Well, you should look for a signed eng. boot which disables the PIN for your device and flash it.
If CAS failed opening it, that is the next thing I'd do
↧
Mobile Phone Forensics: S7 Edge secure startup
↧
Mobile Phone Forensics: Whatsapp Logfiles gone?
We were sometimes using the Whatsapp log files for investigations, I noted however that as version 2.18.61 these files are no longer present on IOS 11+
These log files used to be under applications/net.whatsapp.WhatsApp/Library/Logs/ and contained useful information on when a certain chatsession was active on screen (WAChatViewController/viewDidAppear).
Does anyone know if these log files have moved somewhere or are they no longer being saved to the device?
↧
↧
Classifieds: Tableau TK35es-R2 eSATA Forensic Bridge Kit
Includes four different host computer connection options - eSATA, FireWire 800, FireWire 400, and USB
The eSATA host computer connection offers maximum data transfer speeds
Compatible - SATA 1 or SATA 2 hard disk devices, parallel ATA hard disk devices with LBA support, eSATA, FireWIre 800/400, USB 2.0, Windows XP/2000/newer, Mac OS X, and most Linux distributions.
Location: Melbourne - Australia
Price: AUD 200
Includes adapters, power supply and case.
on ebay
https://www.ebay.com.au/itm/323306396151
↧
Education and Training: Techno Security 2018 presentations
Does anybody know if there is a place where we could download the presentations / slides from the Techno Security conference ? Unfortunately, I could not attend this year, but I would still be interested in knowing what was discussed.
I checked on the website and could not find anything. I know there was an app, but it needed an event code that I did not have.
Thanks.
↧
Classifieds: Xways dongle
I would like to buy dongle for Xways. If you have old one, dont need it or something else , feel free to send me information about version and price by PM.
Thanks
↧
↧
Mobile Phone Forensics: Android Security Internals - Still Useful?
Definitely worth reading!
↧
Digital Forensics Job Vacancies: IT Security Officer at Coutts Private Bank, Bristol, UK
Post readvertised, closing date 17/7/18
See
https://jobs.rbs.com/jobs/2528899-security-and-cyber-risk-analyst
↧
General Discussion: OSX Recovery of Deleted User / Time Machine Backup
We currently have a raw image of an OSX Laptop running High Sierra. We are attempting to recover information of a previous user on the laptop. Unfortunately the user was deleted from the Apple control panel and the laptop was given to another user prior to us imaging it. So it is very probable that any deleted files have been overwritten.
Is there anyway to attempt to recover the user as we are trying to find any of the user generated activity (internet history, usb activity , evidence of mass deletion)
We also have a time machine backup from the system we can attempt to restore but i'm not sure if this is just going to give us user generated files and not necessarily any type of activity information.
Let me know if you can provide any tips to point us in the right direction.
↧
Digital Forensics Job Vacancies: Security & Cyber Risk Analyst at Coutts Bank, Bristol
This may be of interest to members of this forum who are looking for a role in IT security outside of the digital forensics/ediscovery field.
Security & Cyber Risk Analyst in Bristol
You'll be working for our prestigious Coutts and Adam & Company private banking brands, offering you exposure to a wide range of security disciplines to protect our high net worth clients
We'll look to you to provide IT security and cyber-risk subject matter expertise as a first line support function, helping to prevent internal and external fraud and regulatory censure
You'll support the bank's position on web and cyber security working with technology and business owners to ensure that all client channels meet bank security requirements
What you'll do
You'll provide IT security subject matter expertise with a focus on web and cyber security, and ensure that Private Banking clients and web assets are protected against cyber attacks. You'll be a key stakeholder in the analysis of the IT threat landscape for Private Banking, and will help to define of effective countermeasures. You'll also ensure that appropriate security is designed into our IT applications, and that application role design supports the business requirements and meets information security principles.
Your other responsibilities in the role will include:
Supporting both private banking technology and business projects, liaising with project stakeholders and change functions to make sure IT security requirements
Providing subject matter expert guidance on access control to PB IT and the business as a key contact within the IT Security & Risk team through all channels
Analysing the IT threat landscape and residual risk and helping to define effective countermeasures
Supporting web security scanning, asset monitoring and vulnerability remediation for Private Banking's internet exposed assets, and managing key relationships with the Private Banking Digital and RBS Web Security teams
Identifying potential security issues and effective solutions
Providing security advice and guidance at all organisational levels to Private Banking and Private Banking Services, covering a broad range of IT security and information security topics
Coordinating and supporting both Private Banking IT and the business in the developing and implementing access roles and models in accordance with the principle of least privilege and segregation of duties
The skills you'll need
To succeed in this role, it's essential that you have strong IT security knowledge in relation to IT applications, web applications, operating systems, databases, networks and architecture with a good understanding of the cyber threat landscape. CISSP certification would be an advantage.
You'll also:
Have strong experience providing security consultancy to both business and IT stakeholder and have good stakeholder management skills
Show good analytical skills, being able to analyse complex systems and scenarios to identify IT and information security risks
Be an excellent communicator, able to communicate concepts in a user friendly manner across key interfaces
Closing date: 17/07/2018
To apply see https://jobs.rbs.com/jobs/2528899-security-and-cyber-risk-analyst
↧
↧
General Discussion: OSX Recovery of Deleted User / Time Machine Backup
UnallocatedClusters wrote:
What forensic tools do you have at your disposal?
we have Recon and we also have encase (most up to date )
Encase doesn't seem to work in opening the image even though it supports APFS now
Recon can open the image
↧
General Discussion: OSX Recovery of Deleted User / Time Machine Backup
I recommend acquiring a test license of BlackBag (please confirm that tool is APFS compliant).
I own OSForensics, Forensic Explorer and Internet Evidence Finder which might be APFS compliant (I have not had an APFS formatted drive in a case yet), each of the aforementioned tools have worked very well with HFS formatted drives to date.
If you are LE and can provide a download link to the forensic image, I will attempt to carve the deleted user directory for you. If IEF works on your image, I will create a portable case and then deliver the portable case back to you to analyze.
↧
General Discussion: OSX Recovery of Deleted User / Time Machine Backup
Thank you for the help. I will try what you mentioned.
↧
Mobile Phone Forensics: recovery image quest
Hi All;
i need Huawei P Smart FIG-LX1 8.0.0.139 (C432) recovery image for bootloader bypass recovery method.
Thanks in advance.
↧
↧
Mobile Phone Forensics: iPad and iPhone in 'Activate' mode after factory reset
Curious if anyone has a method for downloading iPhones or iPads when they are in the 'activate' stage after a factory reset (showing the hello screen and you have to choose language, location etc)
iPhone 5 and iPad A1475 specifically. I'm not expecting anything to remain but need to at least make the effort to show this.
↧
Mobile Phone Forensics: PoC Exploit Samsung Android Phones
Thomass30 wrote:
I got Samsung Samsung Galaxy J7 2016 (J710FN) with broken screen. The phone is working but I cant see anything. I use this MTPwn exploit and it worked. It listed me phone's files and downloaded one random file.
My question is how to customize this to exploit to download all the visible - listed files ?
how can i display content of mtpwn file i got after process?
↧
Mobile Phone Forensics: Illegally selling CDRs
Interesting twist in this case. CDRs (call detail records) illegally sold not by a staff member in a network operator or a service agent, but via police officers.....
http://www.thehindu.com/todays-paper/tp-national/tp-mumbai/thane-cdr-racket-prime-accused-held-in-ghaziabad/article24197670.ece
↧
General Discussion: Validation and decision making
Hi,
I think the latest one looks very good. I wouldn't have been able to start with a blank page and capture all that information in a flow chart in the first place. Capturing decision making in a flow chart is hard to do.
I suppose the only things I might suggest is the suitability of using the term "Report as Fact", as this might be overstating the strength of certain artefacts. I think there will be measures of confidence for which an examiner may report something. When I report on complex artefacts I may add a weight of certainty. This could include the lack of other artefacts indicating an alternative explanation, but that such artefacts might have existed previously. This leads me onto my second suggestion.
This is around the process for coming to the decision of reporting something. I always cite within my report the artefacts from the device(s) I examined, that lead me to those conclusions, along with any artefacts created during my testing. Perhaps I am reading more into it than was intended, but your flow chart seems to indicate the weight of confidence comes from existing documented material rather than the artefacts seen on the exhibit(s).
Traditionally most examiners gained their knowledge of specific artefacts from training courses and then worked out what had changed in 'newer' versions by reverse engineering the data. In both cases they would comment on the artefacts present on the devices and explain their meaning.
In terms of your flow chart's value, I suppose the question is who is it primarily for? For experienced examiners these steps are intuitive and I would expect examiners at this level to follow this sort of decision making without a flowchart as naturally as they would plan a weekly shop and cook a few meals without a flow chart to help.
For new digital examiners coming into the field, is this beyond their expectation of what the work entails? if so, are there digital units where they are not being shown and taught and need this flow chart to show them how they should work?
If it is to provide information to people outside of our field then it does this job particularly well. Whilst it may look complex, because there are so many parts to it, it is actually simple and straightforward to understand.
My suggestions are more intended if this were primarily to be used as a training tool for digital examiners. You are free to accept of reject my suggestions of course, I just make them because you seem to want opinions and suggestions and that you want to make this flow chart as thorough as possible having considered many views and opinions.
I appreciate what you are doing with this flow chart and as I say at the beginning, I couldn't have started with a blank page and put all this down.
Steve
↧
↧
General Discussion: appropriate term for abuse material
Hi,
I worked on child protection cases for about 12 years. Senior police officers in the UK made it clear the preferred term for us to use was always 'child abuse images', 'child abuse material' or 'images depicting child sexual abuse'. We were instructed never to use the term 'child pornography' in our statements or reports.
Steve
↧
Mobile Phone Forensics: PoC Exploit Samsung Android Phones
shahartal wrote:
Well, many people doubted when we (Cellebrite) said we could unlock iPhones with iOS 9, and then 10, and then 11... <img src="images/smiles/icon_wink.gif" alt="Wink" title="Wink" />
The Galaxy Note 8 was easier.
ShaharShahar, the mentioned device was returned from CAS after more then 2 months, without success. This is why I mentioned about the Note 8 <img src="images/smiles/icon_sad.gif" alt="Sad" title="Sad" />
↧
Mobile Phone Forensics: iPad and iPhone in 'Activate' mode after factory reset
When factory reset happens, the previously used encryption keys are also deleted, so it it pretty impossible to gather useful (decrypted) data from the chip.
There are theories about the wear levels and re-allocations, which might contain partial data from the previous usage, but I never met a real life case where anything useful could be recovered after a factory reset.
↧