Mobile Phone Forensics: Cloning a SIM card with PIN set
Hello forum is it possible to clone a SIM card that has the pin set (and unknown by the examiner)? What kind of data can we retrieve from it? Thanks!
View ArticleGeneral Discussion: Determine application responsible for temp files
twjolson wrote: For timelines, I use log2timeline (already part of SIFT), or 4n6time, which is new but quite capable from the little I have played with it. You're correct, log2timeline is quite...
View ArticleForensic Hardware: Memory card SD/MMC write blocker
Any suggestion for a small no frills memory card write blocker? It has to be an hardware unit (sorry no software suggestion) and be cheaper :)))) Thanks!
View ArticleMobile Phone Forensics: LG LG235C
Anyone know if you can extract data from a LG LG235c with a Cellebrite or MPE+? If so what model phone do you select. Thanks
View ArticleGeneral Discussion: Determine application responsible for temp files
keydet89 wrote: twjolson wrote: Since you already have a suspicion that it is Firefox, I wouldn't bother with a timeline yet. I would take a test VM, do various tests with Firefox, and see if you can...
View ArticleGeneral Discussion: DVD / CD Forensics?
jhup, Any chance that you could share the details? "Two of the three" is pretty vague when you don't know what the two or the three are. And how do the two not image properly?
View ArticleEmployment and Career Issues: Tips on finding qualified entry-level examiners?
Bulldawg wrote: Where do you usually recruit your examiners? Are there schools with particularly good programs? I'm in the Southeastern US, so I'd like to focus on those schools. Other than schools,...
View ArticleMobile Phone Forensics: Cloning a SIM card with PIN set
PIN Locked GSM SIM Card Dump NB - This is an old Phase 2 GSM SIM card Master File DFTelecom DFGSM DFDCS1800
View ArticleGeneral Discussion: Outlook Email - Drafted date?
I have a situation where an email was allegedly saved as a draft in Outlook (not sure what version) for several months, then actually sent at a later date. Anyone know if it's possible to tell when an...
View ArticleMobile Phone Forensics: Recover deleted SMS Messages from a LG VX9200 (ENV3)
I know this is old, and I've done everything I can think of. I can't tell where they might be if they are there. I know this is an old post, but oh well.
View ArticleGeneral Discussion: Document Metadata Extraction
In X-Ways Forensics, 1) Refine volume snapshot ("Extract internal metadata...") 2) Select the files and and right click to choose "Export list..." 3) Choose the export as TSV That's it. There also are...
View ArticleGeneral Discussion: Chrome history_index files - Any SQLite Viewer for fts3+icu?
Have you tried querying the underlying content table created by FTS3? Try: Code:: SELECT * FROM Pages_content; (I've capitalised the P because you have - the name before "_content" should be identical...
View ArticleGeneral Discussion: Determine application responsible for temp files
twjolson wrote: Well, my thinking is that if he does a timeline, and if he sees that Firefox is executed just prior to the .part files being created, he then has to replicate the creation of the .part...
View ArticleGeneral Discussion: DVD / CD Forensics?
EnCase 6.19 FTK 4.2 & X-Ways 17. DVD is RW. Session opened. Multiple files written. Single file deleted. Additional files written to DVD. Session is not closed. EnCase could see the deleted file,...
View ArticleGeneral Discussion: Outlook Email - Drafted date?
Yes - but the clock is ticking. I just tested this with Exchange 2010 and Outlook 2010; cached mode. The draft is deleted but contains the initial create date and can be recovered by running a recover...
View ArticleGeneral Discussion: Inevstigate access to a disk in a server
Hi Thanks for your reply. I will definitly take an image of the system. And actually i have the server locked so no one can access it but me, i have, however logged in several times looking for things...
View ArticleEmployment and Career Issues: Tips on finding qualified entry-level examiners?
My experience having worked in biggish labs and small companies is that as a small company/dept you may find that the overhead of hand holding a newbie means that you have much less time to spend on...
View ArticleMobile Phone Forensics: Cloning a SIM card with PIN set
Lucio wrote: trewmte wrote: PIN Locked GSM SIM Card Dump NB - This is an old Phase 2 GSM SIM card So the answer is: "yes, some information can be retrieved even if the SIM is pin protected" Correct?...
View ArticleGeneral Discussion: Please recommend some famous forums about computer forensic
Wardy wrote: www.digital-detective.co.uk is another good forum. It certainly was good. It's heydey was around 2007, since then it's got quieter and quieter. The boards don't even appear to have been...
View ArticleGeneral Discussion: IIS log analysis
Thanks for the reply! Sorry about the incomplete entry.....I thought I posted the entire entry. The requests are returning 200s, indicating that the URLs were found. Can a webmaster upload a Sitemap to...
View Article