±Forensic Focus Partners

Become an advertising partner

±Your Account


Forgotten password/username?

Site Members:

New Today: 0 Overall: 36738
New Yesterday: 0 Visitors: 143

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Latest Forum Posts

 Topics   Replies   Author   Views   Last Post 
  Applying the Law (UK) to an Incident Response Plan 1 cmann 267   Sun Mar 29, 2020 5:11 pm 
  Hidden files on USB Drive... how? 11 Suai 1264   Sun Mar 29, 2020 2:06 am 
  AFOSI Special Agent - Digital Forensic Examiner 1 JSyber 349   Sat Mar 28, 2020 2:19 pm 
  Assignment 7 Nab11 1079   Thu Mar 26, 2020 3:33 pm 
  Ufed 4PC not reading iPhone data 2 Anon 872   Wed Mar 25, 2020 5:51 pm 

Catalina: A Voyage Through Apple's New Artifacts

Friday, March 27, 2020 (14:27:12)
Apple's ever-changing features and updates can make it hard to keep up with the latest changes to the file system and understand how it impacts your investigations.

Forensic Focus Forum Round-Up

Thursday, March 26, 2020 (15:47:59)
Welcome to this month’s round-up of recent posts to the Forensic Focus forums.

What tools would you recommend for MacOS remote forensic collection?

Can you help CopyRight with a question about internal hard disk removal logs?

How would you process an external WD HD with WD Smartware VCD?

Can you help mhibert to bypass a Windows 10 password?

How can you tell whether a Skype call was made using video or audio?
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (680 reads)

How To Decrypt WhatsApp Messages With Oxygen Forensic Detective

Thursday, March 26, 2020 (14:09:23)
Welcome to Oxygen Forensic Detective’s Knowledge Nuggets. In this video we’re going to discuss decrypting WhatsApp messaging.

Let’s go over a few very important points that you need to consider before analyzing WhatsApp.

Number one: always place the device in airplane mode. This is important for many reasons, but the reason specific to WhatsApp is [that] during the extraction of WhatsApp, iCloud backup or Google Drive backup or the WhatsApp cloud, entering the phone verification code will disable the previous WhatsApp installation. The application on the device will then lose its verified status.

Watch the video
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (829 reads)

BlackBag Announces New Live Instructor-Led Virtual Training Courses

Wednesday, March 25, 2020 (12:19:55)

BlackBag’s industry-leading courses, Basic Forensic Investigations, Windows Forensic Investigations, and Apple Forensic Investigations are now available as live, virtual courses.

Oxygen Forensics Offers Free Remote Trainings During COVID-19 Crisis

Wednesday, March 25, 2020 (12:15:51)
The COVID-19 pandemic has reshaped our world almost overnight—upending daily routines and disrupting much of the global economy. Unfortunately, crime never takes a day off, not even during times of crisis. Ongoing digital forensics investigations have lost none of their urgency, and investigators still need resources that will enable them to use their tools to the fullest potential. Oxygen Forensics is here to help.

How To Extract Cloud Data Using Oxygen Forensic Detective’s Cloud Extractor

Tuesday, March 24, 2020 (14:39:39)
Welcome to Oxygen Forensic Detective’s knowledge nuggets. In this video, I will show you how simple it is to extract cloud data using Detective’s Cloud Extractor. If you weren’t already aware, Oxygen Forensic Detective has a lot more to it than just extracting and parsing cell phones. Our Cloud Extractor is included, meaning if you own a license for Detective, you have Cloud Extractor.

There are two ways to enter into the Cloud Extractor. One is after you extract a device and you view the accounts and passwords section at the top of the screen, you will find the Cloud Extractor. If you access through here, all accounts with usernames, passwords, and tokens will automatically populate into the Extractor. The other location of your Cloud Extractor is on your home screen, under ‘extract’.

Watch the video
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (862 reads)

Register For Webinar: A Deep Dive Into Keychain And Spotlight Artifacts

Thursday, March 19, 2020 (16:20:22)

Join BlackBag for a where our experts will cover what can be extracted from the macOS keychain, what you can do to get the most out of it, and how Apple secures your passwords and other secrets. We will take a closer look at Spotlight artifacts beyond the System Level file metadata store that users are most familiar with. Come along as we explore user-specific metadata stores, user search history, and iOS metadata stores. We will walk through what Mac’s Spotlight artifacts can reveal about specific user actions. Finally, get a sneak peek of the latest Apple artifacts supported in the upcoming BlackLight 2020 R1 release.

  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1410 reads)

Interview With Samuel Abbott, Software Trainer, Amped Software

Thursday, March 19, 2020 (16:06:23)
Samuel, congratulations on your new role! Tell us more about your career with the Royal Military Police. How did you come to be a video analysis expert?

Thank you! It is a very exciting move for me. My career began in the Royal Military Police in 2014 where I first started out doing general police duties but then discovered a Multimedia & Evidential Imagery Team (MEIT) within the RMP, so I immediately applied to a selection process and successfully earned a spot on that team.

The team consisted of four RMP members and two civilians, together we worked on every multimedia evidence investigation for the Army, Navy and RAF worldwide.

We had a wide range of capabilities from CCTV recovery to video enhancement, crime scene reconstruction, laser scanning, and body injury mapping.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (953 reads)

How To Acquire Cloud Data With MD-CLOUD

Wednesday, March 18, 2020 (12:55:13)
‘17.5 Zettabytes.’ This is the amount of data that the IDC estimates will be generated annually by 2025, and among those numbers, cloud traffic is expected to grow and reach 18.9 Zettabytes by 2021.

This tremendous amount of cloud data is generated and fueled in the course of building driver assistance and autonomous vehicle technologies; IoT devices including sensors in our bodies, homes, factories, and cities; high-resolution content for 360 video and augmented reality; and 5G communications globally.

As many digital forensic investigators are facing so-called ‘digital transformation’, finding evidence data from various cloud services is a highly demanding and important mission for digital forensic investigators.

Read More
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1084 reads)

Toward Exact And Inexact Approximate Matching Of Executable Binaries

Tuesday, March 17, 2020 (14:05:05)
Lorenz Liebler discusses his research at DFRWS EU 2019.

The application of approximate matching (a.k.a. fuzzy hashing or similarity hashing) is often considered in the field of malware or binary analysis. Recent research showed major weaknesses of predominant fuzzy hashing techniques in the case of measuring the similarity of executables (Pagani et al., 2018).

Summarized, well known Context-Triggered Piecewise-Hashing approaches are not very reliant for the task of binary comparisons, as even benign changes heavily impact the underlying byte representation of an original binary. Modifications could be caused by benign or malicious source code changes, different compilers, and changed compiler settings.

Approaches based on the extraction of statistically improbable features (Roussev, 2010) or n-gram histograms (Oliver et al., 2013) showed a better detection performance in case of inexactly matching binaries with varying build settings or source code modifications.

Watch the presentation
  • Posted by: scar
  • Topic: News
  • Score: 0 / 5
  • (1053 reads)