±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36767
New Yesterday: 2 Visitors: 91

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Page 3

Interview With Francis De Giorgio, Director Of Product Development, Susteen

Tuesday, March 10, 2020 (13:39:10)
Francis, tell us about your product development role. Where did you work previously, and what drew you to Susteen?

I always enjoy a good David versus Goliath challenge and have had the privilege over the last 25 years to work with some amazing companies and people to deliver on their dreams and ideas.

What drew me to Susteen was Steve, the company’s President. I’m working for a great 20-year Microsoft Managed Partner, managing and developing leading edge .NET, Azure and IoT applications, and I was invited to a technology round table that Steve belonged to, and we hit it off right away.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (904 reads)

Opinion: When Vendors Hire Research Talent, Where Does It Leave Research?

Monday, March 09, 2020 (13:08:55)
by Christa Miller

In the second half of 2019, a set of hirings made some waves in the digital forensics community. First, in July, Cellebrite hired well-known SANS Senior Instructor Heather Mahalik. Then in August, Mike Williamson joined Jessica Hyde, Christopher Vance, and others at Magnet Forensics. In December, the set completed when BlackBag Technologies hired likewise well-known SANS Senior Instructor Sarah Edwards.

“Name” researchers going to work for vendors is nothing new, of course. Amber Schroader founded Paraben in 1999; Lee Reiber took over as Oxygen Forensics’ Chief Operations Officer in 2015, while Edwards’ transition to BlackBag put her in the already well-established research powerhouse of Vico Marziale and Joe Sylve.

Then Cellebrite acquired BlackBag, consolidating that powerhouse together with Mahalik and a formidable R&D team. With that, the talent acquisition process began to feel more like a research ring match, with Cellebrite and Magnet Forensics trying to knock each other’s blocks off. Where does that leave research itself?

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1465 reads)

Everything You Ever Wanted To Ask About Checkm8 And Checkra1n

Friday, March 06, 2020 (14:21:59)
by Oxygen Forensics

What’s Checkm8?

Checkm8 is an exploit (program exploiting OS or hardware vulnerabilities) aimed at obtaining access to the execution of its own software code at the earliest stage of iOS device loading.

What makes it stand out?

The richness, and honestly the hype, surrounding Checkm8 is that the vulnerability on which it is based cannot be patched by software (update or change) as it is incorporated in code from read-only memory, which cannot be rewritten, at the stage of manufacturing a device chip. This means that all iOS devices prone to this vulnerability will always remain vulnerable, regardless of the iOS version.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (2203 reads)

BlackLight R3 From BlackBag

Thursday, March 05, 2020 (16:12:43)
by Jade James

BlackLight is a simple but smart investigation tool which allows examiners to quickly analyse computer systems and mobile devices. Searching is made easy with advanced filtering to sift through large data sets. The tool is aimed at law enforcement and federal agencies as well as corporations.

BlackLight R3 supports processing of the latest Mac systems including T2 chip, Fusion and encrypted devices. Examiners can also review history in APFS snapshots and Time machine backups.

Continuing support for Windows systems means that examiners can review, analyse and parse certain artifacts such as volume shadow copies, the registry, recent documents, the recycle bin, and much more.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1169 reads)

Forensic Tools For Investigating Child Sexual Abuse Material

Tuesday, March 03, 2020 (16:43:22)
Laura Sanchez discusses her research at DFRWS US 2019.

Hello, I'm Laura Sanchez and I'm a graduate researcher at the University of New Haven. And I'll be presenting the results of our survey that was conducted by my colleagues.

Our paper is a practitioner survey exploring the value of forensic tools, AI filtering and safer presentation for investigating child sexual abuse material or CSAM, believe it or not, that is actually a modified version of our original title. So our agenda for today is just a brief introduction, previous work survey, how the survey was designed, our results, challenges, future work and acknowledgements. So we decided to do some research in this particular area for those investigating child exploitation cases and we found two particular issues for those investigating these cases.

Watch the video
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1474 reads)

What's Happening In Forensics - Mar 03, 2020

Monday, March 02, 2020 (14:41:51)
13Cubed share a memory forensics challenge.

Petr Stuchlík discusses SMB endpoint fingerprinting.

DFRWS share presentations from last year's US conference.

Ryan Benson shares some digital forensics writing tips.
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1229 reads)

Android Auto And Google Assistant – How Google Encourages Hands-Free Motoring

Monday, March 02, 2020 (10:10:28)
Josh Hickman shares his research at DFRWS US 2019.

Josh: My name is Josh Hickman. I am the forensic scientist manager for the digital evidence section in the North Carolina state crime lab. And I am here this morning to talk about Android Auto and Google Assistant. And I know I'm the last presentation before lunch, so I'll try to do my best to get you out here on time. Real quick before I do get started, I gave this presentation to our labs administrators as a dry run and I inadvertently set off a couple of Google Assistant phones during it. I will make a conscious effort to not say the hot word to trigger Google Assistant, but I may slip up inadvertently do it. So you're forewarned.

So Android Auto and Google Assistant work together. You know, the ability to have our vehicles interface with our mobile devices is not a new concept, but it's one that's really started to get into the mainstream.

Watch the video
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1224 reads)

Chromium-Based Microsoft Edge From A Forensic Point Of View

Wednesday, February 26, 2020 (15:06:46)
by Oleg Skulkin & Svetlana Ostrovskaya

Recently Microsoft finally released the Chromium-based version of Edge Browser, so it seems we’ll miss ESE databases soon (not). Of course, it may have a similar set of forensic artifacts to Chromium or Chrome, but we must check it anyway. What’s more, the browser is available not only for Windows, but also for macOS, Android and iOS.

On Windows, Edge data is available under the following location:

C:\Users\%USERNAME%\AppData\Local\Microsoft\Edge\User Data\Default

Let’s start from bookmarks or “favorites”. They are stored in a JSON file with the same name – Bookmarks. You can open it with any text editor. The timestamps are stored in WebKit format – a 64-bit value for microseconds since Jan 1, 1601 00:00 UTC.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1365 reads)

Forensic Pattern Of Life Analysis

Tuesday, February 25, 2020 (15:32:58)
by Christa Miller, Forensic Focus

Pattern of life analysis isn’t a new concept to anyone who’s ever been involved with intelligence, in particular surveillance. It’s all about the habits that people — suspects, persons of interest, crime victims, or those connected to any of the above — carry out in day-to-day life.

When it comes to digital devices, how users interact with them can tell a very detailed story about any given timeframe. There are two reasons for doing this. One, as Brett Shavers outlined in a blog post last year, is to tie a particular device to a user — more of an issue for a computer or tablet than a smartphone.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1233 reads)

Get Uber Acquisition And Timestamps In Google Search URLs In Magnet AXIOM 3.10

Monday, February 24, 2020 (18:02:35)
Magnet AXIOM 3.10 is now available for AXIOM users! Get Magnet AXIOM 3.10 today to acquire from Uber, get new timestamps in Google search URLs, as well get more than 20 updated artifacts.

If you haven’t tried AXIOM yet, request a free trial here.