General Discussion: Paraben Email Examiner
All, I am running into a strange issue. When I did a batch export of emails from a pst file in the outlook message format. I cannot open the extracted emails in Outlook. I keep getting an error stating...
View ArticleForensic Software: TSK / Autopsy 2.24 working with NSRL hashes.
Okay got things working. Basically what I explained above is what I did... Download RDS_239.iso fro NSRL about 2.5 gig.. extracted it which contained the actualy NSRLFile.txt moved it where I wanted...
View ArticleGeneral Discussion: Alchemy Mailstore Archive
Just picked up a new case that involves extracting data from this program. Does anyone know how this program stores data?
View ArticleGeneral Discussion: Facebook Chat Artifacts Via Safari or Another App
Okay, I figured out why I was getting the zero-length files. The short reason is I was looking in the wrong place. I appreciate both of you responses. I'm downloaded and run IEF without any luck, now...
View ArticleEducation and Training: Champlain College - Digital Forensic (Bachelors)
I am taking the Bachelor's program online - and I love it so far. I like that I can take one class at a time so that my focus is not divided. Although the the classes are accelerated it balances out to...
View ArticleForensic Software: TSK / Autopsy 2.24 mmls tool results not the same.
Ok When in autopsy 2.24 I create a case then go to add my EWF (E01, E02....) It gives me the below analysis of the image file. For your reference, the mmls output was the following: DOS Partition Table...
View ArticleDigital Forensics Job Vacancies: eDiscovery Consultant - London - £35,000 -...
Good day, I am interested, could you pl. tell me how to apply for this job. Thanks.
View ArticleGeneral Discussion: Samsung 700T
Hi All, As part of a case I'm working I have seized a Samsung 700T (model XE700T1C) hybrid tablet. It is a hybrid in the sense that it come with a keyboard dock to make it operate and look like a...
View ArticleMobile Phone Forensics: SIM partitions
Beware - soon to be mobile forensic practitioners. Obtaining a forensic image of a mobile device is never really an easy process, unless lady luck is shining on you everyday (you could be unlucky like...
View ArticleGeneral Discussion: Facebook Chat Artifacts Via Safari or Another App
Neither hiberfil.sys nor page file(s) are encrypted, but hiberfil.sys is compressed. Pretty much any forensic tool, including our own, can decompress the hibernation file. Or you can check out the...
View ArticleForensic Software: Bitlocker issues with Linux forensic tools
There is also the library libbde available on linux for this very purpose. https://code.google.com/p/libbde
View ArticleMobile Phone Forensics: SIM partitions
I am trying to find the elucidation of "Beware" in your writing, groper128, but no such luck.<img src="images/smiles/icon_mrgreen.gif" alt="Mr. Green" title="Mr. Green" />
View ArticleGeneral Discussion: Samsung 700T
We just started digging into tablets. At this time, we simply rip the mini SATA2 SSD drives out of the tablets. The breakdown is not for the faint of heart - and warranty is out the window. We never...
View ArticleDigital Forensics Job Vacancies: eDiscovery Consultant - London - £35,000 -...
Hello If you can send your CV to phil@propriusrecruitment.com that would be great. Thanks Phil
View ArticleMobile Phone Forensics: BLACKBERRY EVENT LOGS
I believe the "DRM" is the key to this puzzle. It probably has something to do with deleting licensing files or the media files themselves.
View ArticleForensic Software: TSK / Autopsy 2.24 working with NSRL hashes.
Pete, it sounds like you solved your questions, but you pointed out some shortfalls in our documentation. We will work to make that clearer. If you have questions about the NSRL in the future, you can...
View ArticleMobile Phone Forensics: SIM partitions
jhup wrote: I am trying to find the elucidation of "Beware"..... 10 Contents of the Elementary Files 11 10.1 USIM information storage requirements 11 10.2 Phone Book 11 10.2.1 Support of two name...
View ArticleGeneral Discussion: Interview with Lee Reiber, AccessData
An interview with Lee Reiber, Global Director of Mobile Forensics at AccessData, is now online here.
View ArticleGeneral Discussion: Facebook Chat Artifacts Via Safari or Another App
Hi Laura, Glad to hear you're getting somewhere. Unfortunately I'm not aware of anything that can decrypt the swap/sleepimage files if encryption for those files was turned on. On Windows, the...
View Article