Hmm, I'm in doubt a bit about the N950F
↧
Mobile Phone Forensics: PoC Exploit Samsung Android Phones
↧
Mobile Phone Forensics: Qualcomm Download Mode 9006
I'm thinking about firehose/sahara loaders. You can't always get vendor firmware with those, especially not for Samsung or LG devices as they're for internal use only
↧
↧
Mobile Phone Forensics: LG Secure Startup
passcodeunlock wrote:
When playing with some eMMC from vendors like LG, you have to deal with the encryption root keys being also zapped on flashing recovery and cache, that is why flashing back the factory images didn't help. Always keep handy a full eMMC raw image of the original device, which if you flash back - everything, including the encrypted user data partition - you get the original device state. Flashing just different parts might generate new encryption root keys on boot, which will fail to open a previously encrypted user partition.
Fully agree and this might be the case. I'm not sure now about K8 but i'm 100% sure K10 is not encrypted by default. K8 was released a bit later and from what i see it started with 6.0 (instead of 5.1.1 like K10) so maybe this one was and force flashing TWRP generated new encryption key as you say. I might try making some more tests next time out of curiosity.
Quote::
Faulty eMMC exist, but they are rare. Let's make some maths with presumptions:
- if 0,1% of the phones got faulty eMMC
- if 1 out of 10.000 sold devices are involved in forensic cases
- split by vendors, implementations, eMMC versions and hardware revisions
There are pretty big chances that 1 out of 1.000.000 devices will have a faulty eMMC prior to a forensic case anyway.I might say low chances, but proven to exist now and then <img src="images/smiles/icon_smile.gif" alt="Smile" title="Smile" />
I would really welcome if any mobile vendor could correct my presumption numbers...Thinking globally, you're most likely right with those numbers. Still, for some models stats are probably a bit worse (take Galaxy S3 and Note 1 and Note 2). I'm less forensic oriented, more repair and data recovery focused and if it comes to repairs, there are weeks when i have 3-4 devices in store with faulty eMMC. Last week it was K10, today it was HTC One M9u (no download mode, unable to flash anything including HOSD, known issue) - if i recall correctly it's 3rd or 4th M9u with that issue in past 6 months that i got to fix. I've had like 30-40 Galaxy S3, probably same amount of Note 2. Countless LG devices from series i mentioned in my earlier post. There was a week when i got 3 i9195 with dead eMMCs from 3 different customers etc. It was also a popular problem in Lumia phones, mainly 520 and 625 where eMMC switched to read-only mode and this resulted in "unable to find a bootable option" error. There are tons of posts on gsmhosting and xda-developers forums regarding issues like this in various devices and one of the reasons why boxes like easy-jtag, riff, medusa, emmc pro, ufi etc exists <img src="images/smiles/icon_wink.gif" alt="Wink" title="Wink" />
You're not seeing it as much in forensics type jobs and i'm not saying this is the case here. In fact, i'm 99% sure it is not.
↧
General Discussion: RAID Metadata
passcodeunlock wrote:
The real life practice shows that "collapsed" or faulty raids got 50% chances for recovery, no matter on the RAID type or the number of disks used.
Instead of building complicated RAIDs, which even with low chances, but could fail, always have a RAID + external (physically separated) backup!Yep <img src="images/smiles/icon_smile.gif" alt="Smile" title="Smile" /> , that is lesson #1 and #2 in RAID class <img src="images/smiles/icon_eek.gif" alt="Shocked" title="Shocked" /> :
1) DO NOT mistake a RAID setup with a proper backup strategy.
2) RAID can (and WILL) fail (before or later), backups will also fail (before or later), and that is why you should always have more than one backup, before and besides any RAID setup you may have.
Nowadays (with the rather common occurrence of crypto-malware) it has to be added "offline" backups.
jaclaz
↧
Mobile Phone Forensics: PoC Exploit Samsung Android Phones
This exploit only works on Samsung devices Yes ?
↧
↧
Forensic Hardware: Good morning. Quick question on Hardware
I work for a small agency but complete forensics not only our department but the entire county.
Right now I am using a " souped " up HP Laptop etc. I was wondering if anyone has tried a Xplore iX104XC6 tablet for forensics ? IF so how would you rate it.
Just looking for feedback. I would like to get ahold of something that is easier to transport and use other than this laptop.
Thank You
↧
General Discussion: Recovery of a corrupt VMDK
Hello everyone
I will suggest first go with the manual process if it not work then opt for an automated solution
To get back your corrupted VMDK file data simply follow the certain steps:
Step 1 - Go to start button on your system.
Step 2 - Now the user has to open a command prompt.
Step 3 Start with the new command line -
Step 4 Now the user has to navigate to the VMDK development kit by giving the command-
c:\programFiles\VMware\Virtualdiskdevelopmentkit\bin
Step 5 Now Type the new Command " VMware-vsdiskmanager.exe" give full path of the corrupt VMDK files.
All your corrupt files will be repaired successfully.
If the user is unable to recover data from the corrupt VMDK file, in that case, the user can refer to VMware recovery software. Which helps to recover the data in just a few clicks
↧
Mobile Phone Forensics: Huawei P9 (PRA-LX1) Screen Lock Bypass
Hello,
I have Huawei P9 (PRA-LX1) with FRP Lock, USB Debugging mode disabled and locked bootloader.
Based on gsmarena it is:
Android 7.0 so the device is encrypted by default
HiSilicon Kirin 650 Chipset
The device is PIN screen locked.
JTAG or Chip-off gives me encrypted raw image so it's useless.
Is this a possibility to get some user data from this model ?
Maybe some exploit for this kind of chipsets ?
↧
Digital Forensics Job Vacancies: eDiscovery Senior Consultant, London, c. £60,000
Job Overview:
A top tier global advisory firm renowned for their expertise within the Corporate, Finance, and Forensic & Litigation Consulting markets is looking for a Senior Consultant to become incorporated into their London team. Responsibilities include providing clients with the combination of Relativity and technology consulting and services. Candidates ideally have experience across all phases of the EDRM and will have responsibility for client delivery of small to medium projects.
Responsibilities:
- Liaise with clients to ensure requests and expectations are met.
- Perform on-site data collections, both in the U.K and abroad.
- Perform data processing and analysis daily.
- Liaise with internal personnel to manage the delivery of client demands.
- Ensure that all client deadlines are met, which may include working outside of business hours if necessary.
- Comfortable travelling to enable effective case management.
Requirements:
- Possess a degree in technology related field, i.e. Computer Science, Computer Forensics.
- Prior experience operating within an eDiscovery or technology focused role.
- In-depth working knowledge of Relativity or Ringtail.
- Previous experience managing teams, preferably within an eDiscovery environment.
- Prior experience using alternative industry software such as Concordance, Nuix, DocuMatrix is beneficial.
- Strong interpersonal skills with the ability to perform in client facing role.
- Strong time management skills with the ability to prioritise tasks effectively.
- Ability to work in a fast-paced environment whilst managing multiple tasks.
- Ability to work independently or incorporated into a team.
Apt Search are a specialist recruitment firm based in London focused on the data driven markets of eDiscovery, Information Governance and Data Analytics.
For more information regarding the role or to find out more about other opportunities we have call +44 (0) 203 643 0248 or email: amit @ apt-search.co.uk // zachary @ apt-search.co.uk
↧
↧
Forensic Hardware: Good morning. Quick question on Hardware
Can you provide the specs for the computer?
No idea what it is, but from a baseline (for me personally), I would start with a machine that has multiple cores (i7 or similar), 16GB RAM or better, SSD hard drive with USB3.0 ports.
This is where I would start and personalize from there. This is enough to perform most imaging and do baseline-to-moderate analysis work depending on the tools you run.
Others here may have very different thoughts, but if you're new to forensics, then you don't need the fastest machine ever, just get a quality one that fits your needs.
It really depends on what you plan to do with it though.
↧
Forensic Hardware: Good morning. Quick question on Hardware
May be the article will be helpful for you.
Creating a digital forensic laboratory tips and tricks
https://www.digitalforensics.com/blog/creating-a-digital-forensic-laboratory-tips-and-tricks/
↧
Digital Forensics Job Vacancies: Mobile Forensic Analyst - Birmingham, West Midlands
Mobile Device Forensic Analyst - Birmingham, West Midlands
A consultancy based in the Birmingham area that is a specialist service provider of a wide range of digital forensics services to the law enforcement, legal and corporate markets. Their client base includes several large and small Police forces for whom we provide outsourced digital forensics, Criminal Legal defence solicitors and Litigation solicitors. We deal with the acquisition of evidence from electronic media, analysis of evidence and the support of prosecution and defence cases in the criminal justice system.
Responsibilities will include but not be limited to:
• Case management and Forensic Analysis of Mobile Devices
• Securing and preservation of digital evidence
• Procedure and documentation development
Any prospective candidate must have the following skills and experience:
• Experience with one or more commercial forensic tools such as XRY, CelleBrite, Oxygen Forensic and MobilEdit
• Experience of physical memory extraction methodology (Hex Dump)
• Excellent report writing skills
• Fully conversant with the Digital Forensic Process and current ACPO Guidelines
• Full UK driving license
• Unimpeachable integrity
• Demonstrable experience of operating in an ISO 17025 environment
Benefits
• Progression opportunities
• Free onsite Parking
• 25 Days Holiday + Bank Holidays
• Grade 2 Corporate benefits package upon successful completion of probationary period
Security Clearance:
Applicants will be required to be DBS checked and also NPPV-3, SC Cleared, National Crime Agency and Metropolitan Police security vetted, therefore all applicants must be currently and permanently resident in the UK, and have been continuously for at least 5 years. Any cautions, convictions or financial issues will result in SC Clearance being denied.
To view this role in more detail please click here or follow the link below
https://www.securityclearedjobs.com/job/801847036/mobile-forensic-analyst/
↧
Digital Forensics Job Vacancies: Senior Digital Forensics Specialist - London
Are you wanting to work across varied and complex investigations of national importance? If so, then this role might be for you.
The CMA is the UK’s world-leading government body established to make sure competition works in consumers’ favour and businesses treat their customers fairly. Be it taking enforcement action against drug firms accused of over-charging the NHS, investigating online ticket resale platforms over concerns they don’t give customers all the information they should or carrying out a major study into the care homes industry, what we do really matters and makes a difference to people’s lives.
We are looking for a Senior Digital Forensics Officer to join our Enforcement Directorate to deliver a proactive and comprehensive investigative service. As a member of the Digital Forensics Investigation Service Team, you will undertake a variety of digital forensics and eDiscovery tasks in the collection and analysis of electronic evidence. As a senior officer, you will supervise less experienced team members in their day-day tasks, and provide training and support for their ongoing development.
To be considered you must be able to evidence:
Experience of having worked within the Digital Forensic strand of large investigations and attending court proceedings or hearings, in particular being tasked with providing investigative and evidence review potentially within law enforcement or regulation.
Strong experience in the use of digital forensic investigation and review tools, in particular Cellebrite or Oxygen, X-Ways or EnCase and Nuix.
Computer literate and proficient in the use of Microsoft Office Suite and SharePoint. Knowledge of Windows and Apple operating systems and how to extract data from them in a forensically sound manner.
Experience of managing, coaching and motivating staff including overseeing delivery of work.
In return we offer generous benefits, including an excellent pension scheme, at least 25 days leave (increasing to 30 over five years), and generous maternity/paternity leave provision. You can also take advantage of interest-free season ticket loans, a cycle to work scheme, childcare vouchers, our employee wellbeing programme and favourable consideration of flexible working.
The CMA are currently undergoing rapid business growth. Joining us now, as we work on our next phase of transformation, will offer uniquely exciting professional opportunities.
We are an equal opportunities employer and welcome suitably qualified applicants from all backgrounds.
To find out more about this position and to apply please click here or follow the link below
https://www.securityclearedjobs.com/job/801847649/senior-digital-forensics-specialist/?LinkSource=PremiumListing
↧
↧
Digital Forensics Job Vacancies: Digital Forensics Officer - London
Are you wanting to work across varied and complex investigations of national importance? If so, then this role might be for you.
The CMA is the UK’s world-leading government body established to make sure competition works in consumers’ favour and businesses treat their customers fairly. Be it taking enforcement action against drug firms accused of over-charging the NHS, investigating online ticket resale platforms over concerns they don’t give customers all the information they should or carrying out a major study into the care homes industry, what we do really matters and makes a difference to people’s lives.
We are looking for a Digital Forensics Officer to join our Enforcement Directorate to deliver a proactive and comprehensive investigative service. As a member of the Digital Forensics Investigation Service Team, you will undertake a variety of digital forensics and eDiscovery tasks in the collection and analysis of electronic evidence.
To be considered you must be able to evidence:
Experience of carrying out research and analyses to support cases.
Excellent verbal and written communication skills with experience of dealing with internal and external stakeholders to provide a high-quality service.
Computer literate and proficient in the use of Microsoft Office applications, in particular, Word, Outlook, Excel, PowerPoint and SharePoint.
Knowledge of Windows and Apple operating systems and how to extract data from them in a forensically sound manner.
Some experience of understanding and implementing the Forensic Science Regulator's requirements as they relate to Digital Forensics and the importance of adhering to policy and procedures.
In return we offer generous benefits, including an excellent pension scheme, at least 25 days leave (increasing to 30 over five years), and generous maternity/paternity leave provision. You can also take advantage of interest-free season ticket loans, a cycle to work scheme, childcare vouchers, our employee wellbeing programme and favourable consideration of flexible working.
The CMA are currently undergoing rapid business growth. Joining us now, as we work on our next phase of transformation, will offer uniquely exciting professional opportunities.
We are an equal opportunities employer and welcome suitably qualified applicants from all backgrounds.
To find out more about this role and to apply please click here or follow the link below
https://www.securityclearedjobs.com/job/801847650/digital-forensics-officer/?LinkSource=PremiumListing
↧
Digital Forensics Job Vacancies: IT Forensics - Associate - London
IT Forensics, Associate, London
With high-profile corporate cyber-crime cases at the forefront of the news, it's more important than ever for businesses to maintain the authoritative knowledge it takes to investigate and prevent cyber-crime. Preventing and detecting crime is all about identifying potential risks - using existing trends and emerging technology to accelerate intelligent decision making and build more efficient finance functions. Our clients look to us to make it happen, and as an IT Forensics Associate, you'll be right at the heart of that goal. It's a role with far-reaching implications, so you'll be working with stakeholders across industries with some of the most innovative tools available.
The opportunity
With significant recent investment, we're experiencing rapid growth in this area. Our Forensic Technology and Discovery Services (FTDS) team is working with industry- leading anti-fraud and IT forensic technologies to develop innovative recommendations to some of the most challenging fraud and risk issues around. Since we work with such a diverse portfolio of clients across industries, you can expect to take on a wide range of challenges, making this a great place to develop your technical and business knowledge.
Your key responsibilities
It's no exaggeration to say you'll never be doing the same task for too long. You're likely to balance your time between engagement planning with other team members and actively responding to cyber incidents. It's all about using your technical skills to creatively assess and resolve our clients' needs from the front lines. That means thinking differently about the role of IT forensics and speaking up with innovative ideas that challenge the status quo.
Skills and attributes for success
Support digital forensic investigations on a wide range of projects including software licence forensics, IP theft or network intrusion investigations.
Utilise forensic software such as Encase, IEF, UFED and Splunk to assist investigations for clients, in addition to our in-house bespoke software.
Manipulate large structured and unstructured datasets.
Identify, preserve and collect a variety of data sources including traditional hardware such as laptops, desktops and servers, in addition to more advanced collections such as network packet captures and custom applications.
Develop your knowledge of financial crime and technological approaches through ongoing training and development.
To qualify for the role you must have
2:1 or 1st Degree in Computer Science (or equivalent).
Solid understanding of Operating Systems (Windows and Unix based) and computer networks, including TCP/IP.
Practical experience in working with hardware components that make up a PC.
Awareness of trends and developments in IT; in particular information security and cybercrime, threat intelligence etc.
Experience with industry-standard forensic applications and tools such as EnCase, IEF, Nuix, UFED and XRY.
What we look for
We're interested in people that have a passion for using technology to solve problems. But we're not just looking for strong technical skills - we're interested in people that have the ability to nurture relationships - both internal and external - and are committed to intimately understanding our client's needs. If you're looking to become part of a community of advisors where you'll make a measurable difference across some of the most prestigious businesses around, this role is for you.
What working at EY offers
We offer a competitive remuneration package where you'll be rewarded for your individual and team performance. Our comprehensive Total Rewards package includes support for flexible working and career development, and with FlexEY you can select benefits that suit your needs, covering holidays, health and well-being, insurance, savings and a wide range of discounts, offers and promotions. Plus, we offer:
Support and coaching from some of the most engaging colleagues around
Opportunities to develop new skills and progress your career
The freedom and flexibility to handle your role in a way that's right for you
About EY
As a global leader in assurance, tax, transaction and advisory services, we're using the finance products, expertise and systems we've developed to build a better working world. That starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. Whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. And with a commitment to hiring and developing the most passionate people, we'll make our ambition to be the best employer by 2020 a reality.
If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.
Make your mark.
Who we are
EY is committed to being an inclusive employer and we are happy to consider flexible working arrangements. We strive to achieve the right balance for our people, enabling us to deliver excellent client service whilst allowing you to build your career without sacrificing your personal priorities. While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance.
If you would like further information on the role and to apply please click here or follow the link below
https://www.cybersecurityjobsite.com/job/5109914/it-forensics-associate/
↧
General Discussion: Good discussion re disclosure of digital evidence in the UK
https://www.bbc.co.uk/programmes/b0b5t824
This was on BBC Radio 4 this evening. Well worth a listen if you have not already. The majority of the discussion is about digital forensics.
↧
General Discussion: has DF ever had any high-profile fails?
There was the Casey Anthony trial in the US where the prosecution claimed that the suspect had searched for incriminating terms on multiple occasions.
Subsequent work showed that was an incorrect interpretation of the browser artifacts. There is more information on the Digital Detective website.
↧
↧
General Discussion: has DF ever had any high-profile fails?
JerryW wrote:
There was the Casey Anthony trial in the US where the prosecution claimed that the suspect had searched for incriminating terms on multiple occasions.
Subsequent work showed that was an incorrect interpretation of the browser artifacts. There is more information on the Digital Detective website.
A&E keeps running a commercial for some special and "the entore firefox history was deleted before casey was arrested " is now just stuck in my head from it airing every commercial break.
https://youtu.be/epf36g7txAc
↧
Digital Forensics Job Vacancies: Security Engineer - Digital Forensic
Summary
About the Security & Capability Team
Our team is responsible for providing and maintaining tools used by Tesco in order to monitor and secure our systems, while also helping our colleagues globally.
We maintain global hybrid instances of our chosen tools for SIEM, Application Performance Monitoring, Log Monitoring, Backlog Management, Identity Access Management, Service Desk, self-help portals for colleagues and incident communications. In addition to the challenges delivering this capability brings, we're also the team responsible for the security operations centre and our security architecture, working across Tesco globally to secure our systems and data! Our Technology Risk & Compliance team works tirelessly to further develop a risk aware culture and drive audit and regulatory improvements across the technology team in all Tesco countries.
We aim to provide colleagues with a great experience by providing world class tooling, processes and advice. We believe in solutions that are either self-service or invisible to the end user - that's not always easy to achieve, but it's what we strive for.
The Role - Security Engineer (Digital Forensics and Incident Response)
A Digital Forensics and Incident Response engineer will need to be able to cover three key areas; host forensics, memory forensics and network forensics. The ideal candidate will be the go to person for on-going forensic incident response as part of the Technology security team, where potential threats are identified you contribute to and lead response and investigation required to obtain all of the facts.
A typical day will involve close working with security teams, responding to incident tickets and alerts, aiding investigations, and continually improving our response, detect and prevention processes.
Main Responsibilities
The Role - Security Engineer (Digital Forensics and Incident Response)
A Digital Forensics and Incident Response engineer will need to be able to cover three key areas; host forensics, memory forensics and network forensics. The ideal candidate will be the go to person for on-going forensic incident response as part of the Technology security team, where potential threats are identified you contribute to and lead response and investigation required to obtain all of the facts.
A typical day will involve close working with security teams, responding to incident tickets and alerts, aiding investigations, and continually improving our response, detect and prevention processes.
Whilst specific responsibilities will be dependent upon the changing needs of the Tesco business, the following provides an overview of the role's key responsibilities and measures:
Follow our Business Code of Conduct always acting with integrity and due diligence.
Represent the Technology Security team and assist other teams to investigate security incidents.
Work closely and collaboratively with security, infrastructure and engineering teams.
Collaborate closely with colleagues within the wider global Technology organisation and the business to establish effective and productive relationships.
Involvement in and leading of security incidents which occur on Tesco systems.
Keep technical skills up to date and keep track of new technologies, understanding how they might benefit the team.
Share knowledge with the wider security community.
Champion continuous improvement within the department.
This role will best suit an individual who enjoys working as part of a team, is well organised, pragmatic and a lateral thinker with an inquisitive mind who is motivated to make change for the better and, most importantly, puts our customers first.
Ideal Candidate
Ideal Candidate - Key Skills and Experience
You will need to have demonstrated experience of Digital Forensic and Incident Response Investigations.
Experience of evidence and artefact acquisition, both via physical and remote methods.
Understanding of file system fundamentals, e.g. NFTS, FAT, ext2, ext4, ext4 etc.
Experience with forensic toolsets such as Encase, X-Ways, IEF, Autopsy, or equivalents.
Understanding of anti-forensic techniques.
Timeline analysis.
Technical understanding of memory management concepts.
Experience with memory analysis frameworks such as Volatility or Rekall.
Understanding of modern attacker tools and techniques.
Understanding of network protocols including the seven layer and TCP/IP network models.
Proficient in IDS analysis, including creation of network signatures.
Experience with conducting Static and Dynamic Analysis of malicious files.
Experience of safe handling of malicious files and operation security.
Understanding of Sandbox technologies and the limitations they face.
Knowledge of Microsoft Windows operating system internals, it would be desirable to have knowledge in Unix and Mac operating system internals also.
Proficient in creating signature detection for malicious files.
One or more of the following certifications would be advantageous (but are not essential):
GIAC Certified Forensic Analyst (GCFA)
GIAC Certified Forensic Examiner (GCFE)
CREST Registered Intrusion Analyst (CR IA)
CREST Certified Host Intrusion Analyst (CC HIA)
CCNIA Certified Network Intrusion Analyst (CC NIA)
GIAC Reverse Engineering Malware (GREM)
CREST Certified Malware Reverse Engineer (CC MRE)
To view this role in more detail and to apply please click here or follow the link below
https://www.cybersecurityjobsite.com/job/5110193/security-engineer-digital-forensics-and-incident-response/
↧
General Discussion: How do i Extract a jpg from an unallocated directory
Oeps - I didn't check the URL.
I use Garry Kessler website to extract all kinds of files in the dd image. The search can also be done in a hexviewer.
Searching for the footer or trailer is even not necessary; just select a large part and add the appropriate footer at the end of the file.
https://www.garykessler.net/library/file_sigs.html
↧