I am still searching
↧
Mobile Phone Forensics: recovery image quest
↧
Forensic Software: Quickly Verify all E01 files are present in folder?
Is there a piece of software that will quickly confirm that all the files in an E01 sequence are present in a folder?
Our Tape backup system has corrupted and in some instances it has deleted a random E01. I don't want it to spend 2 hours verifying the image that I have restored.
So for example an Image has 100 E01 files originally, but for whatever reason E18 has disappeared. I want a quick way for me to run something that within a few seconds it can say "E18 is missing" and so on.
Kind regards
↧
↧
Forensic Software: Quickly Verify all E01 files are present in folder?
Just count the exx files in the folder - if there should be 100 and there are less than this, then one or more are misssing.
↧
Forensic Software: Quickly Verify all E01 files are present in folder?
To generalize the question (in order to narrow it <img src="images/smiles/icon_eek.gif" alt="Shocked" title="Shocked" /> ).
You have an unknown number of files in a folder with the same name but extensions in the E01 to E99 range?
A FOR loop in *any* language can possibly do, something *like* (batch):
Code::
FOR /L %%A IN (1,1,99) DO (
SET extension=0%%A
SET extension=E!extension:~-2,2!
IF EXIST filename.!extension! (
ECHO FILE filename.!extension! OK
SET Last=filename.!extension!) ELSE (
ECHO FILE filename.!extension! is missing))
ECHO LAST found is %Last%
jaclaz
↧
General Discussion: appropriate term for abuse material
watcher wrote:
garybrevans wrote:
... the judge told her to use 'Indecent photographs of children' because that is what the legislation defines it as. ...
Does that rather narrow definition create a problem handling computer generated images that are not technically photographs?
In the UK we also have the separate legal concept of ‘prohibited’ images of children, so no it doesn’t create problems.
Separate images, separate offences; and therefore separate (i.e. more) charges.
↧
↧
General Discussion: appropriate term for abuse material
Whatever term you opt to use, please spell it out before using the acronym, e.g. "Child Abuse Images (CAI)". As this thread demonstrates, there are a lot of competing terms and it can be confusing to encounter one you aren't familiar with. Within your jurisdiction, a particular acronym might be common, but when asking questions or sharing information with people in other jurisdictions, or countries, the odds are that your preferred term will be unfamiliar to someone.
↧
Mobile Phone Forensics: iPad and iPhone in 'Activate' mode after factory reset
that's been my experience as well, but was mainly curious if anyone had successfully processed them in this state (regardless of any actual data located)
I could finish the activation process and link it to my local wifi, but forensically speaking that makes me shudder to even consider, but failing that I'm not aware of any other way I can actually show that no data is available...other than verbally saying it is so.
↧
Mobile Phone Forensics: recovery image quest
At least you gave it 1/2 of a day for people to respond.
gehlen wrote:
I am still searching
↧
Mobile Phone Forensics: Illegally selling CDRs
That's been going on for 30 years.
Used to be that you had to have a contact in one of the companies and they did it to supplement their incomes. Now with login info kept and records of who accesses what, it goes on a lot less.
Same as pulling a credit report on someone you don't have permission for. Unscrupulous PI's do it all the time. I know lots of great PI's who wouldn't touch that type of thing.
trewmte wrote:
Interesting twist in this case. CDRs (call detail records) illegally sold not by a staff member in a network operator or a service agent, but via police officers.....
http://www.thehindu.com/todays-paper/tp-national/tp-mumbai/thane-cdr-racket-prime-accused-held-in-ghaziabad/article24197670.ece
↧
↧
Mobile Phone Forensics: Whatsapp ChatSearchV3 sqlite database
Hello All,
I wonder if any of you could point me in the right direction of finding the actual purpose of the whatsapp database 'ChatSearchV3'. I have found some chat content relating to an investigation in this database but not in 'ChatStorage'. My suspicion is that the conversation was deleted but perhaps whatsapp still keeps the data in ChatSearch. It sounds like it's some sort of a indexing table but I want to read more about it to make sure I understand it.
I appreciate any input.
Thank you in advance.
↧
General Discussion: Validation and decision making
minime2k9 wrote:
The issue here is what is a fact. So yes you have recovered data which is consistent with the data produced by browser X when a user accesses websites.
However, I could fabricate the same data manually. Therefore this data exists but doesn't represent user activity.
The issue with digital is that everything, from the file-system to user data, is an interpretation of a series of 1's and 0's.
In theory, if I created a truly random generation of bits, I could eventually create and Indecent Images in JPEG format for example. Being extremely pedantic, you could state that you located data which can be interpreted as a picture file.
Though - honestly - when it comes to a complex format such as a JPEG it is improbablethat it was "randomly" generated.
I find much more likely (again in edge cases, but still more likely) that reconstruction of text files carved from unallocated may cause a "spontaneous" (and "bogus", but readable) text to be generated.
Still, IMHO adding a reasonable evaluation/description of the possibilities that could have lead to the creation of an artifact is important, as a matter of fact it is vital that the experience of the "expert witness" is *somehow* expressed[1], particularly regarding three main points:
1) how technically (and logically) an artifact may have been generated
2) how likely it is that the artifact may have been generated involuntarily or by automated means without the knowledge of the user
3) how well the artifacts found on an examined device (as a whole) fit a (again technically and logically) possible scenario
All in all we are back to the base concept of a "full timeline" and placing the findings (wherever possible) in their context.
Without the experience and knowledge of a human expert, we would be back to the issue about one button forensics, which again can be a good triage method, but nothing more than that.
And now as a side-side note (and I understand it is not a common-common case, but I suspect it will become more common) there could be an added provision somewhere in the flowchart related to language proficiency <img src="images/smiles/icon_eek.gif" alt="Shocked" title="Shocked" /> of the examiner with the language[2] used on the device and by the user.
There have been more than a few cases lately in Italy (actually AFAICR related to telephone interceptions, but essentially the matter is not so different) where the misinterpretation or mistranslation of something said in either a foreign language or a dialect or a slang of some kind has led to investigating errors.
jaclaz
[1] as long as it is clearly separated from the actual "fact" reporting, and clearly designated as an opinion
[2] as sometimes a same sentence may be read getting a wrong meaning, a re-known example being "Edwardum occidere nolite timere bonum est"
↧
Digital Forensics Job Vacancies: Graduate eDiscovery Analyst, Cardiff, £20,000 - £25,000
Job Overview
An international law firm renowned for their global operations is seeking a Graduate eDiscovery Analyst to become incorporated into their team of experts. They are seeking an individual that possesses strong technical ability, also strong best work in practices/infrastructure experience. Prior familiarity performing data processing & collection is highly beneficial.
Responsibilities:
• Provide assistance across the EDRM finding, compiling, organizing, categorizing, and verifying case-critical data quickly across the full life cycle of the eDiscovery process in particular preservation, collection, processing, review, and production.
• Provide client activity support on relativity, relativity administration, data manipulation and transformation.
• Ensure clients’ electronic files are easily accessible for potential litigation.
Requirements:
• Bachelor’s degree with preference in Computer Science or Computer Forensics.
• 1-2 years’ experience operating within eDiscovery (this can include a placement year.)
• Professional and consulting experience of the eDiscovery lifecycle is advantageous.
• Prior experience in technical areas, such as data manipulation (in Excel, Access or SQL), information technology or eDiscovery processing.
• Thrive in a fast‐paced environment comprised of high achievers and high client expectations.
• Strong technical ability combined with interpersonal skills.
Apt Search are a specialist recruitment firm based in London focused on the data driven markets of eDiscovery, Information Governance and Data Analytics.
For more information regarding the role or to find out more information surrounding our alternative roles within London & Europe call +44 (0) 203 643 0248 or email: amit @ apt-search.co.uk
↧
Mobile Phone Forensics: iPad and iPhone in 'Activate' mode after factory reset
Don't modify the device in any way, if you do anything like that, the evidence is void no matter of it's data.
Take the phone to the closest official Apple service, pay an hour service time and get a legit paper from them stating what data is available from the phone.
↧
↧
Digital Forensics Job Vacancies: eDiscovery Project Manager - London, £65,000
Job Overview:
A prestigious, international law firm is seeking an eDiscovery Project Manager to join their London team. The individual will be required to support eDiscovery services to clients, whilst additionally providing consulting and technical services to in house teams. Candidates must possess Relativity experience, however technical proficiency is other eDiscovery software is beneficial.
Responsibilities:
- Manage various eDiscovery projects across the EDRM, more specifically collection to production.
- Develop and understand of eDiscovery best practice and liaise with internal and external clients.
- Liaise with eDiscovery suppliers to ensure processing requirements are met.
- Liaise with personnel that are technical and non-technical.
- Provide guidance and assistance to other team members when needed.
- Provide training for lawyers and clients on Relativity.
Requirements:
- Bachelor’s degree is essential, preferably in Law, however a degree in Computer Science or Computer Forensics is adequate.
- Experience using Relativity is essential, however prior experience using alternative eDiscovery or litigation support tools is beneficial.
- A strong prior experience utilising eDiscovery or Litigation Support technologies.
- Prior experience operating within a law firm or vendor.
- A solid understanding of data processing and document review is beneficial.
- Excellent oral and written communication.
- Ability to work within a fast-paced environment.
Apt Search are a specialist recruitment firm based in London focused on the data driven markets of eDiscovery, Information Governance and Data Analytics.
For more information regarding the role or to find out more information surrounding our alternative roles within London & Europe call +44 (0) 203 643 0248 or email: amit @ apt-search.co.uk
↧
Mobile Phone Forensics: recovery image quest
my question's answer is necessary for the discovery of a child's murder.
and the death of a child is not troll and it's as real as the ads you make.
passcodeunlock wrote:
@gehlen: what you are asking for is not available, there is a chance of one to a million that somebody releases it <img src="images/smiles/icon_sad.gif" alt="Sad" title="Sad" />
And please stop trolling!
↧
General Discussion: Validation and decision making
steve862 wrote:
In relation to measures of confidence in artefacts there are many possible examples. A simple one is a Windows registry, which may report the date of installation, but it isn't a fact it was installed on that date. Other than the clock may not have always been correct the OS may have been installed onto that disk but in another PC and then transferred over. Or it could be a clone of another disk, either created in that computer or in another computer (and so on...).
I might say that program A creates these artefacts in this folder with these properties but it doesn't rule out the possibility they were created by another program or process and then placed there. The likelihood of such an occurrence is likely to be very small. It will depend on the program and the possibility the program allows or used to allow the syncing or importing of certain files, which might have been a user or automated action and for which different options might have been available to apply.
If we're talking about a red herring being created by a user then it might be a user who works in IT and clearly displays the requisite knowledge based on what else they've done on their devices, is more capable of doing so than a user who barely knows how to use MS Word.
I'd also be want to be a little cautious around artefacts which might have been impacted by privacy and security programs, (or settings), anti-virus software or even significant changes in the OS.
Three useful examples above about program generated artefacts that reminds me how clarity in reporting is important. Should the author of the report/flowchart define what s/he means by the word artefact/artifact when making a statement using the word fact associated with it?
steve862 your comments remind me how the word 'artefact' might be defined. In Barbara Ann Kipfer 2007 book 'Dictionary of Artifacts' (defining terms for archaeology), Barbara refers to artifacts generated due to human agency: "artifact: any object (article, building, container, device, dwelling, ornament, pottery, tool, weapon, work of art) made, affected, used, or modified in some way by human beings." ....[artefact].
and
"artifact type: a description of a category of artifacts that share a set of somewhat variable attributes..." ....[artefact type].
↧
General Discussion: 2018 Forensic 4Cast Awards Winners
passcodeunlock wrote:
Some I voted won, some I voted didn't win, pretty fair I might say... FF I voted :)Thanks for your vote! And congratulations to all the winners. <img src="images/smiles/icon_smile.gif" alt="Smile" title="Smile" />
↧
↧
Mobile Phone Forensics: iPad and iPhone in 'Activate' mode after factory reset
Just take a photograph of the welcome screen; which is fairly clear evidence that the iDevice has been reset.
↧
Education and Training: Techno Security 2018 presentations
Excellent, thanks Scar!
↧
Mobile Phone Forensics: recovery image quest
Thank you very much. I will try.
↧