±Forensic Focus Partners

Become an advertising partner

±Your Account


Forgotten password/username?

Site Members:

New Today: 0 Overall: 33659
New Yesterday: 9 Visitors: 188

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

Page 3

Watch The Recent Cellebrite Webinar

Friday, March 02, 2018 (14:21:33)
If you missed the recent Cellebrite webinar, Access mobile device evidence faster using Emergency Download mode (EDL), then have no worries! We’ve recorded it for you!

Click here to access the webinar!

During the webinar you will discover how Cellebrite’s unique automatic Emergency Download mode (EDL) capability can provide you with forensically-sound access to extract physical data from devices. Industry experts discuss how using EDL mode and Cellebrite’s unique capabilities provide a valuable alternative method to recover device evidence as compared with other more traditional, time-consuming methods such as ISP, JTAG or Chip-off.

If you would like more information or have any questions on how Cellebrite can help accelerate your toughest investigations and other digital forensic challenges, click here.

The Cellebrite Team

Evidence Acquisition Using Accessdata FTK Imager

Friday, March 02, 2018 (10:36:56)
by Chirath De Alwis

Forensic Toolkit or FTK is a computer forensics software product made by AccessData. This is a Windows based commercial product. For forensic investigations, the same development team has created a free version of the commercial product with fewer functionalities. This FTK Imager tool is capable of both acquiring and analyzing computer forensic evidence.

The evidence FTK Imager can acquire can be split into two main parts. They are:

1. Acquiring volatile memory
2. Acquiring non-volatile memory (Hard disk)

There are two possible ways this tool can be used in forensic image acquisitions.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (736 reads)

Oxygen Forensics Provides Industry-Exclusive Support for DJI Cloud

Thursday, March 01, 2018 (16:54:48)
Oxygen Forensics, a worldwide developer and provider of advanced forensic data examination tools for mobile devices, cloud services and drones, announced today that its flagship software product, Oxygen Forensic® Detective v. 10.1 can now obtain data from the DJI cloud, which is the data repository for all DJI drones. Oxygen Forensics does this through Oxygen Forensic® Cloud Extractor.

When It Comes To Training, Quality Absolutely Matters!

Thursday, March 01, 2018 (11:13:19)
By: Danny Garcia, Senior Director of Certification and Learning Technology | CFCE CCME CCPA CCO

I can look back and say with confidence that I have made a difference in the quality of training programs delivered throughout my tenure for numerous organizations since 2008. However, it was not until I started as a contract trainer with Cellebrite in 2013 that I knew I could make a substantial difference in what is taught in this space. Since joining Cellebrite's Global Training Division team, I have been part and parcel in identifying, repairing and improving the quality of curriculum and our certification courses.

If you do not know, you do not know!

Video: Force Open - Lightweight Black Box File Repair

Wednesday, February 28, 2018 (10:25:56)
Karl Wust discusses his research at DFRWS EU 2017.

Wust: Hi everyone. My name is Karl Wust, and I’m a security researcher from ETH Zurich, and the work that I present here is joint work with Petar Tsankov, Sasa Radomirovic, and Mohammad Torabi Dashti.

Usually, when we open a file – if we open an image file, for example – we expect something like this. The [file viewer] pops up and shows us the image that we want to see, in this case, a nice photo of Zurich. But sometimes, files get corrupted, for different reasons – transmission errors, [degradated] storage, or some other reasons. And in some cases, we can still open the image, but it will look something like this. So we get some artefacts here. In this case, we have some part of the image that is on the bottom right that should actually be on the bottom left.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (554 reads)

Digital Forensics News February 2018

Monday, February 26, 2018 (16:04:37)
Compelson have released the latest version of MOBILedit Forensic Express.

Free Android Forensics takes a deep-dive into an app.

Registration is now open for the Magnet User Summit 2018.

Eric Huber introduces a new series of blog posts about moving from LE to the private sector.

BlackBag's MacQuisition 2018 R1 now comes with 120GB SSDs as standard, and a 1TB SSD option is soon to be released.

Brett Shavers talks about why it's so important to be able to write good reports in DFIR.

Cellebrite have released version 7.1 of their UFED products.

Hashcat v4.1.0 has been released.

Forensic Focus readers can get 30% off the registration fee for TechnoSecurity by using the code FFOCUS18 at the checkout.

Adam Harrison has written a useful post on rebuilding RAID in EnCase 7/8.
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (895 reads)

BlackBag Offers New MacQuisition Device Sizes to Provide Supersized Imaging

Monday, February 26, 2018 (12:50:13)
With a faster drive, supersized imaging capability, and the latest features in MacQuisition 2018 R1 (including enhanced Apple File System support), BlackBag's MacQuisition offers digital examiners the very best forensic imaging solution for Mac OS X and macOS.

Forensic Focus Forum Round-Up

Monday, February 26, 2018 (10:09:50)
Welcome to this month’s round-up of recent posts to the Forensic Focus forums.

How would you find credit card numbers using EnCase?

Forum members help to locate network history and VPN profiles.

How would you image and examine a Chromebook? Share your thoughts on the forum.

Can you help loonaluna to recover data from a deleted TrueCrypt container?

What kind of malware do you think has been used on this machine?

How would you extract data from .img files from a Sony VAIO backup?

Is it possible to virtualise Mac on Windows, and if so, how would you do it? Add your thoughts on the forum.

Forum members discuss reading and migrating Microsoft Word 4.0 files.
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (704 reads)

Using Technology To Get Results: Accumulated Knowledge

Friday, February 23, 2018 (12:40:29)
Over three articles, Griffeye known for its Analyze platform for collecting, processing, analyzing, visualizing and managing images and videos, explores the challenges and opportunities law enforcement face due to the sheer volume of data in digital media investigations. Not least showing how technology can help us get better results, quicker. This first article addresses accumulated knowledge and its value.

Bruteforcing Linux Full Disk Encryption (LUKS) With Hashcat

Thursday, February 22, 2018 (11:24:03)
by Patrick Bell

This walk-through will show you how to Bruteforce LUK volumes using hashcat, how you can mount a LUK partition, and how we can image it once it’s decrypted.

Scenario: You’ve got a Macbook in. MacOS has been removed and Debian 9.0 has been installed. The suspect is using LUKS (Linux Unified Key Setup) full disk encryption to encrypt the disk. Password is unknown and we need a forensically sound method to access the data. This is how I’d do it.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (2482 reads)