Education and Training: A Survey On Digital Forensics Research
Hi! We are an independent team of UX Researchers working with a client to improve the usability of their digital forensics website. We’re looking for a small number of people to fill out a short survey...
View ArticleGeneral Discussion: X-ways - Steganography tools
Hello, Can X-ways detect the use of steganography tools ? Can X-ways detect text files, zip files, other pictures in a picture when steganography tools are used? Kind regards, Dimi
View ArticleGeneral Discussion: what else other than memory dump
Quote:: I'm trying to use memory dumps to investigate malware detections on some computer from the company I work So far I am able to match the creation time date of the file with the time the...
View ArticleGeneral Discussion: How did the suspect hide these folders?
If the file system is FAT32 that greatly narrows the possible ways this could be done. All of the possibilities below "abuse" the FAT specification in some way: 1. Overwrite proceeding directory entry...
View ArticleGeneral Discussion: How did the suspect hide these folders?
@athulin: I don't think this is a bug. The FAT spec says the directory "ends" when when the first directory record starting with 00 is encountered. This behavior is by design and isn't a bug. FTK is no...
View ArticleGeneral Discussion: X-ways - Steganography tools
Dimi wrote: Can X-ways detect the use of steganography tools ? Can X-ways detect text files, zip files, other pictures in a picture when steganography tools are used? Well, depending on the OS and...
View ArticleGeneral Discussion: The secret Office 365 logging ...
... is not secret anymore: https://lmgsecurity.com/exposing-the-secret-office-365-forensics-tool/...
View ArticleMobile Phone Forensics: Android Logs - Actually Useful
In all the classes I've taken for mobile forensics we've never discussed the logs that are available in the Android Recovery Menu. I've been working on a device for quite some time and decided to peer...
View ArticleGeneral Discussion: Drone Forensics Gets a Boost With New Data on NIST Website
NIST maintains a library of “forensic images” that forensic experts can practice on before trying to extract data from real devices. These are freely available for download as part of NIST's effort to...
View ArticleGeneral Discussion: How did the suspect hide these folders?
anucci wrote: While using FTK Imager to inspect the "Documents" folder, I get a message from FTK saying "cached_drive_image:read_blocks:index out of bounds". Not sure if this has anything to do with it...
View ArticleGeneral Discussion: Drone Forensics Gets a Boost With New Data on NIST Website
Thanks. <img src="images/smiles/icon_smile.gif" alt="Smile" title="Smile" /> Off-topic and surely not a new observation, but having a name like Richard Press and a nickname of richpress for...
View ArticleGeneral Discussion: How did the suspect hide these folders?
I don't want to teach anyone to suck eggs. A simple answer may be that the folders have been tagged as "Hidden" on a previous windows machine. The examination computer folder options are set not to...
View ArticleDigital Forensics Job Vacancies: Digital Forensic Investigator - 6 month...
A leading Government Body in Central London is seeking a Digital Forensic Investigator to help them at a time of heightened activity for a 6 month contract. Due to expansion of their department they...
View ArticleGeneral Discussion: How did the suspect hide these folders?
Hello Everyone, A few more details.... The suspect , while no longer working in the Computer Science field, he used to be a programmer in the 90's. So there is a potential that he was familiar with...
View ArticleGeneral Discussion: Drone Forensics Gets a Boost With New Data on NIST Website
Actually, this is a new observation. I've gotten many comments on my name, but I had never heard this phrase. Thanks for sharing!
View ArticleClassifieds: Encase v6 Dongle, Fastbloc 1 &2, EnCase v6 DVD for Sale
i want to buy encase dongle is it still available
View ArticleMobile Phone Forensics: Decrpyt gatekeeper.password.key - android 7.0
Hello, I have a mobile phone SM-G935F (version android 7.0). I have full memory dump, but I need to know the access password. In device_policies.xml, the password length is 4 characters - 4 digits. Is...
View ArticleMobile Phone Forensics: Android Logs - Actually Useful
It would be great if you could write up your findings in a blogpost somewhere!
View ArticleMobile Phone Forensics: recovery image quest
MOBILedit Forensic Express has an HTC rooting capability leveraging HiSuite. I have not tested this feature.
View ArticleClassifieds: Encase v6 Dongle, Fastbloc 1 &2, EnCase v6 DVD for Sale
I also have a Encase 6 dongle that I could sell if You are interested - $ 600
View Article