Mobile Phone Forensics: BlackBerry Data Security - Practical Concerns
Astro wrote: This sounds good for the investigator, bad for the one who is trying to secure his data. Well, the real issue is not usually getting the RAW data, but rather to decrypt it. Actually you...
View ArticleGeneral Discussion: Recovery of a text file with damaged MFT (zero sized file)
@jaclaz: But the problem is that reCsv Editor is slow at everything, even before loading any csv file. it is slow even responding to a click of the mouse. anyway, I will stay where I am, because reCsv...
View ArticleGeneral Discussion: Windows Vista Pagefile.sys information
TuckerHST wrote: If there is evidence of software like CCleaner being installed, you might also want to assert that the computer was likely wiped (otherwise, why no deleted contraband files, or other...
View ArticleMobile Phone Forensics: Mobile forensics after factory reset
jaclaz, I agree, that is why I said it is kind of a drastic measure. I firmly believe that if an attacker has physical access to your device, you can pretty much assume that your data will be...
View ArticleGeneral Discussion: Finding evidence of a copy to external USB (GREP help)
Belkasoft wrote: Normally, Windows 7 will not index USB drives. Quote: "Windows Search 4.0 (installed on Windows XP) can index removable drives, but Windows 7 (which uses Windows Search 4.0) cannot...
View ArticleGeneral Discussion: USBSTOR Analysis
keydet89 wrote: iDan wrote: This is a screenshot of a computers registry files regarding USB devices that have been connected. To be correct, they're USB _storage_ devices that have been connected....
View ArticleGeneral Discussion: Filenames in Shellbags
Hopefully someone has seen this before; I did a keyword search for a filename and got hits in the NTUSER.dat file. Eventually I found the hits in the registry file (searching with registry viewer,...
View ArticleEducation and Training: Trying to get help on homework
Personally I don't have a major problem with the OP's post. Sure, it might have benefited from a little more background but the request for pointers seems perfectly reasonable. BitHead - your...
View ArticleGeneral Discussion: data recovery olympus VN480Pc
bombone wrote: anybody tried to recover deleted files from voice recorder olympus VN480Pc? Yes/No. http://homepage.ntlworld.com./jonathan.deboynepollard/FGA/questions-with-yes-or-no-answers.html What...
View ArticleGeneral Discussion: Emule Hash Calculating
try my hashing program, available here: https://code.google.com/p/dfir-apps/ supports all the major hashes, recursive calculation of hashes for files/directories, copy/paste support, export support,...
View ArticleGeneral Discussion: USBSTOR Analysis
jaclaz wrote: sward6 wrote: And just to use this as a learning point for myself, the way I would read that, is it being two separate usb storage devices (with two different serial numbers) of the same...
View ArticleGeneral Discussion: NAND flash disk ECC
[quote="jaclaz"] ka8712 wrote: Would these documents from Samsung help at all? http://www.elnec.com/sw/samsung_ecc_algorithm_for_256b.pdf http://www.elnec.com/sw/samsung_ecc_algorithm_for_512b.pdf...
View ArticleForensic Software: A $LogFile parser utility for NTFS
Joakim, I’m not as familiar as I should be about the $Logfile and how certain transactions makes it difficult to present the information in different formats. I didn’t know what was involved when I...
View ArticleEducation and Training: Trying to get help on homework
I am going ot try and answer as many question as I can here. Sorry if I don't properly address teh person who asked the question. Thank you for suggesting Brian Carrier. I may try to examine his book...
View ArticleGeneral Discussion: Filenames in Shellbags
examined the ntuser.dat file with Willi Ballenthin's shellbag.py script https://github.com/williballenthin/shellbags and verified with tzworks sb64.exe and found some interesting information about the...
View ArticleServices Required: Graduation work subject:"Digital Forensics with focus on CP"
EricZimmerman wrote: yes those databases exist but they are usually not provided to the world. Interesting. So yes, but not necessarily at the national level. Well, I figured students should probably...
View ArticleMobile Phone Forensics: BlackBerry Data Security - Practical Concerns
Astro wrote: An interesting link: Password Recovery Speeds Astro have you also considered passphrases? - http://world.std.com/~reinhold/diceware.html
View ArticleMobile Phone Forensics: Contradictory test results:UFED vs XRY vs SIMcon
Yunus, you work you have made available in this matter is evidentially important and thus impacts on examiners practices and procedures for examining SMS text mesaages. Have you received any answers to...
View ArticleDigital Forensics Job Vacancies: Security incident response consultant, UK
REF: RA3504 Salary Upto £60,000 Location: South West Security incident response consultant is required for this expanding global consultancy. Following identification of a security incident the...
View ArticleMobile Phone Forensics: .rem Blackberry files
The encryption key method is selectable by the user. Password only (probably a short, easy to break password), device key (a randomly selected key unique to the device), or a combination of the two....
View Article