Or move up north and never touch a computer again
↧
General Discussion: Pls remove trackers on FF!!!
↧
Digital Forensics Job Vacancies: Digital Forensic Reverse Engineer & Researcher (UK Based)
Advanced Digital Forensic Solutions, Inc. (ADF Solutions) is the leading provider of intelligent digital forensic software used by corporations, law enforcement, military and, intelligence agencies worldwide.
We have an opportunity in the UK for a Digital Forensic Reverse Engineer and Researcher who will work with our Senior Digital Forensic Reverse Engineer and Researcher.
This is a very exciting opportunity to enhance an ambitious career that can lead to new and exciting opportunities as the company grows.
Come be part of our team!
For details on the job posting and to apply please visit our website by clicking here:
Digital Forensic Reverse Engineer & Researcher (UK Based)
↧
↧
General Discussion: Good discussion re disclosure of digital evidence in the UK
Also this from BBC in UK https://www.bbc.co.uk/programmes/b0b228hf
↧
General Discussion: Destination drives smaller than the source drives
Passmark wrote:
Dynamic disks are now considered deprecated.
That seems to be relevant for anyone creating storage solutions, i.e. using dynamic disk management APIs and tools as an architectural component in applications or systems. Basically, if you base your solution on VDS API, you may be in for a surprise as Microsoft is going towards WMI instead.
But is that the suggested usage here? I got the impression that it was more of a 'how do we solve this particular problem in this particular case?' question.
The 'depreciation period' mentioned in the cited page is not stated, it seems. The table suggests that it may be related to the transition from VDS API to WMI as well as the transition from Disk Management GUI to Powershell etc., but nowhere is there an indication that backwards compatibility will be lost entirely in a near future, only that current management solutions are being transitioned.
As long as it's a temporary solution, and in the absense of indications of disk structure support going end-of-life I wouldn't worry too much. If the images are something that needs to be archived for multiple years, support for dynamic disk on-disk structures will be necessary to keep track of, of course. But that is true for RAID solutions as well. I'd try to verify that some current Linux is able to read the resulting disc structure, and add a copy of it to the archive as a alternative access method in case Windows 11 drops support for dynamic disk HDDs altogether.
↧
General Discussion: TRA Trust Relations Architecture 5G
In-lab we run a new vPolice model. It consists of 3 elements to improve the now.
#1 PreCrime SafetyMonitoring (of critical city fragments)
#2 PreAccident TrafficActors (collecting BigData of Inter-Actor physical spaces)
#3 PreDrone CitySkyMonitoring (catch starting locations of eFlight objects)
#1 is a non-privacy-violationg system of CVPR and AI complexity reduction. No faces only but fast 'there is something > GoFast'. We call this WeNo-SysKnows. We only got this cleared by law that the system collects but does not reveal in general, only postcrime by warrant.
#2 For years we observe that the individual physical space of traffic actors shrinks. We early want to be alerted of RRA Rising Risk of Accidents. This RADAR system runs fully vertical and no ANPR, no video at all, just spaces.
#3 A small slice horizontal (like in a tank) video system detects drones and birds. The hard part is to sort out the birds. A district got an advanced PreDrone system, the private citicens pay monthly for fast police showup. A Wifi directional small horizontal layer jammer was dropped as to much RF power required.
This the important intro to come to the point. All this runs with multiple partners outside of LEO and designed for 5G network slice for LEO. Related to security we started with 'there is no security'. So we now are interested in a public forum of what you think how to design and structure new types of trust relations. Whom be trusted, in which respect and to what extent.
Please give us feedback of the trust architecture based on 'there is no security'.
Thank you in advance.
↧
↧
Digital Forensics Job Vacancies: Digital Forensic Investigator - 6 month contract, London
A leading Government Body in Central London is seeking a Digital Forensic Investigator to help them at a time of heightened activity for a 6 month contract.
The organisation are processing a substantial amount of digital evidence in accordance with ACPO guidelines.
The focus of the role will be to work on a substantial amount of phone based evidence.
You will require experience working within a similar post with forensic tools such as EnCase and Nuix. A lot of this evidence is on mobile phones so experience working with Cellebrite or XRY would be highly beneficial.
The role is paying around £400 per day for the duration of the contract.
They are looking for someone who can start ASAP.
Please contact me on danielrichards@morgan-law.com or call me on 0207 747 4921 for more information.
↧
General Discussion: Good discussion re disclosure of digital evidence in the UK
Glad you found the link of interest.
My own position would be very similar to Peter Sommer's in disclosing everything (if requested). As soon as you go down the route of not disclosing everything, you are putting the prosecution in a very tricky position re their decision making process.
Part of the issue seems to be that disclosure is not built into either quality systems or the "mind set". A discloure list, bundle or set of drives should be building up as the investigation advances rather than a last minute "treasure hunt" to track things down.
Having said that, when you have multiple parties (conspiracy etc), then there are obvious issues re privacy and I honestly dont see any easy solutions with that.
On a wider note, I do wonder if (even on a subliminal level) , disclosure is seen as "helping the bad guys" and, therefore, does not get the focus it deserves. I dont want to sound preachy (is that a word?) but we should all think of ourselves on the same side in terms of establishing facts rather than a "them and us" culture. I have had cases where I have tracked down fragments of data that have helped greatly assisted the defence (whilst working for the prosecution) but I am just as pleased with the level of work. Not sure if this is the same within the Police?
↧
General Discussion: Destination drives smaller than the source drives
Passmark wrote:
Dynamic disks are now considered deprecated.
See,
https://msdn.microsoft.com/en-us/windows/compatibility/vds-is-transitioning-to-windows-storage-management-apiAnd ... ? <img src="images/smiles/icon_confused.gif" alt="Confused" title="Confused" />
It is not about starting the development of a new backend storage to a cloud and IOT based framework <img src="images/smiles/icon_eek.gif" alt="Shocked" title="Shocked" /> , it is just §@ç#ing storing temporarily some data in a convenient way for analysis.
I will gofurther, stating that Dynamic Disks worked just fine for at least 18 years, over at least 5 "major" Windows OS releases, whilst Storage Spaces, which most probably are indeed and nonetheless the third best thing in the world after sliced bread and icecream <img src="images/smiles/icon_wink.gif" alt="Wink" title="Wink" /> , are largely untested and far from being proven to be "reliable".
Also, even if admittedly Dynamic Disks have never been "popular" or "common", it is not like since 2017 all the data stored on hard disks using them has become unreadable ...
To make an easy comparison, 16-bit computing has been deprecated since a lot of time (and they are starting to deprecate 32-bit) but it is not like a good ol' DOS program sopped working because of the deprecation [1].
jaclaz
[1] as a single data point, I keep using a very vertical accounting system that runs on DOS because it just works (and yes the Windows version of that same program has a lot of -fancy - more features that I don't need and like most of the competitors I tested it is much less straightforward in actual operation).
The underlying database is DBASEIII, that has been probably been "deprecated" circa 1995, yet it simply works (for the simple things it has to do).
↧
General Discussion: SQLite Forensics Book
Great stuff, will check this out, heaven knows where you find the time?
↧
↧
Mobile Phone Forensics: Iphone 6 data recovery
Please don't post crap, the original post is about iPhone 6!
Outdated informations and non-working craps are very misleading and lead to waste of precious time.
↧
Forensic Software: Encase 8.07 APFS
I'm having the same issue with an E01 created using Macquisition 2018R1.2
This admittedly is an Encrypted APFS and blacklight is the only program I know so far that can decrypt it.
↧
General Discussion: When do best practices "kick in"?
This could be a costly mistake on the part of your client. When I have cases like this, I take the opportunity to educate my client in a diplomatic fashion. I encourage them to develop company wide policies and procedures for handling former employee's digital devices, emails, files on any shared drives, and when to contact a forensic expert/law enforcement.
They may lose this time, but the next time hopefully they will get a win.
In regards to the defense barrister, even if the company and you did everything right, it is his/her job to muddy the waters on behalf of the client. But your client has not done himself or you any favors by messing with the computer.
↧
Mobile Phone Forensics: PoC Exploit Samsung Android Phones
It's a decent exploit and MTP data is better than nothing usually. A friend of mine used it for an S7 that had a busted screen that couldn't be repaired. Security patch level needs to be before Oct/Nov 2017 (depending on the device). Encryption shouldn't be a problem but the secure boot would cause an issue as you need to boot the phone.
If you have Magnet AXIOM, it uses this exploit and works quite well. If you don't have it, give the script a try.
Jamie McQuaid
Magnet Forensics
↧
↧
General Discussion: When do best practices "kick in"?
pbeardmore wrote:
We also have the issue of the network being live so did the ex-directors or other members of staff have remote access?Sure, and you have also a chain of custody issue regarding the interval between when the practitioner left the PC's and office unattended and the exact time/day the LEO's took charge of the matter.
What happened in that time lapse?
Did the ex-directors or other members of staff had access to the premises and computers?
Did a homeless hacker <img src="images/smiles/icon_eek.gif" alt="Shocked" title="Shocked" /> use the office for the night and while there change a few files to keep him/herself busy?
How can you prove it didn't happen?
Has the building been inspected to exclude the presence of a secret passage through which an ex-director may have entered the office?
Some will also advise you that best practice is to cut off the electricity of the office (or of the whole building or of the whole block, it depends on who is giving advice ) and put a guard before all entrances (of the office, of the building or of the block) to be on the safe side before even entering the premises and video record the whole activities performed during the access, using additionally a keylogger to record each and every key the practitioner pushed on any keyboard.
And if you do the above, someone else will come out telling you that by cutting off electricity you effectively prevented imaging RAM contents of the PC's that were on at that time, thus potentially losing a whole lot of "volatile" data, and that having pushed any key on the existing keyboards before fingerprints were taken may have altered evidence of other unauthorized people using them[1].
jaclaz
[1]and you cannot bring your own keyboard, because disconnecting and reconnecting a PS/2 keyboard to a switched on system may fry the motherboard (it never happened, but it is one of the warnings given at the time they were more common) and if you use a USB one, of course the plug 'n play manager will do a lot of writes to the Registry.
↧
Mobile Phone Forensics: PoC Exploit Samsung Android Phones
mcman wrote:
It's a decent exploit and MTP data is better than nothing usually. A friend of mine used it for an S7 that had a busted screen that couldn't be repaired. Security patch level needs to be before Oct/Nov 2017 (depending on the device). Encryption shouldn't be a problem but the secure boot would cause an issue as you need to boot the phone.
If you have Magnet AXIOM, it uses this exploit and works quite well. If you don't have it, give the script a try.
Jamie McQuaid
Magnet Forensics
Hi, I've a Samsung J320F with secure boot enabled and I don't know the password.
Dump via Forensic recovery with axiom won't help because phone is encrypted, do you think there is any way to get files?
↧
Digital Forensics Job Vacancies: Cyber Forensic Lead – London/Paris
Cyber Forensic Lead - Highly Respected Financial Services Provider
A leading financial services provider is seeking a Cyber Forensic Lead, to be responsible for leading Forensic activities within in the Information and Communication Technologies Risk department. This will involve examining and recovering data from electronic storage devices and systems. You will be responsible for identifying networks, systems, databases and applications that have been compromised by cyber-attacks, and be expected to effectively dismantle and rebuild systems, in order to retrieve/investigate lost data.
Key Accountabilities
Conduct and lead all Cyber Forensic activities, relating to data breeches and security incidents.
Recover and examine data from electronic storage devices and systems.
Operate and maintain a Digital Forensics Lab Environment, including all technologies, processes and evidence.
Improve the effectiveness of the Internal Controls programme, by reviewing the current environment, risk assessment process and information and communication monitoring activities.
Key Requirements
Prior experience, within a global enterprise, of conducting Forensic and Incident Response investigations across multiple technologies and platforms.
Able to independently investigate complex cases, including, fraud and abuse, cyber security incidents, asset misuse, and corporate policy violations.
Familiar with signature and malware analyse.
Able to interpret application and device logs, from a variety of sources, for example, Firewalls, Splunk, Proxies and Web Servers.
What's in it for you?
With a presence in over 70 countries, this organisation works continuously on behalf of their clients, in both emerging and mature markets. This is an exciting time to become an integral part of a diverse team, whilst having the stability of being part of one of the largest financial services provider in the world.
To find out more about this role and to apply please click here or follow the link below
https://www.cybersecurityjobsite.com/job/5109263/cyber-forensic-lead-highly-respected-financial-services-provider/
↧
Mobile Phone Forensics: PoC Exploit Samsung Android Phones
passcodeunlock wrote:
I already posted that the security patch level of the SM-N950F device I got is newer and this exploit won't work <img src="images/smiles/icon_sad.gif" alt="Sad" title="Sad" />
Any ideas are welcome, if we could dump the phone (even encrypted) we could move forward...
Yeah sorry that part was meant as a general information for anyone else looking at that exploit, I knew neither option would work for you based on the patch level.
My next guess would be engboot? I haven't tried one for a Note 8 yet but I've seen a few files out there for them. Worth a shot anyway.
Jamie
↧
↧
General Discussion: Good discussion re disclosure of digital evidence in the UK
pbeardmore wrote:
On a wider note, I do wonder if (even on a subliminal level) , disclosure is seen as "helping the bad guys" and, therefore, does not get the focus it deserves.
Or perhaps, in some parts of the world, 'does not help me to win'.
Noted this some time ago: http://www.governing.com/gov-criminal-justice-reform-Brady-evidence-lc.html?utm_term=More%20States%20Force%20Prosecutors%20to%20Hand%20Over%20Evidence%20--%20Even%20When%20It%20Hurts%20Their%20Case&utm_campaign=More%20States%20Forcing%20Prosecutors%20to%20
I suspect there is a difference between adversarial judicial processes and inquisitorial/nonadversarial, but I'm not sure I've seen any studies of if it has any effects on disclosure.
↧
Mobile Phone Forensics: Iphone 6 data recovery
@AlbertJh
This software is a crapware buddy. It has nothing to do with data recovery.
↧
Mobile Phone Forensics: MultiCam Reality Distortion
Something like an USGLDCM (Universal SigGraph-like Distortion Correction Model), i.e. this approach extended beyond portraits and selfies? <img src="images/smiles/icon_confused.gif" alt="Confused" title="Confused" />
http://www.ohadf.com/papers/FriedShechtmanGoldmanFinkelstein_SIGGRAPH2016.pdf
applying to images standard tensor-vector multiplications in the in thei-th dimension is definitely an interesting field of research.
Besides the paper, the good guys at Princeton have also a demo site:
http://faces.cs.princeton.edu/
jaclaz
↧