Best software for Logical Acquisition in Digital Forensics [closed]
Which are the best softwares for logical acquisition of data? And why?
Continue reading Best software for Logical Acquisition in Digital Forensics [closed]
Category Archives: forensics
Image Scanning vs Document Scanning — How to tell difference? [closed]
I have a project where we are asked to assume the existence of a document D on a soft page which is handwritten in ink, a jpeg file of its native photograph (image A), and another discolored and angled/stretched image B in PDF format which… Continue reading Image Scanning vs Document Scanning — How to tell difference? [closed]
Recovering files with recovery key after double FileVault activation – is that possible?
Let’s imagine I have a work macbook with ssd and I use FileVault, and the company has the FileVault recovery key. I want to make sure my data is erased and unrecoverable, what is the best way to proceed?
I can do a full reinstall of the op… Continue reading Recovering files with recovery key after double FileVault activation – is that possible?
Recovering files with recovery key after double FileVault activation – is that possible?
Let’s imagine I have a work macbook with ssd and I use FileVault, and the company has the FileVault recovery key. I want to make sure my data is erased and unrecoverable, what is the best way to proceed?
I can do a full reinstall of the op… Continue reading Recovering files with recovery key after double FileVault activation – is that possible?
What can make unmounted volumes SHA512 hashes differ while mounted volumes content SHA512 hashes are identical?
I am trying to configure Raspberry Pi OS to be read-only.
In theory, both / and /boot are read-only. That being said, I am experiencing a strange discrepancy and can’t figure out what is happening.
I create clones of /boot using dd before … Continue reading What can make unmounted volumes SHA512 hashes differ while mounted volumes content SHA512 hashes are identical?
Samsung Galaxy Note 10+ 5G – cellebrite mobile forensics data extractions – locked with pattern
I’ve got a locked Samsung Galaxy Note 10+ 5G (running the latest android 10 and patches)
The phone is locked with a pattern (unknown)
What are my chances of any data extraction with cellebrite or other forensics tools while I can not unloc… Continue reading Samsung Galaxy Note 10+ 5G – cellebrite mobile forensics data extractions – locked with pattern
AuditD and SysCall alerts
Given an alert rule like -a always,exit -F arch=b32 -S open -S openat -F exit=-EACCES -k access how does adding multiple SysCalls (-S) options work?
When an application gets executed do all the specified syscalls have to be executed within… Continue reading AuditD and SysCall alerts
Google Chrome folder protection during HDD forensics
Is there any protection provided by Chrome browser against HDD dump and further forensics (with volatility-like tools)? For example, is it possible to extract google profile from Chrome folder and use it (with simple substitution) on other… Continue reading Google Chrome folder protection during HDD forensics
Barnacle analysis may help solve “missing at sea” mysteries
When it’s determined that a boater is officially missing at sea, it helps very much to know when and where their vessel sank. According to new research, barnacles growing on flotsam could provide that information.Continue ReadingCategory: ScienceTags: … Continue reading Barnacle analysis may help solve “missing at sea” mysteries
Can M.2 docking stations be used to make forensic images of (Bitlocker encrypted) M.2 disks?
I am looking into M.2 docking stations such as the Maiwo K3016S as shown below.
Is it possible to use such docking stations optionally in combination with a USB- or software write-blocker, in order to make forensic images of (Bitlocker en… Continue reading Can M.2 docking stations be used to make forensic images of (Bitlocker encrypted) M.2 disks?