Quantcast
Channel: Forensic Focus Forums - Recent Topics
Browsing all 20108 articles
Browse latest View live

Mobile Phone Forensics: BlackBerry Data Security - Practical Concerns

Astro wrote: This sounds good for the investigator, bad for the one who is trying to secure his data. Well, the real issue is not usually getting the RAW data, but rather to decrypt it. Actually you...

View Article


General Discussion: Recovery of a text file with damaged MFT (zero sized file)

@jaclaz: But the problem is that reCsv Editor is slow at everything, even before loading any csv file. it is slow even responding to a click of the mouse. anyway, I will stay where I am, because reCsv...

View Article


General Discussion: Windows Vista Pagefile.sys information

TuckerHST wrote: If there is evidence of software like CCleaner being installed, you might also want to assert that the computer was likely wiped (otherwise, why no deleted contraband files, or other...

View Article

Mobile Phone Forensics: Mobile forensics after factory reset

jaclaz, I agree, that is why I said it is kind of a drastic measure. I firmly believe that if an attacker has physical access to your device, you can pretty much assume that your data will be...

View Article

General Discussion: Finding evidence of a copy to external USB (GREP help)

Belkasoft wrote: Normally, Windows 7 will not index USB drives. Quote: "Windows Search 4.0 (installed on Windows XP) can index removable drives, but Windows 7 (which uses Windows Search 4.0) cannot...

View Article


General Discussion: USBSTOR Analysis

keydet89 wrote: iDan wrote: This is a screenshot of a computers registry files regarding USB devices that have been connected. To be correct, they're USB _storage_ devices that have been connected....

View Article

General Discussion: Filenames in Shellbags

Hopefully someone has seen this before; I did a keyword search for a filename and got hits in the NTUSER.dat file. Eventually I found the hits in the registry file (searching with registry viewer,...

View Article

Education and Training: Trying to get help on homework

Personally I don't have a major problem with the OP's post. Sure, it might have benefited from a little more background but the request for pointers seems perfectly reasonable. BitHead - your...

View Article


General Discussion: data recovery olympus VN480Pc

bombone wrote: anybody tried to recover deleted files from voice recorder olympus VN480Pc? Yes/No. http://homepage.ntlworld.com./jonathan.deboynepollard/FGA/questions-with-yes-or-no-answers.html What...

View Article


General Discussion: Emule Hash Calculating

try my hashing program, available here: https://code.google.com/p/dfir-apps/ supports all the major hashes, recursive calculation of hashes for files/directories, copy/paste support, export support,...

View Article

General Discussion: USBSTOR Analysis

jaclaz wrote: sward6 wrote: And just to use this as a learning point for myself, the way I would read that, is it being two separate usb storage devices (with two different serial numbers) of the same...

View Article

General Discussion: NAND flash disk ECC

[quote="jaclaz"] ka8712 wrote: Would these documents from Samsung help at all? http://www.elnec.com/sw/samsung_ecc_algorithm_for_256b.pdf http://www.elnec.com/sw/samsung_ecc_algorithm_for_512b.pdf...

View Article

Forensic Software: A $LogFile parser utility for NTFS

Joakim, I’m not as familiar as I should be about the $Logfile and how certain transactions makes it difficult to present the information in different formats. I didn’t know what was involved when I...

View Article


Education and Training: Trying to get help on homework

I am going ot try and answer as many question as I can here. Sorry if I don't properly address teh person who asked the question. Thank you for suggesting Brian Carrier. I may try to examine his book...

View Article

General Discussion: Filenames in Shellbags

examined the ntuser.dat file with Willi Ballenthin's shellbag.py script https://github.com/williballenthin/shellbags and verified with tzworks sb64.exe and found some interesting information about the...

View Article


Services Required: Graduation work subject:"Digital Forensics with focus on CP"

EricZimmerman wrote: yes those databases exist but they are usually not provided to the world. Interesting. So yes, but not necessarily at the national level. Well, I figured students should probably...

View Article

Mobile Phone Forensics: BlackBerry Data Security - Practical Concerns

Astro wrote: An interesting link: Password Recovery Speeds Astro have you also considered passphrases? - http://world.std.com/~reinhold/diceware.html

View Article


Mobile Phone Forensics: Contradictory test results:UFED vs XRY vs SIMcon

Yunus, you work you have made available in this matter is evidentially important and thus impacts on examiners practices and procedures for examining SMS text mesaages. Have you received any answers to...

View Article

Digital Forensics Job Vacancies: Security incident response consultant, UK

REF: RA3504 Salary Upto £60,000 Location: South West Security incident response consultant is required for this expanding global consultancy. Following identification of a security incident the...

View Article

Mobile Phone Forensics: .rem Blackberry files

The encryption key method is selectable by the user. Password only (probably a short, easy to break password), device key (a randomly selected key unique to the device), or a combination of the two....

View Article
Browsing all 20108 articles
Browse latest View live