General Discussion: Trouble on files extraction in Autopsy..
> Try AccessData FTK Imager I tried it. Mounting the forensic image, later I see two disk, first is EFI but I can't see the second. I am analyzing an iMAC. So Windows Did'nt recognize HFS In Autopsy...
View ArticleGeneral Discussion: Research Thesis
You need to revisit your questionnaire with your thesis advisor. That's about all the input I can offer without spending more time than I have right now.
View ArticleGeneral Discussion: Using EnCase 7 for EFS
I have attempted the dictionary attack. Unfortunately, there are several options in the dictionary attack window and none of them are explained in the user guide. When I run it (if I'm running it...
View ArticleGeneral Discussion: Telecommunication Bypass Fraud
trewmte wrote: The computer (PC) will only be part of the investigation. The device you are referring to as a gateway suggests it is a SIMbox and analysis of this and the SIM cards you recovered will...
View ArticleGeneral Discussion: UK FSR Digital forensics method validation: draft guidance
dan0841 wrote: I can't see a link to the list of names. But if you mean in the original validation document there are a list of participants on page 102 of the document which was posted by the OP. They...
View ArticleMobile Phone Forensics: LG306G Tracfone
300G and 306G is 2 completely diff phones... doubt it would work.
View ArticleDigital Forensics Job Vacancies: Head of eDiscovery Project Management, London
Title - Head of eDiscovery Project Management Team Location – London Salary – Fully negotiable (Circa £80,000 +or-) Overview: To be the leader and manager of our clients team of eDiscovery project...
View ArticleGeneral Discussion: TrueCrypt Alternatives
Very nice! thanks for all the options. After research and testing it looks like we are going to go with Veracrypt for all future deliverables! Much appreciated!
View ArticleForensic Software: what is the go to software?
THanks for the recommendations. You are correct, "best" is the wrong word to use, as there is not one "best" program. We used FTK and Encase in school so I do understand how to used both of them....
View ArticleGeneral Discussion: Using EnCase 7 for EFS
I have seen the dictionary attack, is there any documentation to the settings? I set up the dictionary attack and it ran all night. I want to make sure I select enough, but not too many. I know some...
View ArticleGeneral Discussion: UK FSR Digital forensics method validation: draft guidance
I do not think that regulation of digital forensics is a bad thing, I welcome it. I do however think that it should become a reality as a result of expertise and innovation by the practitioners and not...
View ArticleGeneral Discussion: Telecommunication Bypass Fraud
I wont say too much in an open forum, not because i do not wish to share, simply i cannot be sure who is reading the content and therefore wont want to assist those who are less than honest. It would...
View ArticleGeneral Discussion: Trouble on files extraction in Autopsy..
giandega wrote: > Try AccessData FTK Imager I tried it. Mounting the forensic image, later I see two disk, first is EFI but I can't see the second. I am analyzing an iMAC. So Windows Did'nt...
View ArticleForensic Software: [Tool] Autopsy 3.1 Released - Parallel Pipelines and Android
Just curious. New here and new to Autopsy. I just downloaded it yesterday (Windows version) and from what I can tell, there is no imaging aspect of the program. What are people using to image devices...
View ArticleForensic Software: Internet Examiner ToolKit.. IXTK - SiQuest users?
IXTK is the evolution of their old flagship product, CacheBack. You can google some old press about CacheBack and NetAnalysis having been used in a murder trial and discrepancies between user results...
View ArticleForensic Software: [Tool] Autopsy 3.1 Released - Parallel Pipelines and Android
bgq007 wrote: Just curious. New here and new to Autopsy. I just downloaded it yesterday (Windows version) and from what I can tell, there is no imaging aspect of the program. What are people using to...
View ArticleGeneral Discussion: Travel with encrypted drives/computers
CULTS: Thanks for the response. I will pass it on. (Apologies for the late reply... I was out for a while). Regards.... -=Art=-
View ArticleMobile Phone Forensics: Call Types
sherlock wrote: When decoding phone calls I know that there are three primary types, namely incoming (x01), outgoing (x02) and missed (x03). But I have also encountered x04, x05, x06, x09 and x41. I...
View ArticleGeneral Discussion: MAC OS x: network log
OK thanks... and the file that stores opened file name? thans
View ArticleMobile Phone Forensics: Hex dump
It's commonly referred to the process of dumping the non volatile persistent memory, as loading a bootloader would require a restart, and a restart would clear your volatile memory...unless you were in...
View Article