General Discussion: Where has this laptop been?
Thanks for the replies. Adam10541 wrote: Casting my mind back to my own University lecturers they tend to be pretty sneaky and not use obvious answers sometimes (at least mine were) so WiFi might be...
View ArticleMobile Phone Forensics: Mobile forensics after factory reset
For authentication, something I am currently working on a beta for is EyeVerify. I should stress this is not my product nor affiliated with my organisation. This solution uses eye vein biometrics much...
View ArticleGeneral Discussion: Missing $UsnJrnl
Resolution. Looks like one culprit was the version of FTK Imager I was using (3.0.0.x). have update to 3.1.2 and it works just fine The other culprit is me, for not (a) realising I was using a...
View ArticleGeneral Discussion: Comodo timemachine forensics
Quick update in case anyone else comes across this. I have managed to get round the issue caused by Comodo Time Machine (and some similiar system restore products) as described in the blog article...
View ArticleGeneral Discussion: Where has this laptop been?
That's why we should collaborate more, Mark.
View ArticleMobile Phone Forensics: Comparison between MPE and Ufed
MPE+ is our third choice tool, sometimes it is brilliant but generally very woolly. UFED is used regularly with XRY.
View ArticleGeneral Discussion: How to Determine USB Key User
Thank You Sir. Now that you mention it... it DOES make sense. Have a good one! Jeff
View ArticleMobile Phone Forensics: Contradictory test results:UFED vs XRY vs SIMcon
Yunus, do you have the message header/s for the original text message/s from the target SIM Card that you can post so that we can start at the beginning. The GSM standard reference template: Example of...
View ArticleMobile Phone Forensics: Free tool nokia (symbian) forensic
[quote] Rampage You fail the dumping process or the data extraction process? if you fail at dumping, are you using an FBUS cable or the USB cable?[quote] Yes i failed in dumping the memory of the...
View ArticleMobile Phone Forensics: Contradictory test results:UFED vs XRY vs SIMcon
keydet89 wrote: I have some thoughts that I'd like to share, but I'm going to move this to another thread... Which is this one: http://www.forensicfocus.com/Forums/viewtopic/t=10579/ (just to keep...
View ArticleGeneral Discussion: Recovery of a text file with damaged MFT (zero sized file)
jaclaz wrote: @damaged_mft You can try this: http://recsveditor.sourceforge.net/ which is a "specific CSV" tool derived from: http://record-editor.sourceforge.net/Record02.htm Should have no such thing...
View ArticleGeneral Discussion: Where has this laptop been?
look for photos with EXIF data, they often have geotags
View ArticleGeneral Discussion: Thoughts on Tools/Processes
Bulldawg wrote: As someone new to the field, I crave information. I have a whole library of books, most of which are excellent resources but grow stale quickly in this environment. There are a number...
View ArticleGeneral Discussion: Thoughts on Tools/Processes
. . . I have about three dozen tabs open. An excuse, but inexcusable.
View ArticleForensic Software: Splunk alternatives
Post is old, but for reference you might also be of interest in ELSA (dev now supported by Mandiant). ELSA https://code.google.com/p/enterprise-log-search-and-archive/
View ArticleForensic Software: Trying to recover data from an external HFS HDD with FTK
When you write "but I opened the same disk with Encase (acquisition mode) and I can see the folder structure", what is the actual folder structure you see? Does it look something like: EFI Apple Core...
View ArticleMobile Phone Forensics: Contradictory test results:UFED vs XRY vs SIMcon
Hi Yunus, thanks for checking and your replies. I will study the data you have given and offer some suggestions. I was raising different observations in my post to see whether there would be other...
View ArticleForensic Software: Evidence management software
It looks like Lima does more than I really need, but the price is about what I was thinking. I will be at CEIC, so I'll try to stop by your booth. I see on your site you offer a VM with a demo version....
View ArticleGeneral Discussion: Interesting Security Breach (recent hacking/cyber crime)
keydet89 wrote: To me, without more information, this sounds like the guy who gets beat up by a 12 yr old girl, but is too embarrassed so he tells his buddies that it took the entire defensive line...
View ArticleGeneral Discussion: Recovery of a text file with damaged MFT (zero sized file)
okay, I have installed Java, and it took 130MB of my hard disk!! Open Office wanted to take 300MB more, but my Windows hard disk didn't have that much room for it. So, for now, I will use reCSVEdit....
View Article