General Discussion: Windows 10 Install time registry key
Tabeer wrote: "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate" It's given as the number of seconds since January 1, 1970. To convert that number into a readable date/time just paste the...
View ArticleMobile Phone Forensics: Apple iPhone 5 & 6 Encrypted Backup
UnallocatedClusters wrote: PB10, If you are referring to an iTunes' encryption password that is in place on the iPhones, then here are some options: 1) Elcomsoft Phone Breaker Forensic Edition...
View ArticleMobile Phone Forensics: UFED Physical Analyzer
UFED PA 3.9 is several years old. This is a product that gets updated almost every month and it is highly recommended to use the updated versions to get more data that is constantly being added. Ron...
View ArticleGeneral Discussion: DVR recovery WFS0.4
i have DVR from "HD iDVR". which i cant mount, first sector says WFS0.4. i tried hx-recovery, it shows many files with dates, but i dont have the license... im thinking switch the evidence hdd with...
View ArticleMobile Phone Forensics: Samsung Galaxy S6 Edge (SM-G925F) Chip Off?
Hi guys, i have to bypass the lockscreen (pattern lock). After installation of oxygen forensic detective u would create a “Samsung Android dump” of a Samsung S6 Edge+ (Type SM-928F). All drivers were...
View ArticleForensic Software: Image recognition / matching tools
Is Python OK? https://github.com/beeftornado/duplicate-image-finder https://github.com/JohannesBuchner/imagehash https://github.com/mk-fg/image-deduplication-tool There is this thingy here also:...
View ArticleGeneral Discussion: DVR recovery WFS0.4
I did a manual recovery of WFS0.4 with a simple hex editor under linux, since no software was able doing it.
View ArticleMobile Phone Forensics: UFED Physical Analyzer
If you want answers, you should ask your question publicly, without revealing your real data. This way you could get more accurate answers from different people and not rely on single person's PM,...
View ArticleMobile Phone Forensics: Apple iPhone 5 & 6 Encrypted Backup
wotsits wrote: I assume you are not in LE? Jailbreaking a phone would make your evidence highly questionable. This is true, modifying an evidence is the last resort and needs approval from the LE...
View ArticleMobile Phone Forensics: Write blocker on smartphones?
If there would be a FF most active user prize, you would certainly be one of the winner candidates
View ArticleGeneral Discussion: Return of seized devices
@jaclaz: I won't post informations about a case here, I sent you a PM.
View ArticleMobile Phone Forensics: UFED Enquiry about thier products !!
Dr.wonder wrote: In fact the UFED series prices may cost $10,000 or more? It depend on which country areyou in. for ship details you can contact ur local seller. <img...
View ArticleGeneral Discussion: Return of seized devices
I sent in PM the name of the company who did the report for my analysis. Writing such names here would be considered hidden advertising. I didn't write any sensitive informations about the hardware not...
View ArticleGeneral Discussion: Forensic who deleted files in fileserver without Auditing
The server is windows 2008, and the workstation is windows 7/8/10, yes there is no specific events in the security log because audit policy is not "enabled", can we do undelete for server to see the...
View ArticleGeneral Discussion: NDX5 disk signature ?
Where was this SSD used before ? If it was used in a surveillance system, you could have on the SSD a closed format raw recording.
View ArticleGeneral Discussion: DVR recovery WFS0.4
Many multi-channel DVR's can't be recovered with simple file carving because they fragment the various channels into a single stream. Even if you knew the signatures, you'd likely be recovering chunks...
View ArticleGeneral Discussion: Return of seized devices
passcodeunlock wrote: @redcat: the link you provided is dead :) For some strange reasons the board software "wants" an ending slash: http://www.forensicfocus.com/Forums/viewtopic/p=6585902/ jaclaz
View Article