Also raised was the effect on a victim of 'disclosing everything'. Should a suspect on a rape or domestic abuse case have the entire contents of the victims phone available to them?
↧
General Discussion: Good discussion re disclosure of digital evidence in the UK
↧
Mobile Phone Forensics: MultiCam Reality Distortion
No, its more complex as AI is the 'new kid in town' (we started with the iPhone X last year).
↧
↧
General Discussion: TRA Trust Relations Architecture 5G
Nobody working on PreCrime, PreAccident and PreDrone? Cannot be.
↧
Mobile Phone Forensics: Kali on Tab S4 - pls help!
For a projekt we require 5 Tab S4 (SM-T835) tablets with Kali on them. Before getting from top the 'Go' we have to detailled check about fast and smooth flashing Kali on them with all ints running fully stable.
Who did put Kali on Tab S3s already and can provide us support for the Tab S4?
↧
General Discussion: TRA Trust Relations Architecture 5G
Fully understand, we too were reactive for decades. But since getting a new boss things changed from hunting to trapping (I reported, my boss: No more hunting, lets build traps).
To design the Trust Relations Architecture 5G is the crux. Sensitive citizen data have to be protected in general until crime occurs and the attorney opens the law. The following players are involved:
a) MNO 5G CH
b) Video hardware supplier DE
c) Video Analytics software supplier IL
d) Electrical Infrastructure provider locally CH-ZH (second abbr is state (Kanton))
e) Data Protection Representatives locally, national CH-ZH, CH-BE
f) RADAR supplier DE
g) we
Dropping the setup and electrical running of this combined 3-elements vPolice system lets only focus on the communication layer of RADAR data and Video data. The network management layer is in our own internal ICT dept. hands.
The risk of criminal hacking-in we set up from the beginning to 100% possibility. Immediately you see the risk of destroying our reputation and promisses we legally made. But its unavoidable to lose. So we prepare for 'early morning news: Police system hacked, TBs stolen from UR. What would we say? To defend we want to present a top quality and highly professional TRA documentation.
The only shield to defend would be: We did everything possible, the remaining risk of hacking was considered as much as possible. Reminder we started with 'there is no security'.
But back to a)-g). How to design the level of trust, the limitations of trust and the layers of translucent data insight? There is always a minimum and a maximum. So trust should be limited to the minimum. To legally bind all players by NDAs is obvious, but how to operate?
We also designed a communications roadmap. This included to pre-event commit: We were hacked before it already occured. To announce the bad as soon as possible was consulted from our legal, the pre-event commitment our lab proposal (yes, very! controversal).
Up from May 25th, 2018 the new GDPR regulation forces us to adjust the TRA documentation.
Who runs a Trust Relations Architecture TRA?
↧
↧
General Discussion: Good discussion re disclosure of digital evidence in the UK
I believe there is no problem disclosing to a suspect what was found on their computer. The problems are:
what do you disclose from a victims computer?
What do you disclose to the co-defendant from the other suspects computer?
I think we need to point this out to the OIC and the decision should be theirs or in a major enquiry for the disclosure officer to decide.
↧
General Discussion: How efficient computer forensics
I work at one institutional hospital as a medical record officer. Recently everyone talks about internet of thing(iot) and also change environment of managing medical record from paper to electronic.
I already doing the benchmark at another hospital that apply Electronic Medical Record(EMR) and knowing that EMR is more efficient than using paper. Unfortunately, the future challenge that we need to face when use fully EMR is prone to cyber crime such as attacking unknown virus from outsider.
But how efficient computer forensic help in solve the problem when medical data invaded by someone?
Please anyone explain to me to make it clear.
↧
Forensic Software: IEF (internet Evidence finder) facebook images
On this subject, I'm currently examining a Windows 10 machine, IEF has thrown out some images in the 'Facebook Pictures' section but they are full screenshots of all kinds of internet activity and PC setup etc. They don't look like they are in any way related to Facebook. The file paths are \Windows\SysWOW64\aamdata\ss1\ and the file names appear to be dates/times.
Can anyone help me with how they got there?
↧
Forensic Software: IEF 'Facebook Pictures' in Windows 10, not Facebook images?
I'm currently examining a Windows 10 machine, IEF has thrown out some images in the 'Facebook Pictures' section but they are full screenshots of all kinds of internet activity and PC setup etc. They don't look like they are in any way related to Facebook. The file paths are \Windows\SysWOW64\aamdata\ss1\ and the file names appear to be dates/times.
Can anyone help me with how they got there?
↧
↧
Forensic Software: IEF (internet Evidence finder) facebook images
Here is a link to my response from a similar post. I hope this helps.
https://www.forensicfocus.com/Forums/viewtopic/t=16652/
↧
Forensic Software: IEF 'Facebook Pictures' in Windows 10, not Facebook images?
Thanks for your reply, I wasn't going to trust it because the screenshots are obviously not FB related at all but as always, a bit of confirmation from the experts is always good! Back to the drawing board then to figure out how they got there!
Cheers
↧
Classifieds: Selling TD2 kit
Is your TD2 still for sale?
↧
Mobile Phone Forensics: MultiCam Reality Distortion
How can LEO rebalance or compensate this trend?
↧
↧
General Discussion: Google Assistant LearnOut
Who knows a court-case based on Google Tango, Google Lens or Google Assistant?
Who knows a Virtual Assistant court-case of other suppliers like Siri, Cortana, Echo or Bixby?
↧
General Discussion: How efficient computer forensics
athulin wrote:
Bunnysniper wrote:
Again a student from Malaysia, ...
I even seem to remember someone asking something fairly close to this question last year. Let's see ... yes, NadiaH.
Thistime i did not step into the case <img src="images/smiles/icon_biggrin.gif" alt="Very Happy" title="Very Happy" />But last time i did and gave a quite comprehensive answer.
↧
General Discussion: Unrecognized file system[HPFS/NTFS]
ajeet129 wrote:
I have forensic images which i am trying to extract but when I am mounting in FTK imager they are showing Unrecognized file system[HPFS/NTFS] when i am trying to expand. I was told they are bitlocked but FTK imager doesn't show anywhere where i can use bit locker password. If anyone familiar to this and suggest how to open that would be helpful.
Ajeet
Im going to make a couple assumption here and when you say "mount", you are talking about adding a disk image to FTKi. As far as im aware FTKi doesnt support decrypting disk images.
You can verify that it is indeed bitlocker encrypted by checking the header of the volume. Check out this link, https://www.forensicswiki.org/wiki/BitLocker_Disk_Encryption
You should be able to use the mount feature in FTKi to mount the image and then use windows to unlock the volume and create a decrypted image.
↧
General Discussion: Android traces of rooted
Multiple stock and custom ROMs for Android over the years. Users able to unlock the bootloader can root the device.
My question: Is it always! traceable that a device was rooted before resetting to default?
In-lab we have a device I have human indicators that the device was rooted. But we 'see' nothing.
↧
↧
General Discussion: Good discussion re disclosure of digital evidence in the UK
An interesting video from my point of view which is: American, and newly retired hence the time to spend on this.
Peter Sommer says around 10:14:40 that he's proposing making a copy of the forensic image available to the defense because exhaustive analysis is not possible. I'm surprised that this is not already common practice! I would expect any competent defense attorney in the U.S. to demand a full image copy for independent analysis. Exceptions would be if CP was involved, but even then a full image copy in a controlled environment, vice an uncontrolled duplicate, should still be obtained.
Around 10:35, the question revolves around the standard magic bullet wish, what new tool eliminates the need for understanding and knowledge? I saw that here all the time as well.
Around 10:46, "Can't get evidence from U.S. based companies." Most ironic as headline news here often complains the opposite.
Around 10:55, too much bureaucracy and not enough funding. Oh no, the UK is the same as the US!
The whole second panel, starting around 11:03, while interesting from a legal and social point of view, has nothing to do with digital forensics.
↧
Forensic Software: Recover Facebook Password
Good Evening!
I am trying to assist my Aunt with recovering her Facebook password but to no avail. When trying to reset her password/account, she no longer has access to the email she signed up with. Likewise, there is no phone number to contact someone at Facebook for assistance.
Is there any password cracker/hacker that would work? No, she didn't write her password down or use 2-factor authentication.
Any assistance is greatly appreciated....searching these forums I haven't found anything as of yet. If all else fails, I will just have her create a brand new account.
Thank you for your help.
Beth
↧
General Discussion: How efficient computer forensics
Thank you for the feedback and response. I am a student and also work at one hospital which is want to change from paper to EMR and digital record. My lecture mention about CF but i not clear with that, so i want to know how efficient CF in handling data invaded by someone as prevention action.
↧