Category Archives: forensics

How to obtain a lost version of an edited notepad [.txt] file on a Windows 10 hard drive using a SATA SSD to USB dongle [migrated]

Posted on by

About 1 year ago I had saved some code on a notepad text file (.txt) I was building using a Windows 10 computer. However, I deleted a portion of the code and saved the text file with a new c++ code patch thinking it was no big deal. Howeve… Continue reading How to obtain a lost version of an edited notepad [.txt] file on a Windows 10 hard drive using a SATA SSD to USB dongle [migrated]

How to obtain a lost version of an edited notepad [.txt] file on a Windows 10 hard drive using a SATA SSD to USB dongle [migrated]

Posted on by

About 1 year ago I had saved some code on a notepad text file (.txt) I was building using a Windows 10 computer. However, I deleted a portion of the code and saved the text file with a new c++ code patch thinking it was no big deal. Howeve… Continue reading How to obtain a lost version of an edited notepad [.txt] file on a Windows 10 hard drive using a SATA SSD to USB dongle [migrated]

Tracking Down a Suspect through Cell Phone Records

Posted on by

Interesting forensics in connection with a serial killer arrest:

Investigators went through phone records collected from both midtown Manhattan and the Massapequa Park area of Long Island—two areas connected to a “burner phone” they had tied to the killings. (In court, prosecutors later said the burner phone was identified via an email account used to “solicit and arrange for sexual activity.” The victims had all been Craigslist escorts, according to officials.)

They then narrowed records collected by cell towers to thousands, then to hundreds, and finally down to a handful of people who could match a suspect in the killings…

Continue reading Tracking Down a Suspect through Cell Phone Records

Typing Incriminating Evidence in the Memo Field

Posted on by

Don’t do it:

Recently, the manager of the Harvard Med School morgue was accused of stealing and selling human body parts. Cedric Lodge and his wife Denise were among a half-dozen people arrested for some pretty grotesque crimes. This part is also at least a little bit funny though:

Over a three-year period, Taylor appeared to pay Denise Lodge more than $37,000 for human remains. One payment, for $1,000 included the memo “head number 7.” Another, for $200, read “braiiiiiins.”

It’s so easy to think that you won’t get caught.

Continue reading Typing Incriminating Evidence in the Memo Field

Identifying the Idaho Killer

Posted on by

The New York Times has a long article on the investigative techniques used to identify the person who stabbed and killed four University of Idaho students.

Pay attention to the techniques:

The case has shown the degree to which law enforcement investigators have come to rely on the digital footprints that ordinary Americans leave in nearly every facet of their lives. Online shopping, car sales, carrying a cellphone, drives along city streets and amateur genealogy all played roles in an investigation that was solved, in the end, as much through technology as traditional sleuthing…

Continue reading Identifying the Idaho Killer

Operation Triangulation: Zero-Click iPhone Malware

Posted on by

Kaspersky is reporting a zero-click iOS exploit in the wild:

Mobile device backups contain a partial copy of the filesystem, including some of the user data and service databases. The timestamps of the files, folders and the database records allow to roughly reconstruct the events happening to the device. The mvt-ios utility produces a sorted timeline of events into a file called “timeline.csv,” similar to a super-timeline used by conventional digital forensic tools.

Using this timeline, we were able to identify specific artifacts that indicate the compromise. This allowed to move the research forward, and to reconstruct the general infection sequence:…

Continue reading Operation Triangulation: Zero-Click iPhone Malware