Compressing something with zip has nothing to do with stenography or stenography tools.
Do a raw search on your image based on file header signatures of picture types, you might discover more then the results by the default search for pictures.
↧
General Discussion: X-ways - Steganography tools
↧
Mobile Phone Forensics: recovery image quest
@gehlen: HiSuite can backup apps data as well, if the phone is unlocked and you can enable HDB, which is not your case, since your device is locked.
Unfortunately there isn't any working recovery image for bootloader bypass either, which can mount the userdata partition decrypted. I would be happy to be wrong!
@UnallocatedClusters: the post is about a Huawei P Smart FIG-LX1 device, what do you mean by "HTC rooting capability leveraging HiSuite" ?!
↧
↧
Mobile Phone Forensics: Decrpyt gatekeeper.password.key - android 7.0
Ah point taken.
↧
Mobile Phone Forensics: Need info on Alcatel OneTouch 2036X
looks like it's supported by Cellebrite and XRY
Generally, I start my search on https://www.digitalforensiccompass.com
Whilst not the be-all-end-all, it's a good place to start
↧
Mobile Phone Forensics: recovery image quest
Mobiledit Forensic Express have Huawei tool to acquire backup.
↧
↧
Mobile Phone Forensics: recovery image quest
As I stated earlier, this solution exists only for open phones, where you are able to enable HDB.
↧
Mobile Phone Forensics: Need info on Alcatel OneTouch 2036X
@randomaccess: I totally agree, digitalforensiccompass.com is one of the best ways to start with.
I would be happy to hear a feedback about success for this Alcatel OneTouch 2036X extraction.
↧
Digital Forensics Job Vacancies: Digital Forensic\eDisclosure Position - MD5 - West Yorkshire
MD5 Limited, based in Normanton, West Yorkshire are pleased to announce a very exciting opportunity for an experienced Digital Forensic\eDisclosure Analyst to join one of the UK’s leading eForensic organisations. Salary very competitive attracting someone with the necessary ambition and drive to take on a very exciting challenge.
Our clients include Law Enforcement and Government Agencies, Corporate and Legal firms.
The role will cover all aspects of Digital Forensics and eDisclosure and the successful candidate will be responsible for acquiring & investigating a wide range of electronic evidence and the development of new analytical methods and processes.
Key Skills:
• At least two years’ experience of undertaking digital forensic analysis of computers within a Public or Private sector role;
• Have excellent knowledge of digital hardware, experience in different file systems & operating systems artefacts;
• Knowledge of the laws & principles of digital forensics & electronic evidence;
• Be meticulous, have a highly analytical and enquiring mind,
• Excellent communication skills and able to convey complex technical issues to a lay audience in writing & verbally;
• Programming \ EnScript experience advantageous;
• eDisclosure experience a bonus;
• Able to work independently but also a good team player;
MD5 Limited offer an attractive salary based upon experience and a clear staff development and training program.
Appointments are subject to successful security vetting criteria.
Please email your CV with a covering letter to Geoff@md5.uk.com
↧
Mobile Phone Forensics: Burner Breaker
Hello guys,
what do you say about the Burner Breaker?
Is it worth buying? someone try to use it?
Is there anything alike outhere or any brute force for mobile is as good as this?
Thank you!
↧
↧
Mobile Phone Forensics: Burner Breaker
Omrish wrote:
Hello guys,
what do you say about the Burner Breaker?
Is it worth buying? someone try to use it?
Is there anything alike outhere or any brute force for mobile is as good as this?
Thank you!
Unless I am mistaken, it is nothing but a (small) Scara robotic arm with a (capacitive?) stick.
The software should be easy to replicate, after all it revolves around sending a sequence of numbers/keypresses and/or a few swipes, the only "added" value that I can see is the set of pre-made templates for common phones.
No idea how much it costs, but from the look of it, it won't be cheap.
The topic of bruteforcing a pincode via a robotic arm has been discussed before, here:
https://www.forensicfocus.com/Forums/viewtopic/t=15977/
and a member mentioned working on something similar:
https://www.forensicfocus.com/Forums/viewtopic/t=15977/postdays=0/postorder=asc/start=7/
jaclaz
↧
Education and Training: Which is better: Master / PhD or Industrial Certificate
I believe the UCD MSc is ONLY available to law enforcement. If you are Law Enforcement, you may be entitled to a bursary to cover some/all the cost of the degree if it is relevant to your area of work.
↧
General Discussion: How did the suspect hide these folders?
FWIW, I had a similar error with FTK. Mine simply stated "Block index out of bounds".
This was a Micro SD Card, formatted Fat32 found in a ZTE cell phone. The phone was not reading the card except to ID is as a Toshiba brand card that needed to be 'set up' to be used. When connected (Via Write blocker of course) to windows, windows wouldn't even try and only wanted to format the card.
Initially I considered this to be a corruption issue with the card, but FTK, and EnCase both saw two partitions, one named android_meta and the other android_expand.
Android_meta was only 16Mb and contained a semi readable folder structure and several files, all of which were deleted/over written and some of whom had a logical size far exceeding the 16Mb capacity of that partition.
Android_expand was 3.6GB and appeared encrypted/corrupted.
From what research I did it appears that this card is setup to be 'adopted storage' from another phone before being moved to the ZTE phone.
But I digress enough. It's not too huge a deal for my case so I kinda dismissed the FTK error as having something to do with the card being encrypted or the way in which 'adopted storage' works. But in reading this thread I thought I'm mention it in case my 'off topic' story jogged a thought with someone.
↧
General Discussion: X-ways - Steganography tools
Dimi wrote:
There might be a file (picture) downloaded with a zip file with cp files inside.
Sure, there might be...there might be a lot of things.
What data do you have that points to a downloaded image file with a zipped archive of images stego'd inside it?
In the DF field, we can really caught up in the "maybes" and "what ifs", to the point where we never actually finish anything.
Look at it this way...*if* a suspect downloaded an image file that has a zipped archive of images stego'd inside it, they would then need an application to access/retrieve the stego'd file, right? Otherwise, how would they access it?
Yes, opening a JPG file for viewing is easy. Opening a zipped archive is easy. But retrieving a zipped archive that is stego'd inside a JPG file is not, and requires a specialized application, one specific to the method of steganography used.
Also, something of a side thought...for an image file to have a zipped archive of images stego'd inside it, it's gonna have to be HUGE. (I know you just said the word "HUGE" in your best Donald Trump voice...)
↧
↧
Digital Forensics Job Vacancies: Digital Forensic Officer West Midlands Police Birmingham
Digital Forensic Officer West Midlands Police Birmingham
Grade: Band D Lower
Salary: £27,795 to £33,933
Closing Date: 18th July 2018
About the Role:
Main Purpose of the Role:
• To provide technical assistance to investigating officers through the digital forensic investigation of computers, mobile phones and other digital data devices that have been or are suspected of being used in the commission of crime. Communicate verbal and written summaries of findings for investigating officers to review and make informed decisions as to how to progress inquiries. Provide evidential reports for the purpose of presenting evidence to the Crown Prosecution Service (CPS) and Court.
Key Responsibilities:
• Assist in seizure and retention of digital devices within a laboratory environment and at scenes for subsequent forensic examination;
• Manage forensic exhibits to ensure continuity, confidentiality and security is maintained at all times;
• Understand and follow Digital Forensic good practice methodologies (ISO17025 standard and ACPO Principles of Digital Evidence) to examine computers, mobile phones and other digital devices;
• To carryout Audits in line with ISO17025 requirements
• Manage case workload through the use of Socrates Case Management system;
• Prepare evidential reports upon completion of Digital Forensic examinations;
• Provide fact and procedural based evidence at Court as and when required; and
• To carry out any duties commensurate with the purpose of the post that may from time to time be determined.
Supervisory Responsibility:
• None, other than to coach/mentor new members of staff.
Supervision Received:
• Supervised by Digital Forensic Team Leader.
Contacts (Internal and External):
• Police Officers, Police Staff, CPS Officers, Other Police Forces and external agencies, Suppliers and manufacturers of relevant equipment.
Special Conditions
• Must be prepared to handle material that may be offensive or distressing.
• The role involves regularly working with material that may be of a sensitive, obscene, offensive or distressing nature (e.g. images that may depict the abuse of children).
• Appointments to this post are subject to specific vetting and medical clearance.
• Confidentiality and trust are very important in this post and must be maintained at all times.
• The post holder will be required to work a shift pattern that incorporates working weekends, bank holidays and from time to time outside of core shift hours.
• Must have full UK driving license
The Digital Forensics Team currently works a one weekend in six shift pattern, covering from 0700 to 1800 Monday to Friday and 0700 to 1600 at weekend.
About Us:
Here at West Midlands Police, we serve almost 2.8 million people – making us the second largest Police Force in England. We’re in the middle of radically overhauling all aspects of the business with WMP2020 - a modernisation plan that’ll change the way we operate.
WMP is a large and diverse organisation where you can develop your skills, knowledge and career in an encouraging and flexible environment. We're able to offer you a comprehensive range of rewards and benefits including:
• 28 days annual leave (plus bank holidays) with the option to purchase additional days
• access to a Corporate Health Cash Plan and wellbeing website
• modern working environment in central Birmingham
• opportunity to save on travel costs through a Corporate Travel Scheme
• the option to join a generous pension scheme
Diversity and Inclusion Vision: “Maximise the potential of people from all backgrounds through a culture of fairness and inclusion to deliver the best service for our communities”
Qualifications
Knowledge & Experience:
Essential:
• Ability to work on own initiative and as part of a team of Digital Forensic examiners;
• Possess good communication skills (both verbal and written);
• Be enthusiastic, hardworking and flexible;
• Possess an ability to examine digital devices in a methodical and precise way and have an aptitude for problem solving;
• Be conversant with Windows and/or mobile operating systems and have a keen interest in and understanding of computer systems and mobile devices;
• Ability to dismantle computers and/or safely handle mobile devices for examination purposes, whilst maintaining accurate contemporaneous records. Identification, removal and safe handling of key computer and/or mobile device components;
• Be conversant with the ISO 17025 standard and ACPO Principles of Digital Evidence; and
• Be able to regularly work with material that may be of an obscene, offensive or distressing nature. Treat such material in the appropriate manner ensuring it is secured and handled according to defined policies.
Desirable:
• Understanding of relevant commercial and open-source software tools applicable to the role;
• Understanding of programming and/or scripting languages;
• Understanding of other common operating systems such as OS X and Linux;
• Experience and knowledge in performing Digital Forensic examinations and the impact they have on investigations; and
• Have attended and passed an accredited training course relevant to Digital Forensic examination of computer and/or mobile device based evidence.
If you can evidence any of the above skills you will be invited to take a test based on your technical competencies before any interview selections take place.
To apply email customerservices @ west-midlands.pnn.police.uk or tel 0121 626 5100 quoting job ref 180000DT
Minimum Salary: £27,795 Maximum Salary: £33,933 GBP
↧
Digital Forensics Job Vacancies: Senior Digital Forensic and Incident Response Analyst (UK)
Foregenix is a leading Global Cyber Security company and offers a dynamic work environment with offices situated around the world. We love our culture and one of our priorities is to maintain this as we expand.
Due to continued expansion and the increasing demand for robust cyber security protocols we are seeking an experienced digital forensic investigator or incident response analyst to join our UK based team. You will be responsible for leading a wide range of digital investigations, with a primary focus on network data breaches. Your duties will also include liaising with clients, conduct investigations onsite and within our forensic laboratory, identifying security vulnerabilities, and providing security advice and guidance.
Our ideal candidate is an experienced forensic professional with demonstrable investigative and digital forensic skills from either a Law Enforcement / Military or corporate setting. As a Digital Forensic and Incident Response Analyst, you should perform well under pressure keeping to deadlines, with an eye for detail and a passion for quality. An aptitude and willingness to learn is a must.
Responsibilities and Duties
• Lead investigations, working with minimal supervision and guidance.
• Conduct investigations into data breaches in the UK and Europe.
• Provide incident response capabilities to clients within the UK and Europe – and possibly beyond.
• Conduct light weight security audits (PCI DSS) and vulnerability assessments of digital environments.
• Provide security advice and guidance to clients who have suffered a data breach.
• Identify new IOCs and assist in the maintenance of our current tool set.
• Provide documentation on new and emerging attack trends in the way of blogs and white papers.
• Assist in the training and development of junior or lesser experience staff.
• Assist in the commercial sales, by engaging with prospective clients as a subject matter expert.
• Maintain high level of evidence handling, ensuring ACPO Digital Forensic guidelines are followed and the chain of custody is maintained.
• Stay up-to-date with all relevant programs and current news on attack trends.
• As part of this role, candidates may be expected to travel internationally as well as domestically although the travel frequency is not high
Qualifications and Skills
Critical competencies:
• Minimum 5 years practical work experience in Digital Forensics, Incident Response, or similar ·
• Experience in both live and offline acquisition techniques ·
• Experience of memory analysis ·
• Hands on experience with common operating systems; Microsoft, Linux, and Apple Mac ·
• Technical knowledge of web applications and networking ·
• Knowledge of common web languages; PHP, SQL, JavaScript, HTML, XML, JSON ·
• Familiarity with server applications; Apache, Nginx, IIS, MySQL ·
• Excellent writing skills in English ·
• Attention to detail
• Good organizational and time-management skills ·
• Ability to convey technical information to non-technical people, both in print and verbally.
Desirable:
• Scripting or programming experience
• Previous experience of PCI DSS
• Current PFI or Core PFI
• CISSP or other security qualification
• EnCE, ACE, CFCE, GIAC, ISO Auditing
• Experience of malware and reverse engineering
• Experience of vulnerability scanning or penetration testing
• Experience of network traffic analysis
• BSc or MSc in Forensic Computing or Information Security
Benefits
20 days annual holiday
Pension scheme
Private Healthcare
Life assurance
Please apply with an up to date CV in pdf format and covering letter to recruitment@foregenix.com
Closing date for applications is 3rd August 2018.
↧
Digital Forensics Job Vacancies: Junior Digital Forensic and Incident Response Analyst (UK)
Foregenix is a leading Global Cyber Security company with offices around the globe. We are seeking a junior digital forensic investigator or incident response analyst with a minimum of 12 months post graduate commercial experience, to join our UK based team. You will be responsible for assisting with a wide range of digital investigations, with a primary focus on network data breaches. Your duties will also include maintaining custody of evidence, assisting with investigations onsite and within our forensic laboratory, researching security vulnerabilities, and provide support to client’s subject to an ongoing investigation.
Our ideal candidate will have BSc or MSc in Forensic Computing or Information Security. As a Digital Forensic and Incident Response Analyst, you should perform well under pressure keeping to deadlines, with an eye for detail and a passion for quality. We provide on-the-job training so an aptitude and willingness to learn is a must. Foregenix will put you on a career path that will build on your knowledge and experience, with the aim that you will become a senior investigator within 5 years.
Responsibilities and Duties
Assist with investigations, working under limited supervision.
Provide incident response capabilities to clients within the UK and Europe.
Learn to identify weaknesses and deficiencies within lightweight security audits (PCI DSS) and vulnerability assessments of digital environments.
Provide security advice and guidance to clients who have suffered a data breach.
Identify new IOCs and assist in the maintenance of our intelligence database.
Provide documentation on new and emerging attack trends in the way of blogs and white papers.
Maintain high level of evidence handle, ensuring ACPO Digital Forensic guidelines are followed and the chain of custody is maintained.
Stay up-to-date with all relevant programs and current news on attack trends.
As part of this role, candidates may be expected to travel internationally as well as domestically although the travel frequency is not high.
Qualifications and Skills
Essential competencies:
Proven knowledge of Digital Forensics and Incident Response practices, min 12 months in a commercial setting
Fundamental knowledge of both live and offline acquisition techniques
Fundamental knowledge of memory analysis
Fundamental knowledge of common operating systems; Microsoft, Linux, and Apple Mac
Excellent writing skills in English
Attention to detail
Good organizational and time-management skills
Ability to convey technical information to non-technical people, both in print and verbally.
Desirable:
Scripting or programming experience ·
Knowledge of networking and server applications ·
Experience of malware and reverse engineering ·
Experience of vulnerability scanning or penetration testing ·
Experience of network traffic analysis ·
Knowledge of ACPO Digital Forensic guidelines.
Benefits
20 days annual holiday
Pension Scheme
Private healthcare
Life assurance
Job Type: Full-time
Please apply with an up to date CV in pdf format and a covering letter to recruitment@foregenix.com
Closing date 3rd August 2018
↧
Education and Training: Which is better: Master / PhD or Industrial Certificate
Save your money and set your own study schedule
Deep dive without the phd, since the phd is just a book that few people will read.
I'd say go the cert route, but even then those are limited.
Harlan's spot on, write things down and share your learning. Deep dive on multiple topics and you can really get the crux of the information for less money and a bit more effort by getting access to the tools you need, and documenting everything you can find.
↧
↧
Mobile Phone Forensics: Physical Analzyer recovering imessages
Trying to find deleted imessages. PA is only recovering 324 when it is suspected there are 1000 of deleted imessages. I performed a logical IOS and physical IOS extraction. Can I search for screen shots that were sent thru imessages? A search og the phone number associated with the imessages and or name is not producing the imessage. Any help would be appreciated. I just want to be able to explain I have done everything to recover or locate the imessages. If nothing can be done at least an explanation why the imessage isn't there anymore. The strange thing, PA recovered deleted imessages in the same time period but not the particular imessage from the particular person I'm looking for.
Note. Iphone 7 plus IOS 11.3.1
The contact was deleted and blocked. PA recovered the deleted contact
↧
Education and Training: Which is better: Master / PhD or Industrial Certificate
Personally, I wanted to get into forensics at at the time, I was finishing my undergrad via CUNY (City University of NY) and I continued and got my Masters in Forensic Computing from John Jay College of Criminal Justice. They renamed the program to Digital Forensics and Cybersecurity.
It was a great program, and you learn the "under the hood" of what happens when you use forensic tools. Really helps with knowing files signatures, carving, MFT, hash sets, timestamps, etc.
That said, I also have my EnCE (EnCase Certified Examiner), CEH (Certified Ethical Hacker) and CFSR (Certified Forensic Security Responder) certifications. It does help to know and use the tools if you can do so, either via a masters program or via tool/course training.
↧
General Discussion: what else other than memory dump
Hi,
I'd also consider running a virtual machine from the forensic image and monitor network activity coming from the potentially infected machine. There might be more calls to foreign IP addresses than was captured in the memory dump at the time that was done.
You can also do a packet analysis of what the machine is trying to send out as part of that process. This might give you clues of where to look next on the computer.
Steve
↧