General Discussion: Turning A VM into an E01 File
Thanks I'll look into that now. It's dynamic. Looks like i'm in for a fun sunday
View ArticleGeneral Discussion: Which tools can examine the history of PC running programs
athulin wrote: The only log there is can be viewed by the Event Views, which comes with Windows. But you can't always use it ... so perhaps you are asking for something else. While it's easy enough to...
View ArticleGeneral Discussion: Working with mounted EDB archives
Agree with above re Export-Mailbox command for the Exchange Shell; it's very handy. With regard to sufficient admin rights this TechNet entry...
View ArticleGeneral Discussion: Am I missing something? (SMART attributes)
I think it is not that SMART exists, but he finally realized he can use the power-on-cycles and power-on hours in SMART to postulate the age of the drive. You are just a hater because you did not write...
View ArticleMobile Phone Forensics: Lyca P.I.N. protected SIM cards
Has anybody had an instance of the above. We have had three separate events in the office, each time a Lyca SIM has had a P.I.N. lock we have ignored it and continued anyway. The P.I.N. protection does...
View ArticleMobile Phone Forensics: MPs warn of chaotic forensic landscape
I think I understand what you are saying. I usually refer to this as the consulting triangle: In a request for quote, I ask them to pick to out of three. Good, fast, cheap. I can produce fast and...
View ArticleGeneral Discussion: Am I missing something? (SMART attributes)
jhup wrote: I think it is not that SMART exists, but he finally realized he can use the power-on-cycles and power-on hours in SMART to postulate the age of the drive. Provided that : these data are...
View ArticleMobile Phone Forensics: Accessing a sqlite database in UFED PA Python
Hi I'm playing around a bit with the python interpreter inside UFED PA, and I would like to access a sqlite3 database, but I can’t figure out how I can load a sqlite module so that I get an interface...
View ArticleMobile Phone Forensics: Lyca P.I.N. protected SIM cards
Yes on X.R.Y. When the splash screen appears asking you for pin / puk, just pressed skip and it continued and recovered the details mentioned
View ArticleForensic Software: The X-Ways Forensics Practitioner's Guide
Same here. Can we get autographs in it ?
View ArticleGeneral Discussion: Mount image of encrypted drive to enter in password
@jhup To be picky #5 and #6 only apply to "standard" MBR code, a "special" MBR may well behave differently, as an example like the grub4dos MBR does, i.e. execute the grub4dos loader in sectors 2-18....
View ArticleGeneral Discussion: Mount image of encrypted drive to enter in password
jhup wrote: [rabbit hole] I can imagine a full disk encryption with a PXE-like stub of sorts for example. The device drivers and decryption code is downloaded each and every time from the (TFTP)...
View ArticleClassifieds: EnCase dongles for sale
I've been doing some testing and it seems the dongles work with at least up to 6.19. Also, given the limited nature of the license I'll accept $1000 for each dongle.
View ArticleMobile Phone Forensics: Lyca P.I.N. protected SIM cards
We had this on XRY, an examiner thought the SIM card was PIN protected but XRY was actually asking to password protect the extraction file. Therefore, when pressing skip, all the data was recovered as...
View ArticleDigital Forensics Job Vacancies: FORENSICS / DATA COLLECTION ANALYST (San...
ddewildt wrote: But I guess it's ok, as you finish with the below?! Quote:: SFL Data is proud to be an equal opportunity employer. I find it amazing that anything like this would get through any...
View ArticleForensic Hardware: Memory card SD/MMC write blocker
pmow wrote: Any USB WB should do though. I support that. If you have an USB write blocker, just connect any card reader to it and you're done. In fact you may try also a software writeblocker and...
View ArticleMobile Phone Forensics: Accessing a sqlite database in UFED PA Python
import json works fine. I have tested multiple installations of PA and they all seem to have the same error.
View ArticleMobile Phone Forensics: Lyca P.I.N. protected SIM cards
psychopigeon wrote: We had this on XRY, an examiner thought the SIM card was PIN protected but XRY was actually asking to password protect the extraction file. Therefore, when pressing skip, all the...
View ArticleDigital Forensics Job Vacancies: Computer/MobilePhone Analyst (Colchester, UK)
JOB SPECIFICATION Clues & Co is a consultancy practice providing Expert Witness and forensic services including the analysis of telephone records, examination of mobile telephones, computer...
View ArticleGeneral Discussion: Find evidence of a file viewed from within a tar file
Quote:: [...] I want to say with some certainty that the attacker did not view them.[...] In my opinion, it is very hard to prove the non-existence or non-occurrence of something when it comes to...
View Article