Subscribe: Forensic Focus
Preview: Forensic Focus

Forensic Focus

Forensic Focus - Computer Forensics News, Information and Community

Published: Mon, 19 Mar 2018 18:32:37 GMT

Copyright: Forensic Focus

Learn To Apply Breakthrough Application Extraction And Decoding Techniques

Mon, 19 Mar 2018 18:32:37 GMT

Cellebrite forensic experts demonstrate the unique capabilities of Cellebrite SQLite Wizard & New Virtual Analyzer Register Today

Digital Forensics News March 2018

Mon, 19 Mar 2018 14:09:00 GMT

Logicube have released Falcon-NEO, which is designed to streamline the evidence collection process. Early bird rates for the Techno Security conference are only available until the 30th of March - get an extra 30% off by using the code FFOCUS18 at the checkout. Cellebrite have updated Cellebrite Analytics. Magnet have released AXIOM 1.2.4. Oxygen Forensic Detective now supports DJI cloud. DFRWS EU 2018 is under way! Find the full programme or register for DFRWS US on the website. Videos from BSides Columbus videos are now available to view online here.

Law Enforcement Professionals Need to Evaluate Digital Forensics Practices

Fri, 16 Mar 2018 12:50:47 GMT

by L.E. “Ted” Wilson Law Enforcement Professionals Need to Evaluate Digital Forensics Practices Amid Looming Constitutional Showdown Regarding Digital Searches There is a fascinating constitutional showdown brewing in the U.S. that will have significant implications for how our law enforcement agencies are able to conduct digital investigations. The fundamental question at issue is whether the Fifth Amendment protection against self-incrimination can be lawfully asserted by a criminal defendant as a justification for refusing to provide a law enforcement professional with the password needed to access a personal technology device. The most common example of how this issue manifests itself is when a police officer wants to search a cell phone or a notebook device as part of a criminal investigation, such as a child pornography investigation. The officer presents a search warrant to a judge to search the content of the device for the contraband, or evidence of an offense. Read More

Logicube® Launches Next-Generation Forensic Imaging Technology

Thu, 15 Mar 2018 15:22:53 GMT

Falcon®-Neo to revolutionalize speed of digital forensic investigations. Logicube® Inc., the industry's leader in digital forensic imaging and hard drive duplication technology, has announced the next-generation of its ground-breaking Forensic Falcon® imaging solution. The Falcon®-NEO is a future-focused solution designed to streamline forensic evidence collection processes, in which speed is critical to capture evidence and quickly move to the analysis stage of the investigation.

Forensic Focus Forum Round-Up

Thu, 15 Mar 2018 10:13:19 GMT

Welcome to this month’s round-up of recent posts to the Forensic Focus forums. Can you help Anelkaos to recover an overwritten MFT? Share your thoughts on the forensic acquisition of SSDs. Forensic Focus is trying to encourage more job vacancy postings from the USA - how might we do this? Share your ideas on the forum. Forum members help loonaluna to find a Truecrypt container header. Can you help mhibert to bypass a Windows 10 password?

Techno Security Conference Attendee Early-Bird Rates End March 30th

Wed, 14 Mar 2018 13:18:56 GMT

Register before March 30th with Promo Code FFOCUS18 to receive the early-bird registration rate AND an additional 30% off. The 2018 event will feature 90+ speakers, 80+ sessions, and 55+ sponsors/exhibits over four days of networking among 1,000+ cybersecurity and digital forensics industry professionals. Primary session topics include Audit/Risk Management, Forensics (digital/mobile), Investigations, Information Security, Cellebrite Lab, Magnet Forensics Lab, and Sponsor Demos. Don't miss your chance to save and join industry professionals looking for the latest tools, training, networking, and solutions to challenges in cybersecurity and digital forensics. For full details and to register, visit

Forensic Analysis of Damaged SQLite Databases

Wed, 14 Mar 2018 09:09:43 GMT

by Oleg Skulkin & Igor Mikhaylov SQLite databases are very common sources of forensic artifacts nowadays. A lot of mobile applications store data in such databases: you can also find them on desktop computers and laptops as well as, for example, forensicating web-browsers, messengers and some other digital evidence sources. There are a lot of forensic tools on the market that support analysis of SQLite databases, for example, Magnet AXIOM, Belkasoft Evidence Center and BlackBag BlackLight to name a few. The tools can automatically parse some of these databases and even carve data out of free lists and unallocated space. Also they provide SQLite viewers forensicators can use to analyze this type of databases manually. Read More

Forensic Acquisition Of Solid State Drives With Open Source Tools

Tue, 13 Mar 2018 11:33:14 GMT

by Josué Ferreira From a judicial perspective, the integrity of volatile storage devices has always been a reason for great concern and therefore, it is important for a method to forensically acquire data from Solid State Drives (SSD) to be developed. The method in this paper presents a way to preserve potential volatile digital evidence, present on SSDs, and produce forensically sound bit-stream copies. Due to the volatile nature of SSDs, Digital Forensic Analysts are often faced with the challenge of preserving the integrity of digital evidence seized from a crime scene. This paper proposes a method to perform forensic data acquisition from SSDs, while preventing the TRIM function and/or garbage collection from operating without user input, therefore maintaining the integrity of potential digital evidence. Read More

Cellebrite Delivers Major Enhancements To Analytics Product Family

Mon, 12 Mar 2018 13:16:48 GMT

Cellebrite Delivers Major Enhancements to Analytics Product Family to Make Digital Evidence More Actionable for Investigators and Prosecutors Investigative teams can identify relevant evidence more easily and tell a holistic story more efficiently with an enhanced user interface and new customizable investigator reporting in Cellebrite Analytics. Cellebrite, the leading provider of digital intelligence solutions, today announced key usability enhancements designed to help investigators and prosecutors solve crimes faster. With key interface upgrades, investigative teams can capture, organize and produce case reports in an easily understandable format that can be shared with peers or effectively presented in court.

Video: Picking Up The Trash - Exploiting Generational GC For Memory Analysis

Mon, 12 Mar 2018 10:03:59 GMT

Adam Pridgen discusses his research at DFRWS EU 2017. Pridgen: Thank you, everybody, for being here. I know that I stand between you and lunch. I’m here presenting research on behalf of myself and my colleagues Dan and Simson. So let’s get started. As you all know, Java uses automatic memory management. Automatic memory management means that the developers no longer have control over the memory that they’re allocating or deallocating. A lot of this happens behind the scenes, using the garbage collector. And in the case of Java, it uses a generational garbage collector but other managed runtimes use different types of garbage collectors. What this really means is data cannot be explicitly destroyed, so that means if we have some type of application that we want to protect sensitive data with, or protect sensitive data, we can’t do it. Read More