General Discussion: Employee Exit - Top 5 or 10 things to examine system for
We did extensive field testing of a USB monitoring process during an announced layoff period - and it was for naught. Unless USB usage was forbidden, then there is no way to differentiate between...
View ArticleGeneral Discussion: Email Forensics (Read / Unread)
Perhaps the best approach is to identify those emails that have not been read - and submit the rest.
View ArticleGeneral Discussion: What is YOUR take on the Aaron Swartz case?
I would like to know what you as a forensic professional think about the Aaron Swartz case. If you don't know about it, read about it and then comment please. No, this isn't some post solves a forensic...
View ArticleForensic Software: Email deduplication
I can describe what one CF person did in a matter where it was stated that de-dupe was needed. They de-duped by message number; I'll elaborate a bit. Many times messages are listed as Message 01 or...
View ArticleMobile Phone Forensics: SaraSoft Nokia 101
polar wrote: stetocina wrote: Nokia 101 is XGold platform. Only USB connection is possible. SaraSoft is useless for that phone. Has Nokia given the same name to more than one phone again? The 101s I've...
View ArticleGeneral Discussion: Cloud computing and powers of seizure
If you have access to the employee's computer which has authorisation to be connected to the cloud. Surely it can be argued that the cloud is simply an extension of that employees computer and when the...
View ArticleGeneral Discussion: Hexworkshop Examniation
Patrick4n6 wrote: I hate to be picky, but as a former data structure geek, it bothers me when people get this wrong: NTFS and other file systems use B+Trees, not B-Trees. Picky is good. I don't mind...
View ArticleMobile Phone Forensics: Oxygen Forensics
We have used Oxygen in our lab for a year now and am not too impressed with the rooting. I was really excited when we got it, the description made it out to be the fancy tool you could find all sorts...
View ArticleMobile Phone Forensics: iPod Photo Cache
Has anyone had any luck linking the iPod Photo Cache folder to an iPod/iPhone? I've got a number of iPod Photo Cache folders, each containing the "Photo Database" file (no extension) and a Thumbs...
View ArticleGeneral Discussion: Ever reported data recovering from broken CD/DVD/HDD?
Or said more correctly: Not 13 times easier(as if there are no report then I suppose the difficulty has to be the same)but containing a DVD much more density of information perhaps I think it shoud be...
View ArticleMobile Phone Forensics: JTAG & CHip offs
You do not need a lot of money to do either chip-off or JTAG. The process is not brain surgery, but does require practice, and some electronics understanding. For JTAG, take a look at OpenOCD and any...
View ArticleGeneral Discussion: What is YOUR take on the Aaron Swartz case?
I rather be discussing the tangential topic of scholarly or research articles kept behind outrageous pay-walls.
View ArticleForensic Hardware: competing product of Shadow3
I use Shadow3 for malware analysis. and I'm looking for some competing (similar) products of Shadow3 now. Does anyone have any recommendations?
View ArticleMobile Phone Forensics: Locked my iPhone 4s!
As far as I'm aware there is currently no way to bypass/recover the 4 digit pass lock for an iPhone 4S. Cellebrite, XRY or iXam are generally the best when it comes to recovering/bypassing this and...
View ArticleMobile Phone Forensics: JTAG & CHip offs
I included the link to OpenOCD. That is the best place to start. There are books and papers out there but both are crazy expensive. JTAG is a higher level "language" of sorts besides a physical layer...
View ArticleGeneral Discussion: RAID Reconstruction
This is my favorite tool to recover broken RAID arrays: http://www.diskinternals.com/raid-recovery/ It works with or without the original RAID controller (and it works better without it). Most things...
View ArticleMobile Phone Forensics: BMW Key Fob Mobile Phone
I don't envy you. I have worked on a few phones from prisoners and am always very apprehensive. There are only so many orifices that a phone can be smuggled into a prison in.
View ArticleGeneral Discussion: What is YOUR take on the Aaron Swartz case?
it is sad he died, but for those calling for less or no penalties for actions like Aaron's, where does it stop? Too many people think they should be exempt from consequences if their actions are, in...
View ArticleMobile Phone Forensics: iPhone 5
A few weeks ago, I spoke to a tech at BlackBag, and he said essentially the same thing randomaccess said. The files are individually encrypted, and when they are deleted, the encryption key is deleted....
View ArticleGeneral Discussion: Ever reported data recovering from broken CD/DVD/HDD?
ABSOLUTELY clear now, jaclaz. Thanks
View Article