Never trust one tool. Our free forensic tools can validate existing findings and in many cases, surface more forensic artifacts. Examiners will understand their data better and be able to contribute back to the community.
Docker is a powerful tool for forensic analysts to isolate and run tools. Our private Docker registry with free, open source and custom tools will allow you to quickly try and ultimately incorporate new tools into your workflow.
HOWTOs are essential to the forensic community. Our detailed write-ups document how tools work, how to incorporate them into your workflow and ultimately uncover more forensic artifacts.
Are you ready to see how deep the rabbit hole goes?
Leveraging free, I continues my search for file structure containing the key “latitude”. I stumbled across an intriguing file called NavdDoomConductor.storage and this blog writes up the how and what of locating and understanding this forensic artifact.
Forensic analysts can discover new evidence in their existing acquisitions by searching through known file structures for responsive artifact/data types leveraging the free forensic tool ftree.
In macOS Catalina, Apple has done away with iTunes and replaced its many features with standalone programs. On feature used by forensic analysts was the backup function. This blog explores the differences in the forensic backup of an iPhone 6 on macOS Catalina vs Mojave.
Docker is a software platform that enables forensic analysts to isolate and run applications or services in a single container. The platform is open source and widely adopted in the development and operations communuity. Docker can change how the forensic community acquires, uses and scales tools.
