Someone can help me how to access severity impact of the data theft in organization?
↧
General Discussion: There's a thief !
↧
Forensic Software: Encase 8.07 APFS
Works for me
↧
↧
General Discussion: Pls remove trackers on FF!!!
tootypeg wrote:
Is it true that if you place tin foil over your mouse, you cant be tracked? asking for a friend.
Tinfoil is so '90's ...
JFYI, Velostat is much better, besides its main use as alien abduction preventer:
http://reboot.pro/topic/13177-an-improved-electromagnetical-shielding-device/
http://www.stopabductions.com/
jaclaz
↧
General Discussion: There's a thief !
Zoey wrote:
Someone can help me how to access severity impact of the data theft in organization?
access or assess? <img src="images/smiles/icon_question.gif" alt="Question" title="Question" />
https://users.wpi.edu/~nab/sci_eng/99_Jul_05.html
jaclaz
↧
Digital Forensics Job Vacancies: Forensic Mobile Analyst
A consultancy that is a specialist service provider of a wide range of digital forensics services to the law enforcement, legal and corporate markets, are looking for Forensic Mobile Analyst to conduct complete investigations.
Responsibilities will include but not be limited to:
• Case management and Forensic Analysis of Mobile Devices
• Securing and preservation of digital evidence
• Procedure and documentation development
Experience:
• Experience with XRY, CelleBrite, Oxygen Forensic and MobilEdit
• Experience of physical memory extraction methodology (Hex Dump)
• Excellent report writing skills
• Fully conversant with the Digital Forensic Process and current ACPO Guidelines
Security Clearance:
Due to the nature of the role and our work, applicants will be required to be SC Cleared.
Contact Joe Rowley on 02037622230 or joe.rowley@ fitzroysolutions.com
↧
↧
General Discussion: There's a thief !
@jaclaz: very nice remark from a non-native English speaker
For me "assess" makes sense in the original post.
↧
General Discussion: Pls remove trackers on FF!!!
Don't blame only RolfGutmann, as many normal people, I'm against trackers too! I don't like when any data related to me is used by unknown. Just because!
↧
Digital Forensics Job Vacancies: Forensic Mobile Analyst
Location ?
↧
Digital Forensics Job Vacancies: Digital Forensic Analyst - Sussex Police (Haywards Heath)
This vacancy has been re-advertised as there were no applicants!
↧
↧
General Discussion: There's a thief !
Zoey here are some links you may find helpful regarding data theft and issues associated with assessing severity and impact:
Series of articles about assessing severity
https://www2.idexpertscorp.com/knowledge-center//single/hurricane-data-breach-assessing-severity-in-the-eye-of-the-storm
https://www2.idexpertscorp.com/knowledge-center//single/assessing-data-breach-severity-employee-downloading-malware
https://www2.idexpertscorp.com/knowledge-center/single/assessing-data-breach-severity-third-party-incident-expose-credit-card-data
Other useful reading
https://www.enisa.europa.eu/publications/dbn-severity/at_download/fullReport
https://www.ponemon.org/local/upload/file/Aftermath_of_a_Data_Breach_WP_Final%20.pdf
https://www.informationpolicycentre.com/uploads/5/7/1/0/57104281/cipl_gdpr_project_risk_white_paper_21_december_2016.pdf
https://www.shredit.com/getmedia/9836c4ce-5d0b-46f1-9b45-1f16f885d790/Shred-it_Data_Breach_Costs_USA.aspx?ext=.pdf
However, there is a large body of reading material available from use google search engine
↧
General Discussion: Pls remove trackers on FF!!!
MDCR wrote:
you should already have figure those out instead of advertising on a forum about it.
MDCR - Spot on.
Also, as an observation, I cannot see any benefit for Jamie running FF if he is expected to run FF out of his own money - there is a limit to the idealism associated with a 'labour of love'. This is a business and FF makes use of tools that encourages advertisers so that members like you and me can use it FREE OF CHARGE. FF is not a charity, it is not funded out of tax payers cash or anything else.
↧
General Discussion: AXIOM - No case found in this location
Does anyone know how to recover a case? I processed an evidence file and pulled it into Examine. When I opened Examine back up, it cannot open the case stating "No case found in this location." What should I start looking for? There are two files that appear to be case-related - "case information.xml" and "case information.txt", but I'm not sure what option may be missing from the xml file that would identify it as a case.
Thanks!
↧
Mobile Phone Forensics: How to validate a cellebrite extraction
Awesome idea! Trying it now thanks!
↧
↧
Mobile Phone Forensics: PoC Exploit Samsung Android Phones
A PoC (Proof Of Concept) exploit takes advantage of a known vulnerability in Samsung's Android phones that allows an attacker to access phone storages via USB, bypassing lock screen and/or Charge only mode. This is because one of the most common ways to connect your Android phone to your computer is by using the Media Transfer Protocol (MTP). Via MTP you can manage folders, files (and some other things) on the different storages (i.e. internal memory and SD) available on your device. When the screen of the phone is locked with password or when the USB mode is set to Charge only it shouldn't be possible to access the device via MTP (or other USB protocols). In reality what really happens is that the device will prevent you from obtaining the "list" of the available storages, but it will let you do everything else. Many common MTP clients won't, probably, let you access a device that reports zero storages. But you can write a client that just asks for a list of all files on all storages and the device will satisfy your request. The interesting thing is that in the answer that you will get from the device you will also have storage ids for the returned files, which means that now you can use those storage ids with request that can't be issued generically against all storages i.e. file uploads. This vulnerability has been found on Samsung's devices from 2012 until 2017, with any android versions from 4.0.3 to 7.x.
The tool is free - https://github.com/smeso/MTPwn
↧
General Discussion: Good discussion re disclosure of digital evidence in the UK
Pat, I had watched it and found the discussion from all three presenters to be very interesting. Clearly, their working perspective is similar to others experiences; but it is the solutions being put forward as probable answers to existing problems that raise even more questions.
It does seem strange...
Where they stand:
(1) FSR has pushed for compulsory ISO17025 and that has public sector costs (e.g. tax payers money) associated with it.
(2) Law enforcement has to equally buy the forensic tools and other items to gather the evidence and that has public sector costs (e.g. tax payers money) associated with it.
(3) The system then falls down (as we learned from the discussion) as the analysis of the evidence isn't complete due to lack of money and staff time, etc.
What might become of it:
(4) The discussion raises the proposition, should the defence expert have all the digital material, which introduces the notion if evidence is missed or overlooked in a sea of terabytes of data who would be liable then? This is without the implied reduction in costs to defence experts?
(5) With all the terabytes of data to hand would the defence expert now have an obligation to the prosecution to act (pro-tempore) to bring evidence to the table that the prosecution missed to support their case? Would the defence expert be paid for that bifurcated obligation as well?
↧
General Discussion: Computer Forensics Investigation Process
Recently a large number of 'fake' requests of Newbies came from Malaysia. They just faked to get answers to exams.
Please proof your trustworthyness first and thank your compatriots.
↧
Mobile Phone Forensics: How to validate a cellebrite extraction
CCSO wrote:
Awesome idea! Trying it now thanks!
I am glad I could help you out.
↧
↧
General Discussion: There's a thief !
Why you did not inform the Police as this is crime? Is the Police corrupt in your area?
↧
Mobile Phone Forensics: PoC Exploit Samsung Android Phones
Thanks for sharing, this post came right in time! If it will work on the device I got in a highly sensitive case, hopefully it will keep behind the bars a dangerous criminal!
If it works, I'll write some feedback on it.
↧
Mobile Phone Forensics: How to validate a cellebrite extraction
The big problem is that you can't validate manually everything - or you maybe could, but you will be very old - or dead - until / before finishing your task.
Validating the data is based on trust made on samples, but a few files out of many thousands might fail. The worst is that you can never know!
If you turn on a device, over 100+ files will be modified by simply starting it. If it is possible, always do everything the forensic way - off-line.
Try asking for very specific questions when doing mobile forensic tasks, so you could use different tools to validate the results.
↧