Forensic Software: SIFT and xmount
Hi all, I noticed that in SANS SIFT v 2.14 the xmount tool has been removed... anyone knows why or which alternatives can be used to mount raw/ewf images while keeping a cache of the underlying...
View ArticleMobile Phone Forensics: Solicitors phone and legal privilage
If a solicitor is required to hand over his handset for a particular case, what protection would he be afforded re the other legal privilege material contained within the handset? There are certain...
View ArticleMobile Phone Forensics: Junk Science? Your thoughts.
Bulldawg wrote: I happen to be in a Cellebrite class right now, and the instructor mentioned that in this hotel, triangulation places him about 20 miles north.This sounds to me a bit (actually a lot)...
View ArticleGeneral Discussion: PST/MSG to PDF
Thanks Brett. How does XWF deal with email attachments in this situation?
View ArticleGeneral Discussion: Data Carving- reconstructing a file from its fragments
jaclaz wrote: Generally speaking JPEG files are not the "easiest" to put together from fragments. But depending on the number and size of the fragments, even if you don't manage to put them together...
View ArticleDigital Forensics Job Vacancies: Forensic Analyst, Shropshire £35,000-£60,000
Specialism Information/Cyber Security jobs Perm or contract Permanent Salary £35,000 - £60,000 Ref number VR/00468 Location Shropshire Job title Forensic Analyst job, Shropshire base, consulting firm....
View ArticleMobile Phone Forensics: Solicitors phone and legal privilage
bigjon wrote: One could manually go through the evidential texts and retrieve them but should one use an extraction tool the entire email section / text section would be downloaded, would this be the...
View ArticleGeneral Discussion: Shell Items blog post
I hope that others find this information useful: http://windowsir.blogspot.com/2013/06/there-are-four-lights-shell-items.html Shell items are artifacts that can be found throughout Windows systems, yet...
View ArticleGeneral Discussion: recovery NEf file
jaclaz wrote: What <img src="images/smiles/icon_eek.gif" alt="Shocked" title="Shocked" /> is aNEf file? NEF is the RAW image format supported by Nikon cameras. bombone wrote: Hints thanks?...
View ArticleMobile Phone Forensics: Pakistani Brand Phone
Before chip-off, try to access the device through JTAG, SPI, I2C or similar.
View ArticleGeneral Discussion: Converting E01 to VMDK
Thanks Jhup that's what I was going to send ......
View ArticleMobile Phone Forensics: Skimming device Magnetic Strip Decoding
nsbuck wrote: I removed the EEPROM chip from a makeshift magnetic card reader and obtained a binary dump which has given me something I have not seen before. I would appreciate any suggestions as to...
View ArticleMobile Phone Forensics: Samsung F480 date/time
Evening, I'm investigating images originally taken by a Samsung SGH F480 phone. The model is clearly tagged in the metadata. However, the dates embedded in the metadata do not agree with the date the...
View ArticleMobile Phone Forensics: Junk Science? Your thoughts.
Bulldawg wrote: You're right, not live triangulation, but reviewing the SIM card's LAI value. Sorry for the confusion. No worries Bulldawg, thank you for making it clear. Bulldawg wrote: However, if...
View ArticleGeneral Discussion: Deleted Partitions & EnCase v7 Partition Finder
Thank you. The reason I believe there are other partitions is the large amount of Unused Disk Space. It is well over 3 million sectors of a 30 million sector drive. I remember the instructor harping...
View ArticleGeneral Discussion: Deleted Partitions & EnCase v7 Partition Finder
Cottondale wrote: Unfortunately, I have no other tools to run against it, and I don't know of any, but if you could suggest one, I would be appreciative. Parsing the master partition table and volume...
View ArticleMobile Phone Forensics: Pakistani Brand Phone
Yeah, I'll try to run it through Cyclone box today and read the pin with BEST dongle. Wish me luck , it should work though.
View ArticleGeneral Discussion: where can I download public hash library?
http://www.nsrl.nist.gov/Downloads.htm#isos
View ArticleDigital Forensics Job Vacancies: Digital Forensic and e-Discovery Technician, UK
Millnet is currently recruiting for a Digital Forensic and e-Discovery Technician within the expanding LSS Technical Operations team. This is a technical role that is client facing and requires a high...
View ArticleGeneral Discussion: Breaking Bitlocker Encryption
Train13 wrote: Have you tried this? C:\Windows\system32>manage-bde -cn “device name”-protectors -get C: I have had to use this to get the key, there is another string that forces it into AD but I...
View Article