Clik here to view.
Imm2Virtual: A Windows GUI To Virtualize Directly From Disk Image File
by Nanni Bassetti Sometimes during a computer forensic investigation, we need to virtualize our image disk, because it could be useful for checking or finding something of interest. If we need to...
View ArticleClik here to view.
Focused Digital Forensic Methodology
by Haider H. Khaleel Abstract Since the end of the 19th Century until the current time, law enforcement has been facing a rapid increase in computer-related crimes. In the present time, digital...
View ArticleClik here to view.
Linux Memory Forensics: Dissecting the User Space Process Heap
by Frank Block and Andreas Dewald Abstract The analysis of memory during a forensic investigation is often an important step to reconstruct events. While prior work in this field has mostly...
View ArticleClik here to view.
Windows Drive Acquisition
by Oleg Skulkin & Scar de Courcier Before you can begin analysing evidence from a source, it first of all needs to be imaged. This describes a forensic process in which an exact copy of a drive is...
View ArticleClik here to view.
Making Smart Technology Decisions To Improve Case Collaboration
by Christa Miller, Magnet Forensics An estimated 6.1 billion smartphones will be in the world by 2020, and as development of the Internet of Things—connected wearables, household appliances, vehicles,...
View ArticleClik here to view.
The CSI Effect – Expectations Vs Limitations
by James Zjalic Much has been written about the CSI phenomenon within digital forensics circles, but is there a way we as experts can reduce this effect, maybe not globally but at least amongst our own...
View ArticleClik here to view.
Imaging Locked Motorola Devices Via Bootloader Exploit
Last-generation Android devices are gradually getting more secure, even approaching iOS-grade security in some usage scenarios. Equipped with fingerprint readers and compulsory encryption of the data...
View ArticleClik here to view.
New NIST Forensic Tests Help Ensure High-Quality Copies of Digital Evidence
Data found on a suspect’s computer, cell phone or tablet can prove to be crucial evidence in a legal case. A new set of software tools developed at the National Institute of Standards and Technology...
View ArticleClik here to view.
Job Hunting In The DFIR Field
by Jessica Hyde, Magnet Forensics For those who don’t know, in addition to my work at Magnet Forensics, I teach Mobile Device Forensics at George Mason University. In addition to teaching the skills...
View ArticleClik here to view.
ISO 17025 For Digital Forensics – Yay Or Nay
by Robert Merriott “Much of the digital forensic community desires to have their evidence seen in court as forensically sound and bulletproof, yet do not want to go through the rigors that other...
View ArticleClik here to view.
The Necessity Of Developing A Standard For Exchanging A Chain Of Custody Of...
by Jasmin Cosic, Miroslav Baca & Peter Grd Abstract Today there is no criminal investigation that does not contain a digital dimension. A large number of criminal offenses, whether official...
View ArticleClik here to view.
Charlatans In Digital Forensics
by James Zjalic There’s a topic that is rarely publicized in the world of digital forensics, but is well known to those within the field and stories are often traded between experts when they meet at...
View ArticleClik here to view.
Detection Of Backdating The System Clock In MacOS
by Oleg Skulkin & Igor Mikhaylov Recently we received a good question from one of our DFIR mates: “How can one detect backdating of the system clock forensicating macOS?”. This is a really good...
View ArticleClik here to view.
Memory Dump Formats
by Chirath De Alwis As in other storage devices, volatile memory also has several formats. According to the acquisition method that is in use, the captured file format can be vary. According to (Ligh...
View ArticleClik here to view.
Techno Mode – The Fastest Way To Access Digital Evidence On Damaged SSDs
by Roman Morozov, NAND Data Recovery Tutor, ACE Lab Recent statistics show that solid-state drives are getting a good share of the market of storage devices. And the popularity of SSDs is only expected...
View ArticleClik here to view.
Bruteforcing Linux Full Disk Encryption (LUKS) With Hashcat
by Patrick Bell This walk-through will show you how to Bruteforce LUK volumes using hashcat, how you can mount a LUK partition, and how we can image it once it’s decrypted. Scenario: You’ve got a...
View ArticleClik here to view.
Evidence Acquisition Using Accessdata FTK Imager
by Chirath De Alwis Forensic Toolkit or FTK is a computer forensics software product made by AccessData. This is a Windows based commercial product. For forensic investigations, the same development...
View ArticleClik here to view.
Oxygen Drone Forensics – How To Deal With A New Threat
It was not too long ago when drones were discussed we would often think of military use or large commercial type applications. However, today drones are now in the hands of hobbyists who frequently use...
View ArticleClik here to view.
Forensic Acquisition Of Solid State Drives With Open Source Tools
by Josué Ferreira Abstract From a judicial perspective, the integrity of volatile storage devices has always been a reason for great concern and therefore, it is important for a method to forensically...
View ArticleClik here to view.
Forensic Analysis of Damaged SQLite Databases
by Oleg Skulkin & Igor Mikhaylov SQLite databases are very common sources of forensic artifacts nowadays. A lot of mobile applications store data in such databases: you can also find them on...
View Article