Detectives Geane Godoi and Roberto Clamer, both from the Precinct for Repression of Organized Criminal Actions, of the Civil Police of the State of Rio Grande do Sul, Brazil, used Oxygen Forensic® Detective in 2020 when putting together a car … Read more

The post Brazil Police Use Oxygen Forensic® Detective to Solve Car Robbery Case appeared first on Forensic Focus.

https://www.forensicfocus.com/news/brazil-police-use-oxygen-forensic-detective-to-solve-car-robbery-case/

Christa Miller: As the cybersecurity talent gap continues to widen, a number of universities are developing programs to fill it. Among them is University College Dublin, which has just launched its brand new Master of Science in Cybersecurity program. … Read more

The post UCD’s Prof. Liliana Pasquale on Filling the Cybersecurity Talent Gap appeared first on Forensic Focus.

https://www.forensicfocus.com/podcast/ucds-prof-liliana-pasquale-on-filling-the-cybersecurity-talent-gap/

Grayshift Introduces Reveal, the Industry’s First Cloud-Native Mobile Device Forensic Analysis Solution, and Delivers Powerful New Features in GrayKey

Grayshift, LLC has announced Reveal Early Access, an innovative, cloud-native digital forensics solution that dramatically accelerates digital investigations, streamlines the investigative … Read more

The post Grayshift Introduces Reveal – Industry’s 1st Cloud-Native Mobile Device Forensic Analysis Solution appeared first on Forensic Focus.

https://www.forensicfocus.com/news/grayshift-introduces-reveal-industrys-1st-cloud-native-mobile-device-forensic-analysis-solution/

Deep dive into ‘METADATA’

Hancom is glad to release a new whitepaper of ‘Metadata’, and hope this can help you to improve your forensic investigation skills.

This whitepaper focuses on the research of Metadata. We will use MD-RED and analyze … Read more

The post Deep dive into ‘METADATA’ appeared first on Forensic Focus.

https://www.forensicfocus.com/news/deep-dive-into-metadata/

In this paper, Kevin Lamshöft describes how researchers performed a threat analysis for a covert Command and Control (C2) channel using port scans as cover and syslog as carrier for data infiltration.

Session Chair: So, Kevin is presenting Knock, … Read more

The post Knock, Knock, Log: Threat Analysis, Detection & Mitigation of Covert Channels in Syslog Using Port Scans as Cover appeared first on Forensic Focus.

https://www.forensicfocus.com/webinars/knock-knock-log-threat-analysis-detection-mitigation-of-covert-channels-in-syslog-using-port-scans-as-cover/

Starting with a physical crime scene – a fire – Manon Fischer describes how IoT devices such as “smart” plugs and thermostats store “distant traces” remotely, and could be used to help reconstruct a fire’s origin, cause, and timeline.

Session … Read more

The post Distant Traces and Their Use in Crime Scene Investigation appeared first on Forensic Focus.

https://www.forensicfocus.com/webinars/distant-traces-and-their-use-in-crime-scene-investigation/

What’s new in Passware Kit 2022 v3: Recovery of deleted data for APFS images Decryption of QuickBooks for Mac 2022 databases GPU acceleration for bcrypt password recovery Updated password recovery for Acronis backups Password recovery for Dashlane for Mac Improved

… Read more

The post Passware Kit 2022 v3 – Deleted Data Recovery from Encrypted FileVault/APFS Images appeared first on Forensic Focus.

https://www.forensicfocus.com/news/passware-kit-2022-v3-deleted-data-recovery-from-encrypted-filevault-apfs-images/

In this short presentation, Trufflepig Forensics’ Aaron Hartel and Christian Müller present some early stage research about the volatility of data in memory as data structures change version to version.

Session Chair: We’re now going over to memory forensics … Read more

The post The Wisdom of the Heap: Mesh It up by Weaving Data Structures appeared first on Forensic Focus.

https://www.forensicfocus.com/webinars/the-wisdom-of-the-heap-mesh-it-up-by-weaving-data-structures/

Implementing the MSAB Ecosystem saved a UK Law Enforcement Agency £80K over three years The challenge

The use of digital evidence has significantly increased in the past few decades as the courts have increasingly started to accept digital files as … Read more

The post Case Study: How a UK law enforcement agency solved more crimes faster with less investment appeared first on Forensic Focus.

https://www.forensicfocus.com/news/case-study-how-a-uk-law-enforcement-agency-solved-more-crimes-faster-with-less-investment/

Oxygen Forensics has released the latest version of the all-in-one digital forensic solution, Oxygen Forensic® Detective v.14.6. This version adds support for multiple new backups, continues to improve the iOS Agent extractor, and introduces a new analytic feature.

Brute-force for

… Read more

The post Oxygen Forensics Introduces User-Focused Advancements In Latest Release appeared first on Forensic Focus.

https://www.forensicfocus.com/news/oxygen-forensics-introduces-user-focused-advancements-in-latest-release/

At DFRWS-EU 2022, Milan Cermak describes the need to create data associations for use during network traffic analysis and incident investigation. The focus is on robust graph data visualization of the kind that’s commonly used in criminal investigation, allowing analysts … Read more

The post Toward Graph-Based Network Traffic Analysis and Incident Investigation appeared first on Forensic Focus.

https://www.forensicfocus.com/webinars/toward-graph-based-network-traffic-analysis-and-incident-investigation/

Find out the major features in MD-Series that are supported in 2Q 2022.

MD-NEXT v1.91.4–v1.91.9

Supports new 2,428 models, updated 783 Models. Android Full filesystem extraction method added Samsung Galaxy S22 Qualcomm Series. Supports iOS Checkm8 Full Filesystem (iOS 15.0∼15.2.1

… Read more

The post 2022 2Q MD-Series Release Note Highlights appeared first on Forensic Focus.

https://www.forensicfocus.com/news/2022-2q-md-series-release-note-highlights/

Winner of the Best Student Paper Award at DFRWS-EU 2022! Muhammad Haris Rais describes a step-wise approach to analyze the memory of specific PLCs, and subsequently find a generic framework applicable to all PLCs. By following a methodology that focused … Read more

The post Memory Forensic Analysis of a Programmable Logic Controller in Industrial Control Systems appeared first on Forensic Focus.

https://www.forensicfocus.com/webinars/memory-forensic-analysis-of-a-programmable-logic-controller-in-industrial-control-systems/

Grayshift continues to extend its strength in lawful access and extraction capabilities

As a leader in cell phone forensics, Grayshift, has been hard at work developing new features for law enforcement partners like you.

We strive to provide law enforcement … Read more

The post Get Ready for the Next Big Reveal From Grayshift appeared first on Forensic Focus.

https://www.forensicfocus.com/news/get-ready-for-the-next-big-reveal-from-grayshift/

Christa: Electronic discovery, or e-discovery, has always required some digital forensic skills as litigators prepare to present electronic data at trial. However, as technology evolves, likewise, the skills needed to identify, collect and analyze the data that’s most relevant … Read more

The post Frontline Managed Services’ Kyle Campbell on DFIR & E-Discovery Skills & Pathways appeared first on Forensic Focus.

https://www.forensicfocus.com/podcast/frontline-managed-services-kyle-campbell-on-dfir-e-discovery-skills-pathways/

MSAB, a global leader in digital forensic technology for mobile device examination and analysis, announced it has been named as a Major Player in the IDC MarketScape: Worldwide Digital Forensics in Public Safety 2022 Vendor Assessment. The report noted that

… Read more

The post MSAB – a Major Player in IDC report on Digital Forensics appeared first on Forensic Focus.

https://www.forensicfocus.com/news/msab-a-major-player-in-idc-report-on-digital-forensics/

Winner of the Best Paper Award at DFRWS-EU 2022, Nauman Zubair proposes a new memory acquisition framework to remotely acquire a programmable logic controller (PLC)’s volatile memory while the PLC is controlling a physical process.

Session Chair: Welcome … Read more

The post PEM: Remote Forensic Acquisition of PLC Memory in Industrial Control Systems appeared first on Forensic Focus.

https://www.forensicfocus.com/webinars/pem-remote-forensic-acquisition-of-plc-memory-in-industrial-control-systems/

By David Spreadborough – Forensic Video Analyst at Amped Software

There are several common components within a CCTV Video file. This article from Amped Software is going to dive into the data that links the image to the time when … Read more

The post When Did It Happen? Dealing With Timestamps in Amped FIVE appeared first on Forensic Focus.

https://www.forensicfocus.com/articles/when-did-it-happen-dealing-with-timestamps-in-amped-five/

What’s new in Passware Kit Mobile 2022 v3: GPU-accelerated password recovery for MediaTek-based LG devices Data extraction from applications on LG: Signal, Wickr, 1Password iOS 15.5 support Support for Apple devices with A9X chip Support for HFS+ (iOS prior to

… Read more

The post Passware Kit Mobile 2022 v3 – GPU-Accelerated Password Recovery for MediaTek-Based LG Smartphones appeared first on Forensic Focus.

https://www.forensicfocus.com/news/passware-kit-mobile-2022-v3-gpu-accelerated-password-recovery-for-mediatek-based-lg-smartphones/

In this video from DFRWS-EU 2022, Jenny Ottmann revisits the discussion on quality criteria for “forensically sound” acquisition of such storage and proposes a new way to capture the intent to acquire an instantaneous snapshot from a single target system; … Read more

The post Defining Atomicity (and Integrity) for Snapshots of Storage in Forensic Computing appeared first on Forensic Focus.

https://www.forensicfocus.com/webinars/defining-atomicity-and-integrity-for-snapshots-of-storage-in-forensic-computing/