Forensic Software: YouTube Forensic s/w - free licences to LE
armresl wrote: Sorry Bithead, I think you know what I meant though.I do. I often wonder if the goal is to have the tool validated as being used by LE in order to gain "street cred" before being sold to...
View ArticleMobile Phone Forensics: Tech Vest scanning for IMSI/IMEI
trewmte wrote: I noted the comments left at the foot of the article suggesting what the security services used? The SAS, MI5 and MI6 don't need one of these tech vests as they have wrist watches that...
View ArticleGeneral Discussion: Coping Strategies
steve862 wrote: • You will want to feel like these 'sacrifices' which you make were worth it and continue to be. If you make a difference it is very rewarding but if you find yourself getting bogged...
View ArticleGeneral Discussion: Windows Task scheduler artefacts
I am currently conducting an investigation on a host that is known to have been compromised. There are a string of .job files (i.e. AT1.job, AT2.job etc etc). I believe that these have been run by a...
View ArticleForensic Software: Autopsy error when Creating Data File
Hello all, I'm quite new to forensics and am struggling with an error in Autopsy, hopefully someone can help? I need to conduct a timeline analysis of a laptop harddrive. I started by running a Live...
View ArticleForensic Software: Implementing a mobile forensic lab
Hi, I'm currently managing the implementation of new mobile phone forensic lab and I'm trying to decide which software to use. In the past my only experience has been with XRY however this was while I...
View ArticleGeneral Discussion: Hard Drive Issues
We have currently just been formatting using a windows format and selecting GPT. We are having this issue with 2TB drives not just 3TB.
View ArticleMobile Phone Forensics: SMS and Pic recovery from a Casio G Z'One Ravine
Thanks so much for the interest so far in helping me. And, I apologize for not answering all the questions (I suffer from chemo-brain and details elude me at times; though I must say, I'm happy to...
View ArticleForensic Software: opinions about BCwipe and other wiping software
Yes, I want to reuse these HDDs. I am referring to the HDD installed on my computer. One can´st be using DBAN nor BCWIPE Total, once a week, each time you delete a file... By the way: What happens with...
View ArticleGeneral Discussion: acquisition speed test with FTK Imager
lasvegascop wrote: Good point... I will have to check that. I knew that there were different label colors but I didn't know that the label color would make a noticeable difference in speed. the one...
View ArticleForensic Software: Implementing a mobile forensic lab
It's hard to know what's best for you without more information. What types of devices do you see most often? Mostly smartphones, or do you get feature phones? How about Chinese chipset phones? Are you...
View ArticleGeneral Discussion: acquisition speed test with FTK Imager
I don't have a RAID here, but you are correct about the source drive. That will most likely be the weakest link in most systems... or exams
View ArticleGeneral Discussion: Windows Vista Pagefile.sys information
jhup wrote: How about the "common" malware of storage zombie? Seen it with Tor running in background... Let us never underestimate the reason why one is willing to do evil.Well, then it was not...
View ArticleMobile Phone Forensics: SMS and Pic recovery from a Casio G Z'One Ravine
PinkRibbon wrote: I followed the directions as instructed; however, when I got to the last step, the phone came up with a screen that read: Please insert Micro SD card. I do not have a card. Do you...
View ArticleGeneral Discussion: Hard Drive Issues
Chiprafp wrote: Many thanks guys this gives us some things to look at back in the office next week!Good <img src="images/smiles/icon_smile.gif" alt="Smile" title="Smile" /> Keep an eye on this...
View ArticleGeneral Discussion: Hard Drive Issues -- a different approach
jaclaz wrote: NOT what you actually asked for (exactly) but you can use *any* tool you normally use to wipe (00) the whole disk, calculate it's hash once 00ed and compare it with the theoretical hash...
View ArticleGeneral Discussion: acquisition speed test with FTK Imager
armresl wrote: Hi LasVegasCop, I'm curious if you testify about your findings, and if so, have you been up against another examiner on the other side? Did you win, did you find it beneficial? Or do you...
View ArticleMobile Phone Forensics: ViaExtract Experience/Opinions
I've been trying to play with ViaExtract the last two nights. I can't get it to find my Samsung Galaxy S3. I'm not sure what is going on with it, but I was able to useMOBILedit! to extract data.
View ArticleGeneral Discussion: Hard Drive Issues -- a different approach
I got caught out a 4 year old DELL PC. I put in a formatted 3TB drive. Windows saw it as 3TB, but the BIOS only saw it as approx. 700GB. Eventually it started 'self' data destruction.
View ArticleGeneral Discussion: Hard Drive Issues -- a different approach
athulin wrote: Are there any such tools? Or are there any ways of using other tools (perhaps a HDD erase tool that produces a predictable sector contents) to verify that there is no sector addressing...
View Article