General Discussion: Where has this laptop been?
jaclaz wrote: Personally I see it as a probable "red herring". Possible red herring, yes. It would be terrible advice to give a n00b who lacked the ability to separate the wheat from the chaff. On the...
View ArticleGeneral Discussion: Windows Vista Pagefile.sys information
ptyo wrote: I found thousands of contraband images in the pagefile.sys. So anybody have any advice on how I can explain to the DA or a Jury in terms they would understand on how the Pagefile.sys works?...
View ArticleGeneral Discussion: Where has this laptop been?
keydet89 wrote: As such, I would think that it would be a benefit for everyone if more of this stuff was shared. If you look it and consider it, and then make a reasoned choice whether you can...
View ArticleMobile Phone Forensics: Contradictory test results:UFED vs XRY vs SIMcon
Hello trewmte, Yes, you can ask further questions and I am willing and able to give it, however, if futher details requires the actual SIM card or generating a log file by re-examining it, I may not be...
View ArticleGeneral Discussion: Trying to gather evidence from chat fragments in pagefile
Belkasoft wrote: You might be better off by using a specialized tool like ours. Belkasoft Evidence Center (Pro and Ultimate editions) include the ability to carve page and hibernation files as well as...
View ArticleMobile Phone Forensics: Recovery of deleted portion of iphone video
The carving problem is not due to the encryption but most likely because as of now there seems to be no way to perform a physical dump of the device in a forensically sound manner. the videos are...
View ArticleGeneral Discussion: NAND flash disk ECC
Hello I was exact in the same position! (reconstruct the complete filesystem, but all the images are seriously damaged caused of thousands of "bit-flips" that occurred on the NAND-flashes) with try and...
View ArticleGeneral Discussion: Recovery of a text file with damaged MFT (zero sized file)
guys, I am following joakim's instructions on p.m. we will tell you the result.
View ArticleGeneral Discussion: Windows Vista Pagefile.sys information
TuckerHST no this is not the only evidence of contraband images. Let me give you a little bit of history on what I'm working on with out going into to many details. We conducted a compliance check on...
View ArticleGeneral Discussion: NAND flash disk ECC
rs8191 wrote: I hope this mini description will you help. kind regards If you could spend some more time better explaining the actual procedure you used, which tools (if any), etc., I am sure that your...
View ArticleGeneral Discussion: Trying to gather evidence from chat fragments in pagefile
If you have EnCase then I wrote an EnScript to do this very thing, the version 6 one is available here: https://support.guidancesoftware.com/forum/downloads.php?do=file&id=819 and the version 7...
View ArticleEmployment and Career Issues: I'm looking for a Summer Internship
Hi, I'm currently a second year undergraduate student at Cardiff University studying Computer Science with Security and Forensics. In the past two years I have studied modules including programming,...
View ArticleForensic Software: A $LogFile parser utility for NTFS
corey_h wrote: Joakim, Thanks for sharing this. There aren't that many tools (available for free) capable of parsing the $LogFile so this fills a huge void in the current tools. The ability to parse...
View ArticleMobile Phone Forensics: Android text messages
Without telling what you have looked for, it's hard to tell if you are looking at the right stuff. My guess is you don't have the right software/hardware to be able to answer that question. What mobile...
View ArticleMobile Phone Forensics: Mobile forensics after factory reset
Alistair wrote: As you have also pointed out, MDM softwares are not meant to be sold as security software but as a means of simplifying BYOD and device enrollment, security is just a necessity that...
View ArticleGeneral Discussion: Recovery of a text file with damaged MFT (zero sized file)
Joakim is still working on improvements. meanwhile.... jaclaz, I have used reCsv Editor a few times, and the user interface is very slow, I mean, it responds slowly to the mouse clicks. I don't like...
View ArticleMobile Phone Forensics: BlackBerry Data Security - Practical Concerns
Thanks, trewmte, for your reply and link. I did mention chipoff in my first post, and it's my understanding that UFED will not extract the data from a password locked, encrypted BlackBerry Bold 9650...
View ArticleMobile Phone Forensics: .rem Blackberry files
Self-ping. Since BlackBerry uses the AES, and the device password is instrumental in encrypting the data, I would think decrypting/decoding the data would have to be done by brute force method, and the...
View ArticleGeneral Discussion: Trying to gather evidence from chat fragments in pagefile
Dewald wrote: Can you tell me what the usual results you get from that software look like? Will there be any reference to the account-email or time reference for the chat fragments? The result is a...
View Article