On the iOS setup process the apple server makes a IP geolookup and proposes the 2nd time a respective country language. Apple could easily geofence the activation process to the respective continent e.g. based on the GDPR.
Faked/Changed DNS entries are normally the first step into CyberDeath.
↧
Mobile Phone Forensics: iCloud lock removal
↧
Forensic Software: Encase 8.07 APFS
Hey
As most of you have probably seen Opentext are now saying they support APFS within encase 8.07. Has anyone actually got this to work?
I have a physical image of a drive from a macbook, the drive has an unencrypted APFS volume but when loading into encase all i get is an entry called 'mastersuperblockcontainer' and below that about 128 entries called checkpoint. I can mount the image on a mac and view the data without problem, also blacklight can parse the image without issue.
I have spoken to opentext and they are dodging the issue blaming the problem on the method of e01 creation (Guymager).
Has anyone actually managed to view data from an apfs volume within encase?
Cheers
↧
↧
General Discussion: Good discussion re disclosure of digital evidence in the UK
Well worth a watch IMHO
https://goo.gl/w85FJ7
↧
General Discussion: Pls remove trackers on FF!!!
Its may definitely the wrong website to run trackers like Facebook Connect and Google Analytics. I have to contribute on one hand but being hurt by trackers like mentioned on the other.
Shall I delete my account?
Yes there are add-ons to block but e.g. on mobile device OSs not possible.
Pls remove Facebook Connect and Google Analytics!!!
↧
General Discussion: Encase 8 L01 file creation of a zip file
Thank you for the response i tried all the possible combinations of checking and unchecking the files but it seems nothing works with the zip file.
I was hoping if someone knows the turn around to work out the things.
↧
↧
General Discussion: Google Assistant LearnOut
After Google IO the Assistant gets more powerful. We got a case where we want to LearnOut all about the suspect by 'asking' the Google Assistant dedicated questions. 2nd we will buy from Google the data evidence for court.
For this we got from state attorney the following TestQuestions to 1st time try to find out:
#1 What locations the suspect has been May 3rd 2018?
#2 What was his emotional state at a certain time before crime?
#3 Whas what his medical body state based on face analysis?
#4 What clothes did the suspect wear at the crime time?
#5 What companion joined the suspect before crime?
#6 What did the Google Assistand AI-based conclude this date?
#7 What reliable format do we get this data from Google?
Who in law enforcement knows a similar Google Assistant case for comparison?
↧
General Discussion: SQLite Forensics Book
Its a hard piece of work besides daily business to write a book. Great respect.
Not everybody shares his secrets.
↧
Forensic Software: MAC memory dump
dandaman_24 wrote:
pr3cur50r wrote:
Axiom now has Volatility support also. :)
Have you tried a mac RAM dump in AXIOM since the volatility support ?
I have and it wasnt able to parse the RAM dump.
The new Mac profiles came out after we released our support with Volatility, we'll update to include the new profiles in the next update I believe.
If you want to add them before then, you can get the new volatility executable that includes the new mac profiles, go to the AXIOM install folder and swap out the volatility executable for the new one and it should work. The exe swap works pretty great if you want to use beta/test builds from Volatility too.
Jamie McQuaid
Magnet Forensics
↧
General Discussion: Computer Forensics Investigation Process
In this case please do what jpickens said!
It is not possible to do any kind of forensic task the right way as a "newbie"
↧
↧
General Discussion: Destination drives smaller than the source drives
As calimelo suggested, since you need a temporary solution for this task only, having handy the original source drives if anything goes wrong, it is pretty safe to create a RAID0 (stripe) from the smaller drives you got.
For the long run I really suggest you to get drives big enough to handle your tasks. Please don't rely on a temporary solution like this, because if any fault occurs on any of the RAID0 members, it will cause total data loss!
↧
General Discussion: Anyone going to Techno (room)
Anyone?
↧
General Discussion: Pls remove trackers on FF!!!
Your (armresl) negative approach in general against me sucks.
↧
Forensic Software: EnCase 8 “Is Deleted” field.
Sorted, Thank You Kindly !
↧
↧
General Discussion: Computer Forensics Investigation Process
Recently a large number of 'fake' requests of Newbies came from Malaysia. They just faked to get answers to exams.
Please proof your trustworthyness first and thank your compatriots.
↧
General Discussion: Destination drives smaller than the source drives
How full are the source drives?
And what kind of content do the source disks contain? Some file types compress really well, others won't compress at all as they are random data, encrypted data or already compressed.
If the disks aren't full then, if you were desperate, you could just take the files and ignore the free / allocated space (Sometimes called a logical image). Depends on the nature of the job as well.
If you don't have RAID hardware have a look at Storage Spaces in Win10
https://support.microsoft.com/en-au/help/12438/windows-10-storage-spaces
(note that I haven't tried it myself, but it seems like it should work)
↧
General Discussion: Pls remove trackers on FF!!!
Rolf,
I'm not sure why you've decided to post this request again, nor why you would post it to the forums, but for what it's worth my previous reply still holds true, i.e. the code (e.g. Google Analytics) you're referring to is used to:
Quote::
- Display and rotate advertisements from our advertising partners
- Track site usage (e.g. number of visitors, which sections are most/least popular)
- Extend functionality (e.g. social sharing)
I understand that you're uncomfortable with the above but there are no plans whatsoever to change the way we measure site usage or offer advertising.
I sense you may be happier in a more secure environment - should that be the case and you would like to close your account here, please don't hesitate to submit a request through our contact form.
Jamie
↧
Mobile Phone Forensics: How to validate a cellebrite extraction
I took the cellebrite training course and during the training they let you know that cellebrite collections are not forensically sound.
Depending on the type of the extraction method it could be storing the md5 hash just in the XML and the files are all loose and can be meddled with on the destination media.
My instructor recommended putting the extraction into a forensic image format (ad1 or l01) , use a different tool and compare, hand scroll method .
Let me know if you have any further questions I can look in the books they provided for their documentation on a subject.
↧
↧
General Discussion: OST to PST converter
If you're seeking OST to PST Converter Tool so that you can import OST saved emails, messages, contacts, appointments, notes, etc. in Outlook Application where PST support then download and install our recommend OST to PST Converter Software. Along with PST software can convert OST in some other valuable file format such as in MSG, MBOX, DBX, EML, etc. and before saving OST in these files it lets users recover the OST data if it has been corrupt.
Read more: www.recoveryandmanagement.com/repair-ost-and-convert-into-pst-outlook
↧
General Discussion: Pls remove trackers on FF!!!
Yes, that works
↧
General Discussion: Destination drives smaller than the source drives
Hey guys, Dynamic Disks anyone?
They are around since Windows 2000, no need for fancy RAID hardware.
Of course a more recent Windows will be needed to use 3 TB disks, but anything Vista or later would do, and since OP is already using them, it means that he already has a 2TB+ compatible OS.
jaclaz
↧