Hi everyone
Has a Jailbreak been created for iOS 10.3.2?
There are lots of sites that advertise it, (downloadpangu.org, http://pangu8.com/jailbreak/10.3.2/, http://www.ios9cydia.com/ios-10-3-2-jailbreak.html, etc)
However, I am quite dubious as to the veracity of these sites and haven;t downloaded anything because I don't believe I would be downloading what they are offering!
I recently saw two 'articles' , 'How To Be Prepared For iOS 10.3.2 Jailbreak' and 'iOS Jailbreak: How to start jailbreak 10.3.2 in the safest way' which both state that a 10.3.2 jailbreak hasn;t been released yet.
1) Can anyone recommend a website where up-to-date reliable jailbreaking information can be found?
2) If a jailbreak for 10.3.2 exists, does anyone know a reliable site where I can get it from?
Kind regards
Bob
↧
Mobile Phone Forensics: Jailbreaking iPhone iOS 10.3.2
↧
Forensic Software: EnCase export of PST/OST files
minime2k9 wrote:
Fairly sure X-Ways processes OST files and, in a recent version (last 12 - 18 months), allowed handling of much large email files.
I am not proficient with X-Ways. Can we use it to process PST files?
↧
↧
Mobile Phone Forensics: W2L? USB-C power/data/video
USB 3.2 born
http://www.businesswire.com/news/home/20170725005509/en
↧
General Discussion: deleted data survival times
It seems to me rather pointless, not because it would not be interesting (it would be) but because it would have IMHO no practical use.
I have seen "office" computers (the one that a secretary uses, where the activity is mostly e-mails and updating a number of pre-existing documents) where deleted data could be recovered after years (usually the disk is used - say - at the most 20 or 30% of capacity), and I have seen systems used during the day to do some work and during the nights and weekends to senselessly and blindly download Gbytes of torrents/movies where you couldn't get on Monday something deleted the previous Friday.
Also since Windows 7 - if I recall correctly - there is automatic/scheduled defrag, which while not necessarily really wiping the data may well make a mess of it overwriting partially files.
And of course automatic Windows Updates. <img src="images/smiles/icon_sad.gif" alt="Sad" title="Sad" />
But let's say that we can categorize a given PC in one of (say) five "types", each with a given "recoverability rating":
10%
30%
50%
70%
90%
Then we empirically establish that we (still say) can subtract 1% for every 24 hours of activity of the PC after the deletion.
So you have a "10%" PC where the file has been presumably deleted 15 days ago (of which 11 were working days of around 8 hours each).
Our nice hypothetical formula will tell us that we have a probability of (10-(11*8/24))/100=6.33% to recover the deleted file.
What do you do?
1) You look for the file (but with a seriously apathetic and uninspired attitude)
2) You don't look for the file (since you decided previously that anything below 10% is not worth even the attempt)
What would you do if you didn't know that the particular item was rated at 6.33%?
1) You look for the file (optionally with an optimistic or neutral attitude)
2) You don't look for the file (because it is too much work, would cost too much, it is not possible, etc. [1])
jaclaz
[1] This is what usually the corporate IT guys say whenever you ask then anything that could - even hypothetically - result in some work for them.
↧
General Discussion: deleted data survival times
Thanks both for your replies.
I kind of feel the same in the sense that you are both drawing reference to 'practical use'. But then in terms of triage (maybe im trying too hard to find a use), could we infer something for example from event logs showing active times which may then provide a % of chance of recovery and therefore whether it is worth implementing a long carving process?
I wonder if there is some way to determine when a carve would be useful to make things more efficient.
↧
↧
Forensic Software: EnCase export of PST/OST files
Yes can be used to process both PST/OST and other email files.
Its basically an alternative tool to Encase (or rather Encase is an alternative to X-Ways ) as opposed to a specific email extraction program.
↧
Mobile Phone Forensics: Ultra Power Saving Mode - Samsung Galaxy S6
I don't believe it had FRP on.
↧
General Discussion: Guidance Software to be bought out by OpenText
http://investors.guidancesoftware.com/releasedetail.cfm?ReleaseID=1034425
There you have it kids... will have to see what the future of EnCase will look like.
↧
General Discussion: deleted data survival times
Sort of agree, but I think surely thats over simplified. Things like cluster size, allocation algorithms etc - also impacting?
I think length of time used is not as important as the number of transactions taking place (likely one is linked to the other).
Maybe its worth simplifying to say a simple USB memory stick. Say for example, a suspect saves x,y and z on there. Yes, time isnt an issue here, but for example, how likely is natural overwriting to occur. For example, just because a file saved and deleted, then in NTFS, will that portion of the disk not be used at next optimal time as opposed to writing to over areas of the disk. Therefore even a small amount of usage will likely lead to natural overwriting, it doesnt need to be a lot?
Again, i think in practical terms its not massively useful, but knowledge wise maybe interesting.
...Another point, often its not possible to tell how long something has been deleted for. Could understanding deletion and overwritten processes maybe lead to estimates? Hey, i dunno, just throwing random thoughts out there.
↧
↧
General Discussion: People often OVERestimate forensic capabilities
Yes. I agree on a lot of these points. do u think we as a discipline are coming to an end though?
↧
Digital Forensics Job Vacancies: Junior Digital Examiner - Hampshire High Tech Crime Unit
The HTCU for Hampshire Constabulary are recruiting a Junior Digital Examiner.
The successful candidate will support the Digital Forensics Group by maintaining flow of exhibits through the unit and completing early analysis of exhibits to determine the best course of action by using comprehensive triage processes. Reporting the results internally and externally.
Salary Range: £21,999 - £24,030
Closing Date: 26/08/17
To apply go to Junior Digital Examiner
↧
Forensic Software: Opinions on Blacklight
I requested a demo of Blacklight so that I can test it out but I'd also love to hear feedback from the people on this forum.
Specifically, what do you think of its capabilities as a primary forensic tool, e.g. for acquisition, search/indexing, disk forensics.
How does it rate for iOS, Android, Mac, and/or Windows?
How do the artifact capabilities rate against Belkasoft or IEF?
How is the performance?
If you moved away from Blacklight, why?
If you use Blacklight, how does it fit in among your other tools?
Thanks,
-tracedf
↧
General Discussion: Guidance Software to be bought out by OpenText
jpickens wrote:
From OT's perspective it could be a good move since they have a good foot in the discovery arena, EnCase has a decent data acquisition product for their eDiscovery/Risk line. It could tie in with Documentum (which there is some integration already) and other discovery offerings from OT. This is probably the customer base they are looking at.
What OT doesn't have is a cybersecurity or IR platform and this could be a new area for them to invest.
Speaking with some folks who use Documentum, this company is apparently very maintenance fee happy. This is also apparently their first forensic suite they've acquired so they are trying to get into this business it seems like. Considering folks saw a rise in their software renewal fees this year for EnCase, I would hate to see what it looks like if this place nickeled and dimed it to oblivion.
↧
↧
General Discussion: deleted data survival times
tootypeg wrote:
Yer i see your points. Its answered alot of my questions and thoughts about this topic to be honest. I was just after a little research project and wondered if there was anything I could dig around in with relation to deleted files. Shame!
BUT once said all the above, on modern NTFS most probably a "what was deleted when" tool possibly combining a $MFT analysis with $UsnJrnl and $LogFile would provide a (maybe time limited) window on the past.
It won't be a quick triage method, but it will have some practical use, we are shifting from "what the OS/filesystem usually does (and analyze this statistically or evaluate the probabilities of events)" to "what actually happened and can be documented on this specific OS and filesystem".
This would be a good start point:
http://www.forensicfocus.com/Forums/viewtopic/t=10560/
https://github.com/jschicht
jaclaz
↧
General Discussion: People often OVERestimate forensic capabilities
Absolutely. Thats the reason to DIY and code and not only trust on vendorware!
↧
General Discussion: Guidance Software to be bought out by OpenText
Encase is dead, so is FTK as long as they don't improve and adapt.
↧
General Discussion: People often OVERestimate forensic capabilities
Without to train your DIY skills you will lose it. And to manually double-check is very crucial as we as investigators have the burden of responsability - nobody ever will blame the forensics suite.
But for folks way behind in tech forensics suites lure them into 'just connect and get the report'. Formerly the process of collecting was more time-consuming but also during this process the understanding of the case was growing. To master the tech but not understand the crime I refuse.
↧
↧
General Discussion: Going Dark Antistrategy
I am not dreaming but rather strongly propose to think and discuss about a new strategy. There are things you cannot change - but collaborative brain power is a potential not to underestimate.
So how to find an antistrategy against Going Dark?
Do we have to learn indirect evidence like reverse engineering? Do we have to learn indirect concluding? Shall we argue rather reverse from what is missing than what we examine?
I am sure that new forms of evidence are the only way against Going Dark.
For newbies see here
https://www.fbi.gov/services/operational-technology/going-dark
↧
Forensic Software: BHUSA
Who can report from BHUSA for forensics relevant tools? At FF admins would be nice to have a report
↧
General Discussion: Connecting industry with academia a bit more
RolfGutmann wrote:
Academia is welcome but coaching them is beyond time resources
I agree, but as I said, if this process is managed correctly, support is provided by academic staff. What is only required is the initial idea/area/problem context from which to then pursue the research and construct a solution which can be fed back to the client.
Is this an issue people harbour - that they believe that in providing the idea, they become the supervisor?
↧