Thank you for your interest!
We've sent you a PM. It depends on which templates exactly you need. We can provide you some to test our software.
↧
Mobile Phone Forensics: Oxy Templates
↧
General Discussion: delete file in safe way ?
I don't think that anyone has mentioned Defrag programs. These could have moved your critical file to a new location, and the old file may be left in unallocated space.
To overcome this type of issue, I occasionally just write a file (typically fairly blank data) to fill the whole drive. This should catch most of the unallocated data. I then just delete this big file.
Don't forget that very small files, maybe a few 100 bytes long, can be stored in the $MFT
↧
↧
Digital Forensics Job Vacancies: Lead Cyber Digital Forensics Analyst @ JP Morgan - London
JP Morgan has a brand new opportunity to join a world class Digital Forensics team in a senior, but hands-on capacity. Please read the full job description and how to apply below...
The Digital Forensic and Analytic Services (DFAS) Forensic Analyst will report to the DFAS APAC/EMEA Digital Forensic Services Manager and will be responsible for providing complex digital forensic support to JPMC Global Security and Investigations, Global Cyber Security, Human Resources, Employee Relations, Legal, and Compliance for internal investigations which involve alleged violations of the JP Morgan Chase Code of Conduct, incidents of reported data loss via compromises or misuse of internal information technology systems, suspected breaches of critical IT infrastructure, and digital evidence preservation orders. This position requires the ability to follow industry standard methods of properly identifying, collecting, preserving, and analyzing digital evidence with an emphasis on network log, email, shared drive, and host-based forensic examinations. Successful candidates will be able to perform these tasks within established industry standards at a senior level with limited guidance.
The responsibilities of this position include:
- Preserve network and host-based digital evidence in an industry accepted forensically sound manner
- Perform host-based digital forensics on Microsoft Windows based systems and other operating systems as necessary
- Usage of industry standard digital forensic and network monitoring tools in an enterprise environment
- Independently planning and executing forensic support for complex investigations and presenting clear and concise findings to a non-technical audience
- Utilize industry standard tools to preserve mobile devices
- Ability to work independently or with a team during large scale forensic investigations
Scope:
- Primarily responsible for conducting collection and analysis of electronic evidence through various tools in support of Security, HR/ER, Legal, and Compliance.
- Additionally, this investigator will be responsible for digital forensics examination relating to a wide variety of events that occur in a large international financial organization.
- Assists with the development of in-house training programs to ensure world class digital forensic standards.
Qualifications
- 8+ years of experience working in the computer forensics, cybercrime investigation and other related fields with a combination of both public and private sector experience preferred
- A proven track record in digital forensics, electronic evidence collection, log file analysis, and email review
- Ability to independently assess scope of forensic requests, effectively completes required digital forensic analysis, and writes clear and concise reports for the intended audience
- Experience conducting senior level digital forensics examinations on Windows operating systems using industry standard forensic tools (preferably familiar with EnCase, FTK and X-Ways forensic suites)
- Recent formal digital forensics training
- Knowledge of computer forensic best practices and industry standard methodologies for acquiring and handling of digital evidence
- Familiarity of international data privacy laws and required clearances for APAC and EMEA countries
- Bachelor’s Degree in Computer Science or other Technology related fields preferred
People Skills:
- Able to work either independently or in a team to conduct forensic examinations
- The ability to coordinate, work with and gain the trust of business stakeholders to achieve a desired objective
- Able to articulate and visually present complex forensic investigation and analysis results
- Able to work under pressure in time critical situations
- Experience working with people from different global cultures is a plus
Process Skills:
- Strong attention to detail in conducting forensic analysis combined with an ability to accurately record full documentation in support of the investigation.
- Detailed knowledge of current international best practices in the high tech investigation and forensics arena.
Communication Skills:
- Excellent written and verbal communication skills are required.
- Ability to communicate effectively with business representatives in explaining forensic findings clearly and where necessary, in layman's terms.
- Ability to communicate with other industry forensic professionals to ensure solid partnerships with key external stakeholders to ensure that the forensic investigation process remains at a word class level.
Certifications:
- Industry standard digital forensics certifications (CCE, GCFE, GCFA, CFCE, etc) are preferred.
- Industry standard information security technology certifications (GCIH, GREM, etc) are a plus.
- Memberships and participation in relevant professional associations.
Apply here:
https://jpmchase.taleo.net/careersection/2/jobdetail.ftl?job=170026029
Or contact Rowan Sallows on 020 7134 5479 / rowan.w.sallows@jpmorgan.com
↧
Digital Forensics Job Vacancies: Digital Forensic Investigator - Wakefield - West Yorkshire
Digital Forensic Investigator
Protective Services Crime
Calder Park, Wakefield
Salary £27,519 - £29,307 (pro-rata)
West Yorkshire Police is looking to recruit a job share Digital Forensic Investigator to join one of the leading Digital Forensics units in the country. The job share comprises a weekly pattern of working Wednesday, Thursday, Friday one week and Monday Tuesday the following week, the equivalent of 18.5 hours per week.
The unit, led by a Detective Inspector comprises of Digital Forensic investigators, examiners and technicians to ensure efficiency and effectiveness. It is supported by a purpose built laboratory which is in the process of applying for ISO 17025 accreditation. You will be based at a state of the art Regional facility for scientific support located at Calder Park, Wakefield.
You will be responsible for all levels of complex intelligence led digital investigations relating to serious crime including Child Sexual Exploitation, Modern day Slavery, Fraud and Firearms offences, providing evidence in a secure format acceptable to the court. This role also provides vital National Business administration support to all UK Police Forces in respect of the Child Abuse image database. There are exciting opportunities to trial new and innovative hardware and software as well as supporting new proof of concept testing as we strive to protect our most vulnerable victims and tackle Organised Crime groups, making our communities safe and feeling safer with the most up-to-date technology available.
The ideal candidates will be educated to degree level in a computer based discipline, or will have significant experience and understanding of working in a Digital Forensic environment.
You will already have a sound knowledge and expertise of common operating systems and applications, along with an aptitude for problem solving, in a methodical and orderly manner.
As a Digital Forensic Investigator you must be able to successfully complete the core courses in relation to the recovery and analysis of digital evidence, as specified by NPCC. You will need an understanding of the Forensic examination of digital devices and the ability to complete the Force Empty Hand Skills course.
This is a very challenging and demanding but also rewarding role. The successful candidates will be required to undergo regular Psychological Assessments.
In addition, you will hold a full current UK/European driving licence, travel for business purposes and work flexibly to suit business needs. You must be prepared to participate in an out of hours call out rota when life is deemed at risk which includes weekend working.
Candidates who have previously applied within the last 6 month for the post of Digital Forensic Investigator or Digital Forensic Examiner do not need to apply.
The application process will close at 1600 hours on the date shown.
The online application form and Role Profile may be accessed through the following link https://static.wcn.co.uk/company/wyp/external_search_engine.html
Post reference Number: XC833
Closing date: 10 April 2017
↧
General Discussion: Amateur (IT Department) Investigators
All in all it seems to me (when talking of PC's) most of the (irreversible) issues come from a not-fully-compliant method to image the original disk or failure to image it.
So to solve a large part of the possible issues it would be enough to:
1) Let the IT guys know that they MUST always make a proper forensic image of the disk
2) provide them with a suitable program/way
For #1 all is needed is to repeat this message over and over, before or later it will become "common knowledge" (though I suspect that it already is - at least for a large part of the IT community).
For #2 the task is to find a suitable, simple tool and validate it, through support from the Forensics community, *like* Osfclone, which was discussed in the past but which validation was not finalized:
http://www.osforensics.com/tools/create-disk-images.html
(if I remember correctly last time Thefuf found a possible issue with it but it wasn't corrected and re-verified, still if I recall correctly )
Or fully validate one of the WinFe builds and related Windows tools ...
With tablets, smartphones, etc., i.e. every device where it is not possible (or doable for non-specialists) to image the storage, the issues seems to me much bigger, as it seems to me that even the forensic specialized tools and methods (due also to the ever-changing devices) are far from being fully validated .
jaclaz
↧
↧
Mobile Phone Forensics: sony z3 d6603 PIN Code bypass ?
Public informations which Nikolay gives is... let's say "incomplete" and thats why most of people failed to reconstruct PY script but if you will write your own from scratch you will for sure success ... we not tried yet on 7.x. Send your gatekeeper.password.key as well as password, phone model and vendor so I will check if it works on 7.1.1
↧
Mobile Phone Forensics: Oxy Templates
Thank you for your interest!
We've sent you a PM. It depends on which templates exactly you need. We can provide you some to test our software.
↧
Digital Forensics Job Vacancies: Lead Cyber Digital Forensics Analyst @ JP Morgan - London
JP Morgan has a brand new opportunity to join a world class Digital Forensics team in a senior, but hands-on capacity. Please read the full job description and how to apply below...
The Digital Forensic and Analytic Services (DFAS) Forensic Analyst will report to the DFAS APAC/EMEA Digital Forensic Services Manager and will be responsible for providing complex digital forensic support to JPMC Global Security and Investigations, Global Cyber Security, Human Resources, Employee Relations, Legal, and Compliance for internal investigations which involve alleged violations of the JP Morgan Chase Code of Conduct, incidents of reported data loss via compromises or misuse of internal information technology systems, suspected breaches of critical IT infrastructure, and digital evidence preservation orders. This position requires the ability to follow industry standard methods of properly identifying, collecting, preserving, and analyzing digital evidence with an emphasis on network log, email, shared drive, and host-based forensic examinations. Successful candidates will be able to perform these tasks within established industry standards at a senior level with limited guidance.
The responsibilities of this position include:
- Preserve network and host-based digital evidence in an industry accepted forensically sound manner
- Perform host-based digital forensics on Microsoft Windows based systems and other operating systems as necessary
- Usage of industry standard digital forensic and network monitoring tools in an enterprise environment
- Independently planning and executing forensic support for complex investigations and presenting clear and concise findings to a non-technical audience
- Utilize industry standard tools to preserve mobile devices
- Ability to work independently or with a team during large scale forensic investigations
Scope:
- Primarily responsible for conducting collection and analysis of electronic evidence through various tools in support of Security, HR/ER, Legal, and Compliance.
- Additionally, this investigator will be responsible for digital forensics examination relating to a wide variety of events that occur in a large international financial organization.
- Assists with the development of in-house training programs to ensure world class digital forensic standards.
Qualifications
- 8+ years of experience working in the computer forensics, cybercrime investigation and other related fields with a combination of both public and private sector experience preferred
- A proven track record in digital forensics, electronic evidence collection, log file analysis, and email review
- Ability to independently assess scope of forensic requests, effectively completes required digital forensic analysis, and writes clear and concise reports for the intended audience
- Experience conducting senior level digital forensics examinations on Windows operating systems using industry standard forensic tools (preferably familiar with EnCase, FTK and X-Ways forensic suites)
- Recent formal digital forensics training
- Knowledge of computer forensic best practices and industry standard methodologies for acquiring and handling of digital evidence
- Familiarity of international data privacy laws and required clearances for APAC and EMEA countries
- Bachelor’s Degree in Computer Science or other Technology related fields preferred
People Skills:
- Able to work either independently or in a team to conduct forensic examinations
- The ability to coordinate, work with and gain the trust of business stakeholders to achieve a desired objective
- Able to articulate and visually present complex forensic investigation and analysis results
- Able to work under pressure in time critical situations
- Experience working with people from different global cultures is a plus
Process Skills:
- Strong attention to detail in conducting forensic analysis combined with an ability to accurately record full documentation in support of the investigation.
- Detailed knowledge of current international best practices in the high tech investigation and forensics arena.
Communication Skills:
- Excellent written and verbal communication skills are required.
- Ability to communicate effectively with business representatives in explaining forensic findings clearly and where necessary, in layman's terms.
- Ability to communicate with other industry forensic professionals to ensure solid partnerships with key external stakeholders to ensure that the forensic investigation process remains at a word class level.
Certifications:
- Industry standard digital forensics certifications (CCE, GCFE, GCFA, CFCE, etc) are preferred.
- Industry standard information security technology certifications (GCIH, GREM, etc) are a plus.
- Memberships and participation in relevant professional associations.
Apply here:
https://jpmchase.taleo.net/careersection/2/jobdetail.ftl?job=170026029
Or contact Rowan Sallows on 020 7134 5479 / rowan.w.sallows@jpmorgan.com
↧
Digital Forensics Job Vacancies: Digital Forensic Investigator - Wakefield - West Yorkshire
Digital Forensic Investigator
Protective Services Crime
Calder Park, Wakefield
Salary £27,519 - £29,307 (pro-rata)
West Yorkshire Police is looking to recruit a job share Digital Forensic Investigator to join one of the leading Digital Forensics units in the country. The job share comprises a weekly pattern of working Wednesday, Thursday, Friday one week and Monday Tuesday the following week, the equivalent of 18.5 hours per week.
The unit, led by a Detective Inspector comprises of Digital Forensic investigators, examiners and technicians to ensure efficiency and effectiveness. It is supported by a purpose built laboratory which is in the process of applying for ISO 17025 accreditation. You will be based at a state of the art Regional facility for scientific support located at Calder Park, Wakefield.
You will be responsible for all levels of complex intelligence led digital investigations relating to serious crime including Child Sexual Exploitation, Modern day Slavery, Fraud and Firearms offences, providing evidence in a secure format acceptable to the court. This role also provides vital National Business administration support to all UK Police Forces in respect of the Child Abuse image database. There are exciting opportunities to trial new and innovative hardware and software as well as supporting new proof of concept testing as we strive to protect our most vulnerable victims and tackle Organised Crime groups, making our communities safe and feeling safer with the most up-to-date technology available.
The ideal candidates will be educated to degree level in a computer based discipline, or will have significant experience and understanding of working in a Digital Forensic environment.
You will already have a sound knowledge and expertise of common operating systems and applications, along with an aptitude for problem solving, in a methodical and orderly manner.
As a Digital Forensic Investigator you must be able to successfully complete the core courses in relation to the recovery and analysis of digital evidence, as specified by NPCC. You will need an understanding of the Forensic examination of digital devices and the ability to complete the Force Empty Hand Skills course.
This is a very challenging and demanding but also rewarding role. The successful candidates will be required to undergo regular Psychological Assessments.
In addition, you will hold a full current UK/European driving licence, travel for business purposes and work flexibly to suit business needs. You must be prepared to participate in an out of hours call out rota when life is deemed at risk which includes weekend working.
Candidates who have previously applied within the last 6 month for the post of Digital Forensic Investigator or Digital Forensic Examiner do not need to apply.
The application process will close at 1600 hours on the date shown.
The online application form and Role Profile may be accessed through the following link https://static.wcn.co.uk/company/wyp/external_search_engine.html
Post reference Number: XC833
Closing date: 10 April 2017
↧
↧
General Discussion: Encase7, MacBook AIR and problem with image file
I create image Ex01 using target disk mode. At first every is OK. I see files and can copy ones on my disk but late something is wrong. I can't copy file. When I close Encase and open case and try to open evidence file to view disk structure I get message "Error loading evicende file". I tried few times using different disks form images and effect was the same. I did few MacBook air before but I did't had this error.
↧
General Discussion: delete file in safe way ?
qassam22222 wrote:
hello all ... and good evening
i want to delete some files and flders from my PC how i can do that ?? without leaving any chance to anyone to recover them ?
The answer is "it depends".
Some further thoughts over and above the previous comments already given (defrag consideration etc. is an excellent point), you would also need to possibly factor in the file/operating system in use.
Is the file system NTFS, and is the OS Vista or newer? If so, then consideration needs to be given to whether Volume Shadow Service is running - you could delete and wipe the sectors in which the file/folder is sitting, but VSS would kick in and potentially backup the deleted data anyway. Until such time as the data in that shadow copy is itself overwritten (FIFO system if I recall correctly), the. The file is still recoverable.
Likewise, if the system is Mac OS X with Time Machine enabled, then consideration needs to be given to any historic backup copies which might exist.
These are just 2 examples of potentially unanticipated features which might cause the data to be recoverable, even if you had wiped the sectors storing the logical file. There are more!
Ben
↧
Mobile Phone Forensics: Galaxy SM-G925F Running 6.0.1
Screenshot you posted is from the wrong partiton. SYSTEM partition is (so far) never encrypted which is why all the files are visible. You should take a look at userdata partition and then look for system directory if possible.
↧
Mobile Phone Forensics: iPhone 6 A1586 and UFED
That's really good, I've never used hashcat to break iTunes backup before, do you have commands or a guide so I can try and explore?
Thanks.
↧
↧
General Discussion: Downloaded File Date/Time Explained
This is pretty easy to verify independently, and "see", by creating a timeline.
An example of this, albeit using a different data source, can be seen here:
http://windowsir.blogspot.com/2017/03/incorporating-amcache-data-into.html
My recommendation is that if there's any question at all about a single artifact viewed in isolation, change how you're looking at it, and stop viewing it in isolation.
↧
General Discussion: Per Call Measurment Data
Ed,
I wanted to bump this great post you made, dare I say SIX years ago.
Wow, has it been that long on the forum.
Any new info on the ATT part, or changing info on others?
↧
General Discussion: Browser History question
I'm hoping that someone from IEF is on the forums and can assist with this question...
We had a recent finding from a system running IE10+ (webcachev01.dat) that a specific URL had an access count of 250,000...the question is, is there any resource (table in the ESE database file, etc.) that keeps a complete history of all 250K accesses?
I've parsed the WebCacheV01.dat file using a Python script, as well as with esedb, and haven't found (yet) any indication that all 250K accesses were recorded.
Is this kept somewhere?
Thanks.
↧
Digital Forensics Job Vacancies: Digital Forensic Analyst-Chicago or Dallas
With over fifteen years of experience, Guardian Digital Forensics consultants are certified and court tested experts in the areas of computer, cell phone and GPS forensics and cell phone location analysis. We provide comprehensive case consulting from beginning to end, including courtroom testimony. With experience in hundreds of civil and criminal cases, Guardian’s consultants can help you with any legal matter involving digital evidence. Guardian Digital Forensics is a division of Envista Forensics, the world-wide leader in post-disaster technical solutions.
We are an Equal Opportunity Employer offering competitive pay and benefits and an environment where teamwork, ongoing professional development, continuous improvement, and exceptional service are valued and rewarded. We currently are looking for a Digital Forensic Analyst to support the ongoing demand for digital forensic services. Our Analysts are skilled in cell phone forensics, computer forensics, complex criminal and civil case examinations, GPS forensics, and expert witness testimony.
Responsibilities:
Conducts digital forensic examinations of digital media from a variety of sources.
Performs site inspections and collects relevant technical and non-technical information.
Defines and analyzes plans for mitigation.
Works with clients and insured’s legal counsel and technical staff to minimize exposure to risk and loss.
Performs research, documents, and where appropriate, photographs items relevant to claim.
Interviews any and all parties relevant to a claim.
Performs any necessary research.
Writes reports and presents to client.
Establishes trusting working relationship with client, insured and other parties.
Provides expert testimony in depositions and trials as required.
Schedules and performs meetings, training seminars, and workshops for clients and prospects.
Utilizes industry accepted forensic tools such as EnCase, FTK, Blacklight, Celebrite UFED, and more.
Collaborate with other analysts, examiners and consultants generating written materials for inclusion in brochures, newsletters, and magazine articles.
Build, test, and maintain forensic workstations and hardware.
Analyze data and investigative information
Interacts with clients on a regular basis, including marketing of services when not directly working on a job.
Qualifications:
Baccalaureate degree in Computer Science, Electrical Engineering or a related field from an Accredited University.
EnCE certification or extensive experience utilizing Encase is required.
Demonstrated hands-on experience with industry standard forensic software such as EnCase, Nuix, FTK, Cellebrite and others.
7+ years practical experience in diagnosing security breaches, firewalls, network security or a related area.
7+ years of computer forensics and information security experience.
7+ years of software/hardware testing experience.
Experience handling hard drive failure analysis, circuit failure or mechanical failure analysis is a plus.
Experience with software failures and data corruption.
Experience working with law firms and insurance companies is a plus but not required.
Send resumes to: adem.tahiri@envistaforensics.com
↧
↧
General Discussion: Downloaded File Date/Time Explained
As a nice addition to this post: http://computerforensics.parsonage.co.uk/downloads/themeaningoflife.pdf
A look at the practical value to forensic examinations of dates and times, and object identifiers in Windows shortcut files. A common request to an examiner might be “can you tell whether the suspect has viewed this file after it has been downloaded”; the aim of this paper is to answer that question and at the same time provide other related information that will be of practical value in computer examinations.
↧
General Discussion: delete file in safe way ?
[quote="jaclaz"]
mscotgrove wrote:
An interesting question (that noone seems like interested to test/fiddle with) is what happens on 4096 bytes/sector media (and conversely with the much larger $MFT record size)?
http://www.hexacorn.com/blog/2012/05/04/sector-size-and-mft-file-record-size/
Logically the size of the "embedded" file should expand to around 4096-(1024-736)=3808 bytes.
jaclaz
That's an interesting point and a good spot - thanks for sharing.
I can't say I've ever personally encountered this in the wild. I'd be interested to hear from practitioners as to what they are seeing at the 'coal face'.
I've taken a quick look over the at sample posted in the link you provided and the following observations jumped straight out at me:
The record header size is 72 bytes (previously 56 was the expected size).
The footer is different to previous versions of the MFT.
The Update Sequence Array occurs ever 512 bytes, possibly indicating backwards compatibility with discs with 512 byte sectors.
The information present at offset 168 onwards appears to be slack, based on FF FF FF FF 00 00 00 00 at offset 160 and confirmed by the 68 01 value at offset 18.
Anyone else care to wade in?
Ben
↧
Mobile Phone Forensics: Nextbook Acquisition
Please check with Cellebrite support first as they are normally very responsive and helpful.
If all else fails, try Compelson MOBILedit Forensic Express (http://www.mobiledit.com/online-store/forensic-express). The single device license price is $99.00/device to be acquired.
If you cannot get the NextBook to "trust" your forensic workstation, you can perform a collection over WiFi: Access the Google Play market on the NextBook, install the MOBILedit forensic connector onto the NextBook (https://play.google.com/store/apps/details?id=com.compelson.mefconnector&hl=en) and then make sure your forensic workstation and the NextBook are on the same Wifi network. You will then be able to make the extraction to your forensic workstation including deleted data.
↧