Next page. An eBike accident not of our corps is a Chance To Train CTT. If - and then only - try to answer the following questions.
http://www.20min.ch/diashow/242549/big/EE7925BCED27F3F9EB29EF8792F66312.jpg
#1 What brand, model and version of eBike?
#2 What firmware version on the eBike controller?
#3 What eMotor version?
#4 What eMotor controller firmware version?
#5 Was the eBike consuming or recuperating (generating) electric power?
#6 What speed was the last before accident?
#7 Does the eBike has a built-in eSIM (eUICC)?
#8 What battery type and capacity is built-in?
#9 What evidence in addition can be collected from in-lay electronics?
#10 What additional visual indicators can you recognize?
Happy learning eMobility
↧
General Discussion: W2L? HPEV & eMobility Forensics
↧
Digital Forensics Job Vacancies: Cyber Forensic & Incident Response Consultant Cambridge UK
The starting salary will depend on a individuals experience and can be up to £28k as advertised, this is not a salary band, it is a starting salary.
The starting salary range is comparable with similar graduate/entry levels roles currently advertised within the industry. It is reflective of the time and resources needed to invest in the training and development of an individual with limited experience and as experience and skills increase so will their salary.
Individuals can decide themselves whether it is a job they are interested in.
↧
↧
General Discussion: Starting your own Cert in DF
I bucket them into 2 categories:
General competency in a task or category (computer/mobile/JTAG/etc...) which isn't tool specific and tool competency which obviously comes from the tool vendor, both valuable in their own way.
I find the general competency ones are good for getting hired and recognized by your peers (to a degree) especially if they don't know you or your work ethic personally. CFCE, SANS certs, etc... are good examples here.
The tool focused ones also have value in showing competency in a particular tool and it's use. While tools aren't certified for court, the examiner is and showing that you're competent in the tool you used (whatever tool that was chosen for the given task) is important. All tool certs are going to have some level of general forensics training associated to it and that knowledge is transferable but it's usually in reference to it's application in the specified tool.
You mentioned vendor neutral in the last post which would likely fall under general competency but your original post mentioned EnCE which would fall under tool competency IMO.
Not sure your end goals with it but that's typically break them down.
↧
Mobile Phone Forensics: 7 days till end - USB RM iOS 11.4
USB RM or not, there will be always ways to go around.
They make it (Apple), we'll brake it - sooner or later
↧
General Discussion: W2L? HPEV & eMobility Forensics
Rolf,
Is this device a location from which user data and vehicle data is stored and could be collected from (related to these sensor based systems you describe above)?
http://www.lannerinc.com/news-and-events/latest-news/lanner-introduces-next-generation-v3-series-fanless-rugged-vehicle-gateway-controllers
"V3S aims at video surveillance, recording and analytics."
This particular model has a removable drive bay and apparently runs Linux.
↧
↧
Digital Forensics Job Vacancies: Eurofins - Assistant Digital Investigator (Teddington)
Overview
Eurofins Scientific is a leading international group of laboratories with over EUR 2.4 billion annual sales and over 30,000 employees with a network of 375 laboratories in 41 countries.
Eurofins has a network of 16 sites in the UK and the Group provides an unparalleled range of over 100,000 reliable and validated analytical methods and support services to the pharmaceutical, food, environmental and consumer product industries, and to governments.
The Role
To provide forensic examination and data acquisition of digital telecoms and computer based electronic storage devices to as prescribed in the Investigator’s case strategy, and to recognised national standards in accordance with ACPO guidelines. Equipment includes but not limited to, mobile telephones, computers, and components i.e. SIM cards and memory cards. Responsible for timely and proper handling of evidence (exhibit continuity and integrity). Requires a strong interest and understanding of technology and telecoms/computer devices, as well as a desire to learn.
Key Responsibilities and Accountabilities
• To undertake computer and / or mobile phone examinations by the recovery and retrieval of extant, deleted and encrypted data as per Investigator instructions.
• Delivery of work on time and according to Investigator instructions.
• Follow digital strategies and carry out first stage analysis on behalf of Senior Investigators.
• General maintenance of equipment used.
• Required to test and validate tools used during acquisition process.
• To produce accurate intelligence/findings reports.
• Adhere to all quality systems appropriate to the DIU and Eurofins Forensic Services.
Behaviors
• Be responsible for thinking about the standard operating procedures, customer operating protocols and validation / verification documents and provide continuous improvement ideas to the relevant parties.
• Maintains clear communications with customers and colleagues, clarifying expectations and monitoring satisfaction levels. Viewing problems and opportunities from a customer perspective. Seeking information about the real underlying needs of the customer beyond those expressed initially.
• Communicate and work co-operatively with others (within the team, with other departments / sites or external associates) focusing on a collective rather than individual goal.
• Demonstrate initiative; adopting a pro-active attitude to continuous improvement within the areas of technical, quality and efficiency.
Knowledge, Experience and Technical Skills
• IT/Telecoms and/or Forensics background is preferred but not essential.
• Excellent attention to detail
• High levels of concentration whilst working under pressure
• Good organisational and communication skills
• High levels of personal resilience
• Quick learner
• Ability to work in a forensic environment to the highest ethical standards
• Knowledge of forensics software (XRY, UFED, EnCase etc) is desirable but not essential
• Ability to work independently but also promptly escalate case issues/findings to the Investigator
Due to the highly sensitive nature of the work, applicants should note that security clearance is required for this role in addition to random alcohol/drug testing.
Eurofins Forensic services are an equal opportunities employer and are particularly eager to encourage staff progression and development, including lateral moves.
Contract: 12 month fixed term contract / secondment
Pay: – TBC
Closing date: 26/05/2018
To apply, please forward your CV to Andrew Lau at andrew.lau@lgcgroup.com
↧
Forensic Software: PST Search Tools
passcodeunlock - haven't purchased anything yet, still doing the research. I procured a product called MailExaminer previously and it turned out not to be particularly good at dealing with large volume PSTs so I want to make sure I get it right this time.
↧
General Discussion: How can LEOs and Criminals talk?
bshavers wrote:
LEO: "Hey Sarge. Can I have 2 bitcoin to buy this exploit from an anonymous criminal on the Dark Web so that I can use it to do forensics on this difficult case?"
Sergeant: "Are you on crack?"
...
LEO: "No, really, it is a matter of life and death, this guy here has the sollution and it's only 2 bitcoins"
Sergeant: "Hmmm, if you say so, as long as you get a proper invoice, OK. Do call the accounts department and ask them for the money and the applicable taxes, I believe that those fall into provision §6.22 "Software, consultancy and other immaterial services delivered by criminals" are V.A.T. exempt.
jaclaz
↧
General Discussion: Starting your own Cert in DF
tootypeg wrote:
Been thinking about starting a certification (like an EnCE etc) and just wondering what the issues, thoughts around certs are etc?
Utility, Credibility, Validity
Credibility is probably going to cost you. There are standards for certifying organization -- you may need to get a certificate of your own just in order to separate yourself from the common diploma mills.
The Wiki article on Diploma Mills has some useful points to ponder. (as does https://www.propublica.org/article/no-forensic-background-no-problem)
(I have a certificate from the Universal Life Church that I'm an Certified Prophet. I think -- I only use it when I want to discuss finer points of certification with people who haven't had to face the problem in detail.)
Just remember to cast a glance at the CCFP from ISC2, who are a fairly highly regarded certification company (modulo issues like those you mention). ISC2 announced the certification in 2012 (or perhaps it was 2013), several 'solid' education companies jumped aboard, but as of one or two years ago, the courses have been cancelled and existing certificates will lapse in 2020.
Why did they fail? It probably wasn't in the infrastructure and the logistics of computer forensics certification -- it must have been something else.
↧
↧
Education and Training: Forensic Explorer Training in London and Frankfurt 2018
Check out the Get Data website for Forensic Explorer training.
This is the first year we are bringing the subject matter to the UK and Germany.
There are limited places so grab a seat before they are all gone.
Fex Training
If you have any questions or wanted greater detail than is listed on the site feel free to contact me directly on duncan.gardiner@rapu.co.uk
↧
General Discussion: Wiping a BitLocker Encrypted USB Drive - Possible?
Only for the record, here is some discussion on the various related Registry settings (some of which are used in some WinFE versions) and other related stuff/tools:
http://reboot.pro/topic/19687-winfe-sanpolicy-and-noautomount-combinations/
http://mistyprojects.co.uk/mistype/mini-winfe.docs/readme.files/diskmgr.htm
http://reboot.pro/topic/21481-is-the-disk-really-write-protected-possible-windows-api-bug/
Also, JFYI, Dynamic disks (rare as they may be in real world) seemingly behave slightly differently (though this is related to the opposite issue, having a volume read only):
http://reboot.pro/topic/15883-winfe-dynamic-disk-problem/
http://reboot.pro/topic/18882-some-questions-and-sanpolicy-values/
jaclaz
↧
Forensic Software: Windows triage script
Beleka wrote:
But i have a doubt, for example a malware could modify reg and wevutil to corrupt the output from the command,no? Can i copy them from a safe system into my usb and use the safe version of them? for example:
Code::
move C:\Windows\System32\wevtutil.exe X:\WinBackup\wevtutil.exe
move C:\Windows\System32\reg.exe X:\WinBackup\reg.exe
move X:\wevtutil C:\Windows\System32\wevtutil.exe
move X:\reg.exe C:\Windows\System32\reg.exe
Two things:
1) "move" is NOT "copy"
2) for the same reasons you posted (the possibility that a malware corrupts either wevtutil.exe or reg.exe, there is nothing that excludes that the malware ALREADY corrupted them OR that it would corrupt them during the copy operation, as a matter of fact the hypothetical malware could well be triggered exactly by issuing a "copy" command.
So - theoretically - you should have on an accessible USB stick YOUR OWN (already checked) copy of reg.exe (in a version compatible with the OS at hand and also the same applies to wevtutil.exe (which I believe has additionally, unlike reg.exe, a number of dependencies).
All in all, if you fear that such a malware exists, it would IMHO make more sense to copy the actual .evtx (and Registry) files and analyse them with a third party tool (known to be working and surely not tampered with).
jaclaz
↧
General Discussion: Starting your own Cert in DF
athulin wrote:
I have a certificate from the Universal Life Church that I'm an Certified Prophet. You mean the ULC?
https://en.wikipedia.org/wiki/Universal_Life_Church
Good to know <img src="images/smiles/icon_smile.gif" alt="Smile" title="Smile" /> .
I attempted something similar, thinking that it would have been more fun than ULC, but for some reasons the CFSM didn't provide me with an actual certificate <img src="images/smiles/icon_wink.gif" alt="Wink" title="Wink" /> :
https://en.wikipedia.org/wiki/Flying_Spaghetti_Monster
jaclaz
↧
↧
General Discussion: Anyone going to Techno (room)
No one is going who has an extra bed?
Rolf vetted me to "not be a criminal" if that helps.
↧
General Discussion: old iOS img on new iOS
Is it possible with actual iTunes to restore a local non encrypted or passcode-based backup (iOS 9.x) to a brand new iDevice (iOS 11.3.1) to keep the old iOS?
Apple dynamically signs iOSs and unsigns old iOSs.
As for our in-lab highly secret mobile field-intel we have a restriction to keep an iOS before Siri, but crashed a device recently (mountain rescue missed hiker by multiangulation of HB9 relays).
Who knows how to trick and solve this?
↧
Mobile Phone Forensics: 7 days till end - USB RM iOS 11.4
Who has a C-level friend at GrayKey to get in touch with?
↧
General Discussion: W2L? HPEV & eMobility Forensics
Dont think so. You better look for a high-performance IOPS datalogger with fast! ints. Requires high performance Ryzen or min Xeon based. Think about high power consumption and cooling tower with out-car layer.
↧
↧
Mobile Phone Forensics: W2L? 5G - your entry point
5G formal protocols to learn at the weekend
https://www.ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/information-security-group-dam/research/software/5G_lanzenberger.pdf
↧
General Discussion: PowerBank to Kill
RolfGutmann wrote:
We later found that the device (Android 7.0) got infected by the powerbank which had a modified and extended battery controller with a directly on-soldered microsSD with malware onboard.
What mechanism allows the malicious code on that kind of device to execute? Is there some kind of 'autoexec' mechanism that Android uses? Or does it rely on the curious user starting the hostile code manually in some way?
Something more seems to be required.
↧
Forensic Software: EnCase 8 “Is Deleted” field.
Just got a question as I could not figure it out.
Using EnCase 8.06.01.05 and when doing the reporting I want to add the field “Is Overwritten”
In the report template created my own with those fields:
table(type=Bookmark, path="Files of Interest\\test", columns="Name,ItemPath,Created,Modified,Accessed") par
There is no field for “Is Overwritten” and adding manually “Overwritten”, or “Is Overwritten” does not work but the columns is there.
Any suggestions?
↧