General Discussion: how to find evidence of a trojan in an .exe file?
tryan6, As you are an FTK user (not sure which version) it may be worthwhile requesting a trial on Cerberus Malware Detection from AccessData or from your reseller. This is an add on for FTK4. I am not...
View ArticleMobile Phone Forensics: FTK Mobile Phone Examiner
Maybe MPE+ do all that manual say, but hide lots of things that everybody thinks that is included like, bluetooth, useful reporting, etc. Another issue is that the app is very very slow (comparing with...
View ArticleForensic Software: POLL Time to upgrade to EnCase 7 or not *** STILL ****
adam, brett shavers and I are writing a book on xways that will change all that. it will be all that is needed to pick up and learn xways from scratch. it wont teach you forensics, but it will teach...
View ArticleGeneral Discussion: Video & Image Enhancement
For images Photoshop is still one of the best. Ocean Systems makes dTective for video analysis and ClearID for image analysis which are more geared to forensics. Check out THIS site for some good...
View ArticleForensic Software: Autopsy Forensic Browser 2.24 Expert Witness File issue
the reason why looked into it in the first place is because i once ran into the same issue as well we learn from our mistakes
View ArticleEducation and Training: Introducing CyFor - a free portal for cyber forensic ed.
I would also hope they would appreciate that our goal is to educate future cyber forensic investigators.
View ArticleGeneral Discussion: FTK Imager Block Size
Is the default (built-in) block size for FTK Imager 512 bytes? I've been looking for a technical paper on the inter-workings of FTK Imager, but I don't seem to be able to find one. Anyone know if one...
View ArticleMobile Phone Forensics: Steam app for iOS and Android
I tried using ccl_bplist.py, but I am not getting it. When I use it as `ccl_bplist.py chats.plist`, it just echos back the copyright notice. I haven't run many python scripts from the command line, so...
View ArticleGeneral Discussion: Facebook Chat Artifacts Via Safari or Another App
We have imaged a MacBook Pro (late 2011 model) using FTK Imager. We have processed the case using FTK 3.3 with Oracle. We attempted to process it several times using FTK 4.2 and 4.1; however, the...
View ArticleForensic Software: TSK / Autopsy 2.24 working with NSRL hashes.
ptyo wrote: And when going through the www.sleuthkit.org/informer/ I seen where Brian Carrier stated the list from NSRL contains all files even say trojan horses or root kits, which shouldn't matter in...
View ArticleForensic Software: Internet Explorer 10 webcache JETblue database
bannlyst wrote: Me and a fellow student are currently working on our last year thesis of BSc IT-Forensics and Information security. We are currently looking into Internet Explorer 10 artifacts using...
View ArticleDigital Forensics Job Vacancies: Computer Forensic Investigator,...
Update: This role is still open and applications are still welcome to william.cooper@CooperRowley.com
View ArticleGeneral Discussion: Define "On-the-fly Hashing"
Maybe a simpler way of thinking about this is to recognize that disk reads and hashing are not serial events. Data acquisition is IO bound, so there is plenty of processing capacity to do other things...
View ArticleMobile Phone Forensics: NSKeyedArchiver
Related to my post Steam app for iOS and Android. The chats.plist is definitely a NSKeyedArchiver file. Does anyone know of a viewer for that file type? It's a plist, but it's a mess. The ccl_bplist.py...
View ArticleGeneral Discussion: Evidence Disk for Class Purposes
Get multiple partitions on a USB (unusual), make first bootable, and NTFS, the second one HFS+ and then hide it. Create complex fragmentation in both partitions. Create decoy $MFTs and other partial...
View ArticleEducation and Training: Champlain College - Digital Forensic (Bachelors)
I guess then you would not want to take some of the Wilmington University (Wilmington, Delaware) modular classes. They are Friday 6:30pm to 9pm, Saturday & Sunday 9:00am to 5:00pm, for two weekends...
View ArticleForensic Software: Bitlocker issues with Linux forensic tools
Just installed fedora18 with CERT-Forensics-Tools to verify the testings with SIFT. Installation description could be much better to get the CERT stuff installed. Have to install dislocker from source...
View ArticleGeneral Discussion: FTK Imager Block Size
It only fragments images using S01 or E01, DD will not fragment. I usually do 2048 just because its easier to handle.
View ArticleMobile Phone Forensics: SIM partitions
again so many words <img src="images/smiles/icon_smile.gif" alt="Smile" title="Smile" /> You have clearly missed my point either by design or accident. The IMSI, ADN etc or any other of the...
View Article