wotsits wrote:
I had an iPad charged to 100%. Powered it off and came back to it after a couple of weeks and it was still 100%. Powered it off and came to it after a couple of months and the battery was at 49%! Is this right or am I looking at a glitch?
Well, unless the battery meter has been properly tested, you may not really know if its zero point is at battery 0 charge (it might be at battery -20 charge), nor do you know if the output curve it produces is linear. Might be linear in some range, say 10% to 80% of battery charge, but slope off outside that range.
The battery manufacturer should be able to provide more info about how the battery behaves over time -- I'd expect them to have product specifications with that kind of information. And then you'll have to hunt for the battery meter used in an iPad to know how well it measures battery charge.
Wasn't there an issue fairly recently about some Apple battery meters not updating as they should, showing more charge than actually was present? I think it was for iPhones, though.
I wouldn't trust anything but a proper battery meter.
↧
Mobile Phone Forensics: Effect of powered off on battery
↧
Mobile Phone Forensics: Can someone retrieve sensitive data passed through an app?
OK, I will do as you suggested. Thanks for the advice.
↧
↧
General Discussion: unlock pattern in HTC
qassam22222 wrote:
redcat wrote:
qassam22222 wrote:
Paul1913 wrote:
you can root it using KingRoot and use Cellebrite to get a physical extraction from it..
http://forum.xda-developers.com/desire-820/development/desire-820s-root-cwm-recovery-stock-t3251639this does not work and no need for that <img src="images/smiles/icon_biggrin.gif" alt="Very Happy" title="Very Happy" /> it's time and money wasting it's more easy than u imaging :D
If the phone is locked with a pattern which is not known and ADB is not enabled then it is not easy. A physical extraction of the storage will be necessary via JTAG or DirectEMMC or whatever's appropriate, and then the gesture.key file can be accessed and, with a bit of luck, decrypted. Assuming the storage hasn't been encrypted.no man it's easy even if the( bootloader locked and no adb and pattern lock) i can unlock it without jtag or chip-off <img src="images/smiles/icon_smile.gif" alt="Smile" title="Smile" />
and i did before 2 weeks :DProve it <img src="images/smiles/icon_smile.gif" alt="Smile" title="Smile" />
↧
Digital Forensics Job Vacancies: Cyber Forensic Investigator
To apply, please follow this link: https://fcacareers.resourcesolutions.com/gold/iapply/index.cfm?event=jobs.detail&jobid=976662&id=284342
Associate Cyber Forensic Investigator, Cyber Forensics, Enforcement and Market Oversight
Background
There are few jobs where you can make a real difference to the 2 million people who work in the UK Financial Services industry, the 40 million consumers of financial products and the stability of our economy as a whole.
Our people are integral to our success as an organisation, working alongside industry, visiting firms and speaking to consumers every day as we strive to ensure the FCA is setting the standard for other regulatory bodies across the world.
From regulating Consumer Credit to driving action on Foreign Exchange manipulation or helping strengthen accountability in the banking sector, the FCA is working with the industry to protect consumers, ensure the integrity of the UK financial system and promote fair and effective competition. Our remit has expanded significantly since our creation in 2013, with the number of firms we regulate growing from 23,000 to over 56,000. We oversee conduct across the full span of the financial sector from global investment banks to high street payday lenders, and are now preparing to implement a new strategy that will sharpen our focus to face the regulatory challenges ahead.
The Enforcement and Market Oversight Division ('EMO') investigates and brings regulatory cases, civil actions and criminal prosecutions aimed at changing behaviour in the industry. We wish to obtain timely, robust and cost-effective outcomes to help the FCA achieve its objectives of making sure that firms put consumers at the heart of their business, and that markets work well.
EMO plays a key role in supporting the FCA's desire to identify potential problems at an early stage, and take steps to avert them. Our work is high profile, and a critical aspect of the FCA's approach.
Cyber Forensics is part of the Strategy and Delivery directorate within EMO. We are made up of specialist investigators in digital forensics and eDiscovery. Our duties include:
Management of digital evidence for Enforcement casework, including development of case strategies
Analysis and investigation of digital evidence in accordance with ACPO guidelines
Management of the evidence review platform
Providing advice to case teams on investigative forensic digital strategy
What does this job involve?
We have a vacancy for a Cyber Forensics Investigator in the Cyber Forensics team. This is an operational role, working as part of a team to support the day-to-day work required to deliver services to the rest of the Division. You will need to organise and plan your own work accordingly and deal with unexpected urgent requests in a professional and timely manner.
Typical duties will involve:
Forensic processing of digital evidence including desktops, laptops, storage media and mobile devices
Ingest of material to the evidence review platform
Attending search warrants and visits to secure digital evidence
Detailed forensic analysis of digital evidence for use in regulatory and criminal proceedings
Writing of witness statements and reports
Mentoring and providing advice to junior colleagues
Provision of first line support to the evidence review platform including password resets and general troubleshooting
Liaising with internal stakeholders
Liaising with external third party suppliers
Within this role you will need to show to the Division continuous improvement and a focus on service to case teams which will be measured by obtaining feedback on a regular basis. You will have strong communication skills in order to liaise on technical issues within both the Cyber Forensic team and case investigation teams
Minimum, Essential & Desirable skills
Minimum:
Ability to work with a range of MS Office products
Thorough understanding of the ACPO Good Practice Guide for Digital Evidence
Conversant with the legal and practical application of RIPA
Essential:
Troubleshooting, working under pressure
Excellent communication and interpersonal skills
Ability to develop strong working relationships with case teams
Excellent report writing skills
Interview skills
Willingness to work in a flexible and committed way
Ability to prioritise work whilst managing a high and varied workload
Knowledge of the work that the FCA does
Meticulous attention to detail
Desirable:
Experience of attending search warrants
Experience of giving evidence in Court
Knowledge of financial markets and products
Sound knowledge of the structure, principles and responsibilities of the FCA, in particular EMO
Basic understanding of the work of other FCA business units
What will I get from the role?
This role would be ideally suited to a seasoned investigator looking to move their investigative career into digital forensics and eDiscovery. You will have a rare opportunity to understand and shape the workings of the financial sector at a time of considerable change. You will enjoy a unique aerial view of the financial services industry, with the opportunity to do meaningful work that makes a real difference.
As an Academy business we place great value on learning and at the FCA we offer world-class development opportunities which will assist you in achieving your career aspirations. This includes extensive training needed to start your development as a digital forensic investigator
Additional Information
The position falls within the Legal & Forensic B job family.
The salary range will be approximately 36,000 - 65,000 plus package, dependant on skills and experience.
Applications for this role close at midnight on Midnight 8th December 2016.
Selection Process: (could be subject to change)
Stage 1: On-line application, please submit your CV and answer the following application question:
Why do you believe that you are suitable for this role? Please ensure that you specifically relate your answer to the criteria listed in the job advert, covering your relevant skills, technical knowledge and competencies. (Max 300 words)
Applications without the application answer or incomplete responses will not be considered. As part of the online application process, you should submit your CV with the answer to the above application question(s) within the same document.
Stage 2: Screening - your application will then be forwarded to the recruiting managers for review.
Stage 3: Selection & assessment process technical and competency interview.
Stage 4: Shortlisted candidates will be invited to a final competency based interview.
If you have any questions about this role please contact Eleanor Kemp - eleanor.kemp@fca.org.uk if you are an internal candidate, for external candidates please contact Tanzina Begum Tanzina.begum@resourcesolutions.com.
This role will be based in London, Canary Wharf, with a planned move to Stratford in 2018.
To apply, please follow this link: https://fcacareers.resourcesolutions.com/gold/iapply/index.cfm?event=jobs.detail&jobid=976662&id=284342
↧
Digital Forensics Job Vacancies: Specialist Intelligence Techniques, London
To apply, please follow the link: https://fcacareers.resourcesolutions.com/gold/iapply/index.cfm?event=jobs.detail&jobid=977428&id=284342
Senior Associate, Specialist Intelligence Techniques Team Intelligence Department
Background
There are few jobs where you can make a real difference to the 2 million people who work in the UK Financial Services industry, the 40 million consumers of financial products and the stability of our economy as a whole.
Our people are integral to our success as an organisation, working alongside industry, visiting firms and speaking to consumers every day as we strive to ensure the FCA is setting the standard for other regulatory bodies across the world.
From regulating Consumer Credit to driving action on Foreign Exchange manipulation or helping strengthen accountability in the banking sector, the FCA is working with the industry to protect consumers, ensure the integrity of the UK financial system and promote fair and effective competition. Our remit has expanded significantly since our creation in 2013, with the number of firms we regulate growing from 23,000 to over 56,000. We oversee conduct across the full span of the financial sector from global investment banks to high street payday lenders, and are now preparing to implement a new strategy that will sharpen our focus to face the regulatory challenges ahead.
The Intelligence department delivers insight and impact from intelligence to support FCA in its statutory objectives. Harnessing intelligence to combat economic crime and secure regulatory outcomes is at the core of the department's function the department contributes the intelligence picture to investigations into regulatory breaches, insider dealing and investment fraud; vets listing, authorisation and approved person applications and acts as the gateway into the FCA for whistleblowers to report misconduct and crime.
The department works across the FCA, providing specialist financial crime support to Authorisations, Supervision, Enforcement and Market Oversight. Intelligence also represents FCA interests externally to the wider crime and security community, including law enforcement and helps shape multi-agency campaigns against criminals in the regulated sector as well as wider economic crime policy. Intelligence also leads on sustaining international engagement with law enforcement agencies overseas.
We are now recruiting for a talented senior associate to work within the Specialist Intelligence Techniques Team providing proactive support within the FCA's work linked to Market Abuse, Insider Dealing, Financial Crime and Money Laundering, through the provision of specialist capabilities, delivered either internally or in partnership with external bodies.
What does this job involve?
The key responsibilities of the post holder will be:
•Providing support and advice to internal customers on the use of specialist intelligence/investigative techniques and capabilities with a particular lead on the acquisition and development of Open Source Intelligence and an understanding of the legal parameters governing such activity
•Building and maintaining strong relationships with key internal and external partners to provide specialist resources in support of FCA investigation activity and to promote information/intelligence exchange
•Providing specialist intelligence development capability in relation to HumInt and other covert techniques and the dissemination of the associated intelligence product
•Providing relevant legislative assurance to ensure activity is compliant with the requirements of CPIA, RIPA and other relevant legislation
Minimum, Essential & Desirable skills
Minimum:
•Experience of working within the legislative parameters of RIPA/CPIA
•Experience of working within the criminal investigations/intelligence arena within the UK Criminal Justice System
•You should hold, or be willing to obtain security vetting to Developed Vetting level
Essential:
•Ability to access and develop information obtained through open source activity and a clear understanding of the associated legal and security issues
•Experience of operating in a specialist intelligence environment particularly with reference to OSINT and CHIS/HumInt
•Strong communications skill orally and in writing
•Strong relationship management skills to build and maintain effective working relationships with colleagues in other business units and with external partners (foreign and domestic)
•The ability to make logical and timely decisions, cutting through complexity and seeing the big picture
•Able to work actively with others to achieve outcomes in both formal and informal teams
Desirable:
•Broad knowledge of and experience in a legislative compliance / assurance role
•Robust, self-motivated and a good team player
•Ability to work well under pressure and to deadlines
•Knowledge of the financial services/sector and/or Economic Crime
What will I get from the role?
You will have a rare opportunity to understand and shape the workings of the financial sector at a time of considerable change. You will enjoy a unique aerial view of the financial services industry, with the opportunity to do meaningful work that makes a real difference.
You will have the opportunity to work with and influence a wide range of industry professionals, both internally and externally to the FCA.
As an Academy business we place great value on learning and at the FCA we offer world-class development opportunities which will assist you in achieving your career aspirations.
Additional Information
The position falls within the Legal & Forensic C job family.
The salary range will be approximately 50,000 to 70,000 (dependant on skills and experience) plus package.
Applications for this role close at midnight on Tuesday 27th December 2016.
Selection Process: (could be subject to change).
Stage 1: On-line application, please submit your CV and answer the following application question:
Why do you believe that you are suitable for this role? Please ensure that you specifically relate your answer to the criteria listed in the job advert, covering your relevant skills, technical knowledge and competencies. (Max 300 words)
Applications without the application answer or incomplete responses will not be considered. As part of the online application process, you should submit your CV with the answer to the above application question(s) within the same document.
Stage 2: Screening - your application will then be forwarded to the recruiting managers for review.
Stage 3: Selection & assessment process.
Stage 4: Shortlisted candidates will be invited to a final competency based interview.
If you have any questions about this role please contact Eleanor Kemp - eleanor.kemp@fca.org.uk if you are an internal candidate, for external candidates please contact Tanzina Begum Tanzina.begum@resourcesolutions.com.
This role will be based in London, Canary Wharf, with a planned move to Stratford in 2018.
To apply, please follow the link: https://fcacareers.resourcesolutions.com/gold/iapply/index.cfm?event=jobs.detail&jobid=977428&id=284342
↧
↧
General Discussion: unlock pattern in HTC
Thank you for all you can bypass the screen pattern
↧
General Discussion: how bypass disk encrypted technology Microsoft Bitlocker
security wrote:
I've resolved the problem Which is good. <img src="images/smiles/icon_smile.gif" alt="Smile" title="Smile" />
Please don't take this as an offence (or as an attempt to somehow violate your privacy) but where are you from/what is your native language? <img src="images/smiles/icon_question.gif" alt="Question" title="Question" />
It is extremely difficult (at least for me) to follow your report, it seems like something that was written in another language and then passed through a translator and posted without editing/corrections. <img src="images/smiles/icon_eek.gif" alt="Shocked" title="Shocked" />
Example:
Quote::
Sctor Sctor are reading, but in reverse, that is, from another Alsctor to the beginning. This method is often unsuccessful with damaged Alsctorat.
<img src="images/smiles/icon_confused.gif" alt="Confused" title="Confused" />
But really, I can understand maybe half of what you posted. <img src="images/smiles/icon_mad.gif" alt="Mad" title="Mad" />
Quote::
This method requires an additional disk to transfer to the damaged disk content, you can refer to the following link to see the details of this method different condition
Which link?
jaclaz
↧
General Discussion: Computer law / Cybercrime post Brexit
General consensus in my HTU is that very little will change for many years. Given that apparently Brexit means Brexit but nobody actually knows what Brexit means (least of all our supposed leaders) it's probably a safe bet that UK law will largely continue as it is or existing EU frameworks and regulations will be absorbed into our own 'new' independent legislature where necessary. The resources or willingness to make large changes quickly just won't be there - look at the disjointed, lurching progress of ISO17025 for an example of what I mean. In years to come we may find that UK law starts, slowly, to differ noticeably from EU law but that all depends on the actual terms of our exit, the government of the day and of course whether the EU survives in its current form, none of which I would put strong money on at this point. But until then the priorities will be trying to scrawl trade deals down on the back of fag packets and stop the currency from tanking further. Interesting times ahead
↧
Forensic Hardware: Apple's tool to recover MacBook Pro’s non-removable SSD
I wonder if Apple would sell forensic professionals one of these?:
https://9to5mac.com/2016/11/24/apple-special-cdm-tool-macbook-pro-ssd-recover-repairs/
Apparently the SSD drive is soldered to the motherboard in new MacBook Pros.
↧
↧
General Discussion: Forensic email correlation
C.R.S. wrote:
What do you mean by "correlate"? If a time based "quick look correlation" is enough, Gephi with its networks-over-time feature will do the job. If it's something more complex, e.g. to identify out-of-band communication, avoid the push-button solutions. Extraction and correlation are easily developed in any programming language. Instead, the serious problem that should be carefully thought about and which is different from case to case is: how to quantify what.
I SO agree with the above statement. It's about the data, not the application. If you're using product X and everything looks like crap, there is a reason for that. Learn to code or hire someone who do.
However, getting Gephi to run as of v 0.8.2 is not so simple, i tried several versions of Java and different OS (and even different boxes), no combo worked so i abandoned it, The Gephi community is far from the best and updates are released as frequently as Peter Jackson makes Tolkien movies.
There are other solutions out there like setting up a local installation of Maltego (also free).
↧
Mobile Phone Forensics: Is anything wrong with Cellebrite support?
Hi Skywalker,
We just moved IL offices over the weekend and together with thanksgiving weekend this probably caused some delays in support.
Sorry for this and we are now back online.
Best regards,
Ron Serber
↧
Mobile Phone Forensics: android forensic data image
bungaMelur wrote:
Hi! i am a student and i need to use android forensic image dataset for my project.
If you need a particular data set, please identify it.
There are some over at http://digitalcorpora.org/ -- see the 'cell phone dumps' section. (I get a security warning when I test that just now, but I'm fairly confident you can ignore that if you also get one.)
If you just need any, you may be able to create it on your own. The Android Studio development environment (free download) provides emulators and installation images for any 'pure' Android distribution: but you are (or may be) restricted as to how you actually acquire the image, as you don't have a physical interface. On the other hand, you probably can access the image on the operating system level. These won't have any 'daily use' artifacts, and may for that reason be unsuitable, however.
↧
Mobile Phone Forensics: Effect of powered off on battery
The self-discharge time is in direct relation with the quality of your battery cells, but you should never trust the values read by sensors, since any degradation of the batteries are unpredictable at some point.
↧
↧
Mobile Phone Forensics: Has the lockdown file changed?
I don't get you, it the article I provided it is clearly written:"Since iOS 8, all pairing relationships remain unavailable after the device restarts or powers on until the device is unlocked (at least once) with a passcode."
So after a reboot of such a device, your lockdown file is most probably useless and it can't be used to get access to the device.
↧
Forensic Software: Carving software for txt files
When you don't know what you are looking for, eliminate all the data you already know it is not needed. I used the scalpel carving tool to detect chunks of know files:
https://github.com/sleuthkit/scalpel
You can define many headers and footers at once - for parameters and configurations see the scalpel documentation.
Whatever scalpel found I overwrote with zeroes, this way the amount of non-zero data decreased to less then 5%, which later on was analyzed manually with a simple hex editor and all the needed text files were recovered successfully.
Be warned that all this should be done on a binary copy of the original, otherwise the process can lead to loosing forever your valuable data!
↧
General Discussion: Local user not in SAM
randomaccess wrote:
This post may give you some ideas as to what happened
http://windowsir.blogspot.com.au/2016/11/the-joy-of-open-source.htmlHow timely! <img src="images/smiles/icon_wink.gif" alt="Wink" title="Wink" />
↧
General Discussion: who deleted folder over lan?
Michelle007 wrote:
hi all,
one of the employees one personal folder got deleted on windows 7 system. he says someone accessed over LAN and deleted his folder by the help of LAN administrator.
need to find out who deleted (multiple lan admin IDs are there) or he deleted by mistake.
how to find out it. will image the hard disk. we have Encase and FTK forensics softwares.
please advise is there any methodology to find out?
regards
Michelle
I'd suggest starting by determining what shares may have been available, and what version of Windows was running on the system. Knowing the version of Windows will tell you what artifacts you can expect to be available...or not.
If you know about what time this action occurred, I'd recommend starting with a timeline of system activity, looking specifically for type 3 logins from remote systems.
↧
↧
Mobile Phone Forensics: Is anything wrong with Cellebrite support?
I'm in Hungary, Europe.
↧
General Discussion: Is it possible to determine if files were copied over an RDP
You would need much more informations available for a definitely yes or a no answer. If you got just the server side, there is no way to determine if somebody copied or not your file.
Even if the file access time was modified by opening your file in an RDP session, you can't know if there was a simple "close file" at the end or a "save as..." (or copy the file content to local clipboard) before closing it.
↧
General Discussion: Help with forensic evidence
Check your logs! It doesn't matter if it was malware, scripting or commands written from the keyboard, if your gateway changed, there should be a log of it.
As for MS operating systems, once they are compromised, most probably the logs are also useless. It doesn't matter much if it is XP or not
↧