General Discussion: Mac OSx System.log
Which filesystem is hosting the relevant files? HFS+? Journaled HFS+? EnCase 6 has issues viewing some versions of HFS, but I am somewhat surprised (although I guess I shouldn't be) about EnCase 7...
View ArticleMobile Phone Forensics: My go to tool!
No mention of parsing 3rd party application data? Either the tool doesn't do it, or the "impartial OP" thinks that 3rd party applications aren't worth mentioning... Not a great sign either way...
View ArticleGeneral Discussion: Gigatribe contacts
Hello! Where are my Gigatribe contacts? When I look the gigatribe data folder, I can foun two important folders, avatars and chats folder. So, my question is, who are my Gigatribe contacts, the users...
View ArticleMobile Phone Forensics: My go to tool!
paraben wrote: I think a little public shaming and a written warning will suffice. I don't know. Of course it's not my business at all, but maybe you could be less severe, after all drgnsdth was in...
View ArticleGeneral Discussion: IEF 5.7 ? Patent Pending ?
KenF wrote: I have no idea re the specific patent or what it covers...... as for patentability of software, well, hold on to your hats. . . . .. New Zealand just said NO! Good for NZ, it does seem a...
View ArticleForensic Software: The X-Ways Forensics Practitioner's Guide
What would you say if I told you that XWF users who have used XWF for years, even after taking the training, still learned things from the book within the first few chapters...
View ArticleGeneral Discussion: evidence removal
Well, unless you can find any artifacts of actual use or indication of eventlog scrubbing software, there is no reason to jump to such conclusions. There are other ways to determine what was going on...
View ArticleForensic Software: data string w timestamp info
Are you certain that the link is correct? Have you tried the actual internet page to see if it just isn't a case of crappy coding? Example: maby some programmer just threw the values in there, and...
View ArticleMobile Phone Forensics: Messages, Missed Calls, and no signal
armresl wrote: The messages should show the time they were actually sent from the other user, not the time you were able to ping the newest tower. Right or Wrong? Depending on which operating system...
View ArticleMobile Phone Forensics: Samsung Rant and deleted SMS
oh sorry.. a typo the size 101575 bytes. is it possible for a zeroed out file to have such bulk? or is there data there just being displayed as zeros?
View ArticleMobile Phone Forensics: MS Windows Phone 8
Cellebrite is able to retrieve contacts via Bluetooth. Okay, it's not exactly the holy grail of WP data retrieval but it might save you a few photographs when doing a manual.
View ArticleDigital Forensics Job Vacancies: HOSTING MANAGER - LONDON
Our client, a global consulting firm based in London, are seeking to hire a Hosting Manager or Team Leader to be based in London. The Hosting Manager oversees the day to day operations of the document...
View ArticleDigital Forensics Job Vacancies: JP Morgan Chase High Tech Investigation in...
JP Morgan Chase Global Security and Investigations is looking for a High Tech Investigator to be posted in our new Tampa, Florida lab. You can find the job announcement here:...
View ArticleClassifieds: Cellebrite UFED Touch Ultimate (Rugged Version) for Sale
Yes, the unit is still available for sale.
View ArticleMobile Phone Forensics: Blackberry chipoff
Since one of the known chipoff reading devices is actually manufactured/developed in the Netherlands: http://www.forensicinstitute.nl/products_and_services/forensic_products/memory_toolkit/ I would...
View ArticleDigital Forensics Job Vacancies: Digital Forensics examiner, Charleston, SC, USA
Thanks. I'm hopeful that I will find someone good. I've found there are very few employers willing to give people their first job in forensics. I'm looking for someone who wants their first job and has...
View ArticleMobile Phone Forensics: Samsung Rant and deleted SMS
lasvegascop wrote: FYI I also used BitPim that pulled a dump off the phone. BitPim also reveals a _SMS_ SEGMENTEDMSG_DATA file that has substance to it (4mb). I used both PA and FTK to search that file...
View ArticleGeneral Discussion: Mac OSx System.log
I would definitely suggest FTK for Mac OS X investigations. Handles HFS and also parses .plist files for easier reviewing.
View ArticleEducation and Training: Dress Attire
Well, you state that you are 37 so pretty much anything you feel comfortable in since you are old enough not to care about what other people think. If there is a dress code, you may want to conform to...
View Article