A few weeks ago, I found a youtube video that showed digital forensics software that was designed for showing 3D visualisations/timelines of evidence. For the life of me, I cannot remember what the tool was called, nor can I find a link to it again.
I was wondering if anyone knew of any tools that do this so I can find out if it was the same one? Essentially, the software let you input information, then it would create a 3D graphical representation of what you have input.
If anyone can shed any light on what the software might be, i'll be very grateful.
Thanks
↧
Forensic Software: 3D Visualisation Software?
↧
Digital Forensics Job Vacancies: Digital Forensics Specialist - London (£35-£45k)
Further to the above, we are currently looking to fill the following vacancies:
Digital Investigations Specialist (Computers) - Salary £35-£45k
Digital Investigations Specialist (Mobile Devices) - Salary £25-£35k
Digital Investigations Specialist (Cell Site) - Salary £40-£45k
If you bring with you significant additional skills such as more than three of the following we would love to hear from you and higher salaries than those shown can be negotiated for the right candidates:
-Law enforcement forensics
-Corporate forensics
-eDiscovery
-Incident Response
-Network Security
-Pen Testing
-TSCM
-Programming
Blackthorn Careers
↧
↧
General Discussion: Timeline - SIFT kit
badnut wrote:
Timelining skills a little rusty -
Trying to mount either a compressed E01 (logical image of a C drive) using ewf_mount.py...OR...mount a RAW image (same logical image) using mount command.
I tried to run mmls and got 'cannot determine partition type'..any ideas anyone?
mmls is run against an image, not a mounted image. When it's mounted, it's a volume.
mmls reads the partition table...a logical image is of a volume, and doesn't have a partition table.
HTH
↧
Forensic Software: 3D Visualisation Software?
http://www.youtube.com/watch?v=swGA8xvkYcU
↧
Mobile Phone Forensics: 5003.jpg and iOS file system
These are thumbnails, but I have had instances where thumbnails of deleted images/videos remain and have changed a negative case to a positive.
↧
↧
Employment and Career Issues: I have been offered an interview opportunity with Deloitte
Hi,
I have got an interview with a company for a designation I was working earlier as etl developerbefore starting my masters in computer forensic. that company has forensic branch but no openings as of now.
so my question is what would be the best answer to give if they ask why this post when you are studying forensics. I really want to get this job
thanks
↧
Mobile Phone Forensics: Start up , Mobile forensics as a part time job Opinions ple
I don't know anything about the trade, but I would think liability would be a huge issue. It's probably easy/possible to screw up a job. As already mentioned, tainted evidence and lost/corrupted data come to mind. States and municipalities might even have licensing and insurance/bonding requirements for their approved vendors.
↧
General Discussion: Games Console Forensics
DCS1094 wrote:
Hopefully this helps someone, just seen Magnet Forensics are working on "A new gaming console imager" which sounds pretty interesting to me! Web artifacts are now also supported from an Xbox following a recent release this month of IEF.
http://www.magnetforensics.com/magnet-forensics-announces-new-video-game-platform-support/
That was pretty good. Now all I need is a 5.25 drive. Anyone have one I can borrow?
↧
Mobile Phone Forensics: Start up , Mobile forensics as a part time job Opinions ple
Erin, I send you PM
↧
↧
General Discussion: RAM - Code injection
here is a list of monitor tools
API Monitor:monitor file/socket/regedit/process/thread
SandBoxIE:you can trace a file how to execute
TotalUninstall:Before & After in file,regidit,service change
WildPackets&WireShark:monitor socket and session with lan.
if the session is encrypted,then you have to use IDA & OllyDBG.
↧
Classifieds: Tableau Gear for Sale
Don't know if still for sale or not, but poster does not answer emails.
↧
Forensic Software: Filter operating system files
kevinma wrote:
I am new to EnCase 7. Currently, I try to extract all the office documents (Word, Excel, PowerPoint, PDF) from the E01 image. However, the E01 image contains lot of operating system files and office templates that I don't want to review.
Is there any method to filter or hide these type of files? <img src="images/smiles/icon_rolleyes.gif" alt="Rolling Eyes" title="Rolling Eyes" />
I know there are some Reference Data Set (RDS) from National Software Reference Library (NSRL), but don't know how to apply it in EnCase 7.
While I understand what you're trying to do, if your goal is to extract just office documents then I would suggest creating a condition that returns whatever file types you're looking for based on file extension. Conditions are relatively easy to create and you can either hard-code the file extensions or better yet set it to prompt for the values you're looking for so you can re-use the condition to sort for any file extensions.
Version 7's handling of hash sets when it comes to displaying files that don't match a hash set frankly stinks and is virtually unusable in its present form. You'll save yourself quite a bit of frustration by using a condition to do what you're trying to do.
↧
General Discussion: LVM2 Container - Linux Partition
I have a case where the user install linux on a laptop which contains a large LVM2 container. I was able to recover and mount the partition via X-Ways. I believe that the user created the container during installation (possibly Gentoo).
Where in the OS would I find Linux version information?
↧
↧
General Discussion: Games Console Forensics
Sorry folks, that was an April Fools' Day joke. Hope it didn't get anyone's hopes up, although there's probably not a lot of data to be had on a Magnavox Odyssey anyway.
We are definitely continuing to do further research and development on Xbox and other modern gaming consoles however!
Jad
↧
General Discussion: Games Console Forensics
MagnetForensics wrote:
Sorry folks, that was an April Fools' Day joke. Sure, and a nice one <img src="images/smiles/icon_biggrin.gif" alt="Very Happy" title="Very Happy" /> .
jaclaz
↧
General Discussion: whatsapp crypt5
hi all, ever since facebook changed its encryption last month to crypt5, it's not possible anymore to decrypt the file msgstore.db.crypt5, before the change it was msgstore.db.crypt.
has anyone found a way to decrypt to msgstore.db?
I have a case which I need to open these messages, appreciate any help.
thnaks in advance.
Gabriel
↧
Digital Forensics Job Vacancies: Digital Forensics Specialist - London (£35-£45k)
I am experienced candidate with several years of experience but I'm not a resident of the UK, however willing to relocate. My level of experience ares from law enforcement in the areas of Computer and Mobile Forensics with additional certifications in other areas.
My experiences are not limited to above-mentioned area, I also involve in incident response, conduct and lecture in Cybercrime investigations to law enforcement officers along with prosecution members of the court proceedings in the Caribbean.
↧
↧
Mobile Phone Forensics: Need help with timestamps
Which phone vendor and model was it and what version was used to generate these reports?
Ron
↧
General Discussion: Timeline - SIFT kit
Thank you - it does help.
↧
General Discussion: whatsapp crypt5
I had some trouble getting this to work under Windows; in Linux it works fine. In Windows the decryption seemed ok (no error messages, and when I view the raw contents in the decrypted file I can see the tablenames and messages), but I couldn't open the resulting DB file in sqlitebrowser. This was with (as far as I know) the latest version of M2Crypto.
Good luck,
↧