Kenobyte wrote:
Resurrecting this thread did anyone ever find a workaround if there was no password found?
Does this apply to your model/drive?
https://github.com/andlabs/reallymine/
jaclaz
↧
General Discussion: Western Digital SmartWare
↧
General Discussion: Western Digital SmartWare
Thank you it actually might I have model wdbaaa3200abk the passport essential which should be the JMS538S chip.
↧
↧
General Discussion: Staged photo, ok, but how much?
NeriMatrixx wrote:
For the floor plan, I use this picture to mimic how the lab and clean room should be laid-out (no personal items). There will be a separate open space with desk and chair (to encourage Examiners to take a break).So you aspire to have a laboratory with poor desk ergonomics because it looks good in marketing photos? I would like to think that people will pay for the quality of the work product rather than how your office looks, but I may be a little old fashioned <img src="images/smiles/icon_razz.gif" alt="Razz" title="Razz" />
Those desks remind me of the front row of old style cinemas where you would end up with a sore neck after a two hour feature (let alone an 8 hour shift!).
Might be ok for the odd imaging task where you spend a limited amount of time at the desk then work elsewhere, but not the implied hex analysis or anything that requires prolonged concentration.
↧
General Discussion: Password-Protected Windows 10
I personally think that cracking the password protection of Windows 10 is very simple. You just need to delete the password, but how to delete it?Using Kon-Boot or Cain & Abel.
https://www.filehorse.com/download-cain-and-abel/
https://www.logitheque.com/en/windows/kon-boot-32698
https://www.passgeeker.com/unlock-windows-10-computer-without-password.html
↧
General Discussion: Western Digital SmartWare
Kenobyte wrote:
Thank you it actually might I have model wdbaaa3200abk the passport essential which should be the JMS538S chip.
I think this is the old encryption type " (easier if compared to the new updated controller engine)
This particular model has a bug (1st. gen. released) which locks the drive even when no password is set
- If that is the case, It can be done in our Lab
- If the password is set & unknown, we are able to assist too (In our Lab)
PM for more details
↧
↧
Mobile Phone Forensics: Cellebrite Reader and images in report.
Thank you for your replies. I guess it has to be done the timeconsuming way.
//Mort
↧
General Discussion: Staged photo, ok, but how much?
NeriMatrixx wrote:
There will be a separate open space with desk and chair (to encourage Examiners to take a break).Yep, and where examiners can make a quick tournament of paper-rock-scissors and the one who wins (or the one that loses? <img src="images/smiles/icon_question.gif" alt="Question" title="Question" /> ) gets to use the (single and only) keyboard.
jaclaz
↧
General Discussion: Staged photo, ok, but how much?
NeriMatrixx wrote:
There will be a separate open space with desk and chair (to encourage Examiners to take a break).NB a single desk and chair so only one person at a time can have a break <img src="images/smiles/icon_wink.gif" alt="Wink" title="Wink" />
Unless the model is based on a team of three with one driving the keyboard, one getting trying to hit their stand goal and the third on a break <img src="images/smiles/icon_biggrin.gif" alt="Very Happy" title="Very Happy" />
↧
General Discussion: Mac OS Remote Forensic Collection
BlackBag can help you.
↧
↧
General Discussion: Mac OS Remote Forensic Collection
@hommy0 - Thanks for the response. Could you please let me know which version of Encase provides support for the MacOS remote collection.
Thanks,
↧
General Discussion: Linux Malware Analysis
Have you tried:
1. Generating a hash list for a “clean” install of the Linux OS to use to compare to the “infected” system’s file hash values?
2. Booting a virtualized version of the infected machine to capture any “phoning home” activity? Kali Linux offers a VM download which includes WireShark. Boot the Kali VM first, attach Kali to a newly created virtual network, and then connect the infected machine’s VM to the same network.
3. Building a timeline of known activity to attempt to isolate how and when the Malware was placed on the machine?
4. Analyzing which software sources the infected machine is configured to work with. Did the infected machine only use standard built in software sources as well as Symaptic package manager or did the infected machine add a “non-standard” software source (which could be the vector the malware was installed).
5. Analyzing the internet browsers used on the infected machine to see if a vulnerable browser was used; also analyze any browser plugins using GHIDRA or IDA Pro (reverse code engineering).
You might want to try Autopsy/the Sleuth Kit for analysis in addition to XWays as the Sleuthkit is free to use and very good at generating a universal timeline for all files on the infected system.
Unlike Windows machines with mulitple Registry hives tracking individual file metadata and other user activity, Linux has no equivalent “hives”. The very first time a Linux System is created, a finite number of files will be defined by the system (iNode or Index Node). Linux then keeps track of file changes such as created and modified for each individual file - the point being Linux has different Modified/Accessed/Created/(Plus one more whose name escapes me) metadata values than a Windows System.
I would actually start with creating a super timeline of all files on the infected system using Sleuthkit and export the super timeline to Excel for manual analysis; focus in on the specific date and time that you believe the Malware came into existence on the machine and then move up the super timeline to see what files were subsequently modified by the malware.
↧
General Discussion: Linux Malware Analysis
shishirsaxena2007 wrote:
Can you please guide me how can i start with this analysis.
What are you trying to do? (No, 'perform an analysis' is not a correct answer.) What specific questions do you need to find answers to?
The first questions I would suggest you answer is 'how do you know you have a malware infection? Is it a certain bill, or is it tentative? How likely is it that it is a false alarm?' (Of course, if this is some kind of class assignment, that would answer all those questions very simply and directly.)
Quote::
I have processed the Image with X-Ways.
Why did you do that? Does it help you answer those questions?
↧
General Discussion: Linux Malware Analysis
How do you know the system is compromised with malware? You must have been provided some information to work from. I'd acquire the memory check for anomalies, look for suspicious modules, hidden modules, dump them and analyse, any suspicious hooking, are there other rootkits active etc. Then you have the obvious, check running processes and if you find something that jumps out, work backwards and dig deeper into associated artefacts. There's a lot that can be done with memory and i'd be looking there first.
↧
↧
General Discussion: Mac OS Remote Forensic Collection
Hi,
EnCase 8.11 has an agent that currently supports macOS Catalina 10.15 remote preview and acquisition, with the T2 support coming in a later release.
Regards
↧
General Discussion: Mac OS Remote Forensic Collection
Hi Rahul,
You may want to check out our new product, AXIOM Cyber - it can do remote collections and Mac support is coming within a couple months (logical/targeted file acquisition over a network). Let me know if you'd like more information, you can learn more about AXIOM Cyber here: https://www.magnetforensics.com/products/magnet-axiom-cyber/
Best regards,
Jad
↧
General Discussion: Computer Forensics Project Proposal
Can I have more research papers you uave on this topic please?
Thank You
↧
Mobile Phone Forensics: Extracting data from a factory reset Android mobile phone
[quote="shadowplay"]I have a phone that was accidentally factory reset on 3/6. I need to recover photos that were saved to the device prior to the reset. (No, there was no backup or sync at the time.) I've already rooted it, USB Debug on, SU allow, encryption appears to be off by default. I have tried some apps which are recovering stuff I believe was prior to the reset but it isn't what I'm looking for. The phone is an HTC Desire 626, model HTCD200LVW, Android 6.0.1. It was on the Verizon network at one point but hasn't been connected to a network in years. I had a tough time getting it rooted, apparently Verizon loaded the phones with something that made that difficult. Can confirm via SunShine s-off, & various root checkers that is is in fact rooted. The photos I need are screenshots that may be used in a custody issue later, otherwise it wouldn't be so important. Any help would be appreciated. Thanks.
Specs:
https://www.gsmarena.com/htc_desire_626_(usa)-7421.php[/quote
What software are you using?
↧
↧
General Discussion: Computer Forensics Project Proposal
Okay
Thank You
↧
General Discussion: Logs of changing password in Windows 10
Thanx a lot
↧
General Discussion: Logs of changing password in Windows 10
If the account is a local account to the system, the SAM database includes a "Password Reset Date" field.
↧