Of Research And Development, BlackBag

Monday, March 16, 2020 (14:46:46)
Joe, your BlackBag profile describes how you "drive innovation and pursue emerging areas of research" as Director of Research & Development. Can you describe for us what your day-to-day looks like?

Usually I’m managing shifting priorities, so there’s not always a “typical” day for me. Some days I spend my days in IDA Pro, reverse engineering OS subsystems to learn how on-disk artifacts can be analyzed. Other days, I’m mostly wearing my developer hat and writing code that will eventually be integrated into the backend of BlackBag’s tools.

As with all things research, our initial approach doesn’t always work out, so there’s a lot of lessons learned and iteration going on behind the scenes.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (910 reads)

Get Audio Redaction In The Latest Amped FIVE Update 16112

Friday, March 13, 2020 (21:13:41)
Amped Software announced the release of another update to Amped FIVE, our one-stop toolkit for all your video and image enhancement needs. Update 16112 includes some exciting new features. Our users will be happy to know that Amped FIVE now includes an Audio Panel and with that the highly requested Audio Redaction feature. We've also included the option for selecting the quality of a H.264 output file allowing you to have more choice regarding quality when using this format within this filter, and much much more.

10 Quick Facts About Oxygen Forensic Cloud Extractor

Wednesday, March 11, 2020 (15:01:17)
In October 2014, Oxygen Forensics changed the DFIR landscape by bringing the first Cloud extraction tool to the forensic industry. This innovative, and included utility, was available within the powerful Oxygen Forensic® Detective software and allowed acquisition of data from Google, iCloud, and Microsoft cloud services, as well as Box, Dropbox and Bitcasa. Since then, cloud services have evolved – and so have we. Many digital forensic companies jumped onto the “cloud bandwagon” and now offer a cloud extractor. However, what still remains true, and only provided by Oxygen, is the fact Oxygen Forensic Detective is the only software that has a Cloud Extractor built into the software at no additional charge.

Let’s go through the 10 most important things investigators need to know about our Oxygen Forensic® Cloud Extractor!

Sarah Edwards On iOS Forensics And APOLLO

Wednesday, March 11, 2020 (13:46:15)
Christa: Hello and welcome to the Forensic Focus podcast. Monthly we interview experts from the digital forensics and incident response community on a host of topics ranging from technical aspects to career soft skills. I'm your host, Christa Miller.

Today we're talking with Sarah Edwards, senior digital forensics researcher at BlackBag Technologies. Sarah works in the DC Metro area and specializes in Mac and mobile forensics. She has worked with various federal law enforcement agencies and has performed a variety of investigations including computer intrusions, criminal intelligence, and terrorism products.

Listen to the podcast
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1276 reads)

NIST Test Results For Mobile Device Acquisition Tools - MSAB XRY

Wednesday, March 11, 2020 (13:22:55)
The results are out. The U.S. National Institute of Standards and Technology has published its report on the performance of XRY 8.1.0 in recovering and analyzing mobile device data using JTAG and chip off methods. This is part of NIST’s ongoing Digital Forensic Tool Testing Program, which law enforcement agencies rely on to validate their tools.

Download the report at: http://bit.ly/2ToRrln