Digital Forensics Job Vacancies: EY is looking for Assistant eDiscovery - Zurich
EY (Ernst& Young) is lookig for a Assistant eDiscovery - Forensic Investigations and Discovery Services in Zurich The rapidly growing Forensic Technology & Discovery Services department is...
View ArticleGeneral Discussion: NTFS MFT Analysis Identifying Cluster run
I figured this out by researching. Found a great explanation and guide if anyone else is having difficulty with this in the future. My problem was that I was expecting to see all the metadata in plain...
View ArticleGeneral Discussion: USB storage device - last connected
keydet89 wrote: I found this: https://blogs.sans.org/computer-forensics/files/2009/08/usb_device_forensics_vista_win7_guide.pdf Note that it has only 7 steps. Bearing in mind internal metadata and also...
View ArticleWebinars: Working with Legal – How to Bridge the Gap
Please use this topic for discussion of the webinar Working with Legal – How to Bridge the Gap between Forensic Collection/Analysis & Legal Review Date/Time: May 1st at 2pm CDT (US)/3pm EDT...
View ArticleGeneral Discussion: Facebook Profile Saver
Igor_Michailov wrote: Do anyone know a tool for LiveJournal? Sorry Igor, I'm afraid I'm not that familiar with this social media site! Encaser wrote: Is it safe? wants facebook password Yes it is safe....
View ArticleEmployment and Career Issues: summer work experience/ industrial placement
Moved to correct forum.
View ArticleMobile Phone Forensics: Using DD to image smartphones
which recovery image did you use? a custom one? since the memory is eMMC on this specific samsung device i'm fairly confident that you can simply do adb pull directly on the block device.
View ArticleForensic Software: Facebook Forensic Beta
social media preservation and investigation software updated to v1.2.4, including new data export and reporting function. Find out more and download a free copy from: www.facebookforensics.com
View ArticleGeneral Discussion: ewf file (E01) write back to disk - how?
Excuse my bad english...... I have made EWF Images (E01) from an external hard drive. I'm supposed to determine which changes to the timestamps of the files resulting from different operating systems...
View ArticleGeneral Discussion: Flaw in evidence verification process?
Hey guys, I would appreciate your input on a discussion that we had at the office regarding the verification process of evidence files used by most forensic software/hardware. For years, we were under...
View ArticleGeneral Discussion: Find the current version of Windows
minime2k9 wrote: I can't boot into the machine, we have liveview but it fails on this. If we have both a boot.ini and a Boot folder, which takes priority? It depends on which OS loader is invoked. XP's...
View ArticleGeneral Discussion: NYC4SEC - Meet-up Group
Next Meet-up: Thanks For the Memory: Rootkits, Exfil and APT - RAM Conquers All Thursday, May 8, 2014 @ 6:30 PM John Jay College-Criminal Justice 899 Tenth Avenue 10th Ave btwn 58th and 59th Streets...
View ArticleMobile Phone Forensics: INSTAGRAM QUESTION
Thanks for the reply. I have Oxygen but not the full version that will allow me to analyze. It's in next FY budget.
View ArticleForensic Software: Quicker Forensic Imaging?
markl1975 wrote: The boot environment they provide is a WinFE environment, which will boot any Intel machine. Bootable media provided is a USB stick and a CD, and they gave me a copy of the iso so I...
View ArticleForensic Software: Quicker Forensic Imaging?
I'd stick to a winpe/winfe that you make yourself to avoid violating a MS EULA. A winpe/fe can't even be given away freely, so providing a download or giving out the iso in training probably doesn't...
View ArticleGeneral Discussion: ewf file (E01) write back to disk - how?
I think I've found a way. I use xmount from --> https://www.pinguin.lu/index.php 1. xmount --in ewf --out dd --cache ~/acquired/MyDisk.cache ~/acquired/MyDisk.E?? ~/MountPoint 2. write with dd or...
View ArticleGeneral Discussion: Flaw in evidence verification process?
Here an old post of mine from 2004 that impacts the OPs question. http://osdir.com/ml/security.forensics/2004-04/msg00016.html In this case one bit of the 16 bit IDE channel was held at 1 for every...
View ArticleDigital Forensics Job Vacancies: £125-150K (package) Manager Digital...
Role: Manager – Digital Forensics & e-Discovery - Financial Crime and Enforcement Contact: craig@brimstone-consulting.com Tel: 0207 096 1200 Mobile: 0787 602 8419 - If your current package is...
View Article