±Forensic Focus Partners

Become an advertising partner

±Your Account


Forgotten password/username?

Site Members:

New Today: 0 Overall: 35628
New Yesterday: 3 Visitors: 119

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

Page 3

Search on This Topic: News

[ Go to Home | Select a New Topic ]

The Opportunity In The Crisis: ICS Malware Digital Forensics

Thursday, May 30, 2019 (12:14:58)
by Christa Miller, Forensic Focus

Malware aimed at industrial control systems (ICS) is nothing new. Nearly 10 years have passed since Stuxnet first targeted the supervisory control and data acquisition (SCADA) systems and programmable logic controllers (PLCs) associated with centrifuges in Iran’s nuclear program. Since then, Havex, BlackEnergy 2, and Crash Override / Industroyer have targeted various ICS.

Until very recently, targeted attacks on ICS have remained rare. In 2017 Dragos, a provider of industrial security software and services, reported that most malware infections on ICS were accidental.

The following year, the Kaspersky lab likewise reported that most ICS malware infections — including cryptomining, ransomware, remote-access trojans (RAT), spyware, and other threats — were random. Dragos has also reported, however, that targeted ICS intrusions aren’t as rare as first believed.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (742 reads)

Oxygen Forensics Enhances Its Cloud Extractor, KeyScout, And JetEngine Utilities

Thursday, May 30, 2019 (08:54:54)
Oxygen Forensics today announces the release of Oxygen Forensic Detective (11.4), with improvements to its Cloud Extractor, KeyScout, and JetEngine utilities, including the ability to extract web browser data from Windows PCs.

What's Happening In Forensics

Wednesday, May 29, 2019 (14:17:57)
The Byton M-Byte is "a premium vehicle, the crowning glory of which is an enormous 4K screen that spreads across the full width of the dashboard, eliminating the need for conventional instruments and dials." A great repository of information for digital forensic investigators!

DarkReading are encouraging people to level up their data forensics game at Black Hat USA this August.

The World Economic Forum is looking to develop global rules for AI.

Xavier Mertens has written about how to perform behavioural malware analysis with Microsoft ASA.
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1053 reads)

AccessData’s AD Enterprise Automates Early Data Collection

Wednesday, May 29, 2019 (13:24:25)
Company also rolls out new versions of FTK and AD Lab with enhancements that leverage machine learning to speed up forensics investigations.

AccessData Group today announced the release of AD Enterprise 7.1, a new version of its software for managing internal forensic investigations and post-breach analysis that contains first-to-market integration with cybersecurity platforms to automate the early stages of data collection.

Leveraging DKIM In Email Forensics

Monday, May 27, 2019 (14:32:15)
by Arman Gungor

My last article was about using the Content-Length header field in email forensics. While the Content-Length header is very useful, it has a couple of major shortcomings:

• Most email messages do not have the Content-Length header field populated
• If the suspect is aware of this data point, the integer value in the Content-Length header field is very easy to modify to make it match the length of the manipulated email payload

Wouldn’t it be great if there was something more widely used and tamper-resistant? Enter DKIM.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1684 reads)

Review Of Griffeye Analyze DI Pro

Friday, May 24, 2019 (12:15:00)
by Jade James

Griffeye Analyze DI Pro is used by law enforcement agencies and other national security and defence organisations for all sorts of investigations involving large volumes of media files. Although it is perhaps most well known for its application to child exploitation cases, Analyze DI Pro is not designed specifically for use in such investigations.

This tool has a wide variety of add-on functionality, meaning investigators are able to work smarter and faster with automated processes that will categorise and filter out non-pertinent material. Analyze DI Pro is designed for individual investigators, with integrated tools for sorting and efficiently analysing large volumes of media files. In a nutshell, Analyze DI Pro parses images and videos intuitively to return the best results for the user.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1056 reads)

How To Image To A Network Repository With Logicube’s Forensic Falcon-NEO

Thursday, May 23, 2019 (14:58:38)
Welcome to Logicube’s tutorial on the Falcon-NEO forensic imager. The Falcon-NEO allows you to image directly to or from a network repository using SMB or CIFS protocol, or using iSCSI. Two 10GbE ports provide extremely fast network imaging performance. In this episode we’ll show you how to image from a physical drive connected to the Falcon-NEO, to a network repository, using CIFS protocol. Make sure you have full permissions to the shared resource before attempting to create a network repository on the Falcon-NEO. We strongly suggest that you contact your network administrator to ensure proper permissions have been set up.

We have set up a directory on a computer that is connected to the same network as the Falcon-NEO. By right clicking on the directory and checking the share properties, we can verify that we have full permissions to this share. We’ll now create and mount the repository on the Falcon-NEO.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (773 reads)

Atola TaskForce v 2019.4: Imaging To Files On Target Device And Other Features

Thursday, May 23, 2019 (09:16:36)
In the year since Atola launched its new flagship product, Atola TaskForce, the product saw three major firmware updates. The latest, 2019.4 version of TaskForce firmware contains a number of features to assist our users with evidence acquisition.

First and foremost, this release introduces imaging to a file on a target device. This popular functionality allows putting a target device in Storage mode to serve as a destination for multiple image files sequentially created on the drive.

In TaskForce, the Storage mode is activated when selecting a target, and the mode will remain active while the drive remains attached to the powered on TaskForce. When a drive is put in Storage mode for the first time, it is formatted to exFAT with large cluster size (32 MB) to ensure the fastest possible imaging.
  • Posted by: Yulia
  • Topic: News
  • Score: 0 / 5
  • (1109 reads)

Interview With Blake Sawyer, Amped Software

Monday, May 20, 2019 (12:54:08)
Congratulations on your new role! Tell us more about your law enforcement career. How did you get into digital forensics?

Thanks so much! I am excited about the opportunity to come and work for Amped Software. I got into digital forensics in a kind of roundabout way. I earned a Computer Science degree in college and went to work for Apple. After several years of support and QA, I got involved in Audio and Video Production. That led me, eventually into working for the Plano Police Department in Plano, TX, USA in 2014.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (2221 reads)

Digital Forensics News May 2019

Monday, May 20, 2019 (08:01:43)
This year's Digital Forensics Challenge from the Korean Institute of Information Security & Cryptology (KIISC) has been announced.

BlackBag's latest version of MacQuisition can now decrypt physical images of the latest Mac systems utilizing the Apple T2 chip.

Magnet AXIOM 3.1 is now available to download - it includes GrayKey integration and a new SQLite viewer.

BlackBag and Traversed have partnered up to provide examiners and investigators access to forensic services that can assist with unique cases and circumstances that require additional expertise.

Susteen's Data Pilot 10 has been updated, providing up to 50% reduction in processing time.

Cyber Sleuth Labs, an initiative to help young people get into the industry, have released a video to demonstrate what they do.
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (2741 reads)