Clik here to view.
Forensic Examination Of Manipulated Email In Gmail
by Arman Gungor Last week, I came across an interesting post on Forensic Focus. The poster, jahearne, was asking about how one can detect manipulation of an existing email in Gmail. In his hypothetical...
View ArticleClik here to view.
Email Forensics: Investigation Techniques
by Chirath De Alwis Due to the rapid spread of internet use all over the world, email has become a primary communication medium for many official activities. Not only companies, but also members of the...
View ArticleClik here to view.
How To Install And Use The Optional Thunderbolt I/O Card On Logicube’s...
Welcome to Logicube’s tutorial on the optional Thunderbolt I/O card on the Forensic Falcon-NEO. In this session, we’ll show you how to install and use this card. The optional Thunderbolt I/O card...
View ArticleClik here to view.
Burnout in DFIR (And Beyond)
by Christa Miller Quite a lot has been written over recent weeks about burnout. Not only DFIR-specific posts, first from Richard Bejtlich and then, in follow-up from Eric Huber and Brett Shavers; but...
View ArticleClik here to view.
Forensics Europe Expo London 2019 – Recap
by Jade James This article is a recap of some of the main highlights from the Forensics Europe Expo 2019, which took place in London, UK on the 5th and 6th of March. The Forensics Europe Expo has now...
View ArticleClik here to view.
Using The Content-Length Header Field In Email Forensics
by Arman Gungor As forensic examiners, we often have to analyze emails in isolation without the benefit of server metadata, neighbor messages, or data from other sources such as workstations. When...
View ArticleCareer Paths In Digital Forensics
by Christa Miller, Forensic Focus In the 30 or so years since the advent of personal computers made digital forensics a viable career path, the profession has matured to the extent of making multiple...
View ArticleClik here to view.
Techno Security And Digital Forensics Conference CA 2019 – Recap
by Mattia Epifani The Techno Security and Forensics CA conference took place between 11th and 13th March at The Hilton Torrey Pines in La Jolla (San Diego). More than 200 attendees were present, coming...
View ArticleClik here to view.
Windows Registry Analysis 101
by Chirath De Alwis Computer forensics is the process of methodically examining computer media (hard disks, diskettes, tapes, etc.) for evidence [1]. When considering computer forensics, registry...
View ArticleClik here to view.
Mobile Virtual Network Operators (MVNOs) In The US
by Patrick Siewart Increasingly, cellular records and their associated location information are being used in civil litigation, where previously they were considered to be a “law enforcement only”...
View ArticleClik here to view.
Walkthrough: Carving With Belkasoft Evidence Center
by Yuri Gubanov, Danil Nikolaev & Igor Mikhailov © Belkasoft Research Carving is an irreplaceable technique widely used in data recovery and digital forensics. By using carving, we essentially...
View ArticleClik here to view.
Following The RTM: Forensic Examination Of A Computer Infected With A Banking...
by Oleg Skulkin Researchers became aware of the activities of the RTM group in December 2015. Since then, phishing emails distributing the trojan have been sent to potential victims with admirable...
View ArticleClik here to view.
How To Image From A Network Repository Using Logicube’s Forensic Falcon-NEO
Welcome to Logicube’s tutorial on the Falcon-NEO Forensic Imager. The Falcon-NEO allows you to image directly to or from a network repository using SMB or CIFS protocol, and to image from a network...
View ArticleClik here to view.
Facebook’s Privacy Manifesto: What Does It Mean For Digital Forensic...
by Christa Miller, Forensic Focus Mark Zuckerberg’s new “privacy manifesto” for Facebook marks not just a pivot in terms of how the social network shapes modern-day communication. It also marks what...
View ArticleClik here to view.
How To Image To A Network Repository With Logicube’s Forensic Falcon-NEO
Welcome to Logicube’s tutorial on the Falcon-NEO forensic imager. The Falcon-NEO allows you to image directly to or from a network repository using SMB or CIFS protocol, or using iSCSI. Two 10GbE...
View ArticleClik here to view.
Leveraging DKIM In Email Forensics
by Arman Gungor My last article was about using the Content-Length header field in email forensics. While the Content-Length header is very useful, it has a couple of major shortcomings: Most email...
View ArticleClik here to view.
The Opportunity In The Crisis: ICS Malware Digital Forensics And Incident...
by Christa Miller, Forensic Focus Malware aimed at industrial control systems (ICS) is nothing new. Nearly 10 years have passed since Stuxnet first targeted the supervisory control and data acquisition...
View ArticleFrom Crime To Court: Review Principles For UK Disclosure
by Hans Henseler UK Law Enforcement agencies are facing significant challenges related to digital evidence disclosure in criminal prosecution cases. Suspects who are charged with a crime must have...
View ArticleClik here to view.
How To Read A Moving Low-Quality License Plate Using Amped FIVE’s Perspective...
Thanks to TV series and movies, people nowadays believe that when it comes to digital images and videos, everything is possible. Some of you may remember the “never-ending enhance” sequence in Blade...
View ArticleClik here to view.
My Digital Forensics Career Pathway
by Patrick Doody Let me start by introducing myself. I’m Patrick, 39 years of age and from a working-class background. I’ve lived in London all my life, my parents moved to the UK from Southern Ireland...
View Article