How to Put a Qualcomm Phone into EDL Mode
In this post Magnet Forensics talks about Emergency Download (EDL). This is a Qualcomm feature that can be used for data recovery and performing some other tasks like unbricking or flashing the device....
View ArticleForensic analysis of multiple device BTRFS configurations using The Sleuth Kit
The analysis of file systems is a fundamental step in every forensic investigation. Long-known file systems such as FAT, NTFS, or the ext family are well supported by commercial and open source...
View ArticleSANS Hunt Evil Poster Updated
SANS has updated their Hunt Evil poster. It includes information about typical Windows processes, evidence of remote access and execution, and more. The poster is already available online here.
View ArticleEvidence Generation X
Test evidence lies at the heart of our field. We need to be able to test our tools to make sure that they parse data correctly. New hires and students need to have their knowledge tested and challenged...
View Articlelibfsapfs: Library and Tools to Access the Apple File System (APFS)
libfsapfs is a library and tools by Joachim Metz to access the Apple File System (APFS). Source code is available at GitHub.
View ArticleHands-On Network Forensics: Investigate network attacks and find evidences...
A new book by Arthur Salmon has been announced by Packt Publishing. The book is titled “Hands-On Network Forensics: Investigate network attacks and find evidences using common network forensic tools”,...
View Articlewinmem_decompress: Extract Сompressed Memory Pages from Page-Aligned Data
Maxim Suhanov presented winmem_decompress – a program that tries to extract compressed memory pages from page-aligned data. Such compressed memory pages can be found in virtual memory of Windows 8.1...
View ArticleUsing hashcat to decrypt iOS notes for Cellebrite’s Physical Analyzer
This video will show you how to decrypt encrypted notes (password protected) on iOS devices and enter the password into Cellebrite Physical Analyzer for decryption and processing. Tested on iOS 11.4...
View ArticleMagnet AXIOM Incident Response Examinations (AX310)
Magnet Forensics announced a new expert-level four-day training course. It is designed to give you the knowledge and skills needed to track incidents where unauthorized computer access and file usage...
View ArticleDFRWS IoT Forensic Challenge (2018 – 2019)
DFRWS presented a new challenge – this year they continue to motivate forensicators to research and develop in the field of IoT forensics. Here is this year’s scenario: On 17 May 2018 at 10:40, the...
View ArticleAmcache_Scan Autopsy Plugin
This Autopsy plugin by Rebecca Anderson won Autopsy Plugin Contest this year at Open Source Digital Forensics Conference (OSDFCon). It searches Virus Total for SHA1 hashes of executables from amcache....
View ArticleAutopsy 4.9.0 and the Sleuth Kit 4.6.3 released
New versions of our open source DFIR tools have been released: Autopsy New Features: Removed data from table that are time intensive and can be found in content viewers (such as hash set hits) Added...
View ArticleGiftStick: 1-Click Push Forensics Evidence to the Cloud
GiftStick allows an inexperimented user to easily (one click) upload forensics evidence (such as some information about the system, a full disk image as well as the system’s firmware, if supported)...
View ArticleDEFT X Virtual Appliance is Available for Downloading
The latest version of the system dedicated to forensic analysis and incident management, DEFT X, is released and available for downloading here.
View ArticleAcquire Volatile Memory from FreeBSD with FreeBmAM
Free-B-sd m-emory A-cquisition M-odule Tool/Kernel Module allows acquisition of volatile memory from FreeBSD. You can learn more about the tool at GitHub.
View ArticleBackstage Parser
Arsenal’s Brian Gerdon presented Backstage Parser – a python tool that can be used to parse the contents of Microsoft Office files found in the...
View ArticleLearning Android Forensics – Second Edition
Packt Publishing has annonced the second edition of Learning Android Forensics. The new book by Oleg Skulkin, Donnie Tindall, and Rohit Tamma is expected to be published in January 2019.
View ArticleCAINE 10.0 “Infinity” is out
A new version of CAINE (Computer Aided INvestigative Environment) has been released. Version 10.0 includes new OSINT, Autopsy 4.9, it’s APFS ready, has BTRFS foresic tool, NVME SSD drivers ready. Learn...
View ArticleRBCmd: Recycle Bin artifact parser
Eric Zimmerman has released a new tool. This time it’s Recycle Bin artifact parser called RBCmd. It supports both INFO2 and $I formats. You can download the tool here.
View ArticleExtract forensic timeline from memory dumps with AutoTimeliner
Andrea Fortuna created the AutoTimeliner, a tool that “automagically extract forensic timeline from volatile memory dumps.” It constructs the timeline based on the output of the following Volatility...
View Article