Leveraging free, I continues my search for file structure containing the key “latitude”. I stumbled across an intriguing file called NavdDoomConductor.storage and this blog writes up the how and what of locating and understanding this forensic artifact.
Forensic analysts can discover new evidence in their existing acquisitions by searching through known file structures for responsive artifact/data types leveraging the free forensic tool ftree.
In macOS Catalina, Apple has done away with iTunes and replaced its many features with standalone programs. On feature used by forensic analysts was the backup function. This blog explores the differences in the forensic backup of an iPhone 6 on macOS Catalina vs Mojave.
Docker is a software platform that enables forensic analysts to isolate and run applications or services in a single container. The platform is open source and widely adopted in the development and operations communuity. Docker can change how the forensic community acquires, uses and scales tools.
This is the third post in a blog series describing how analysts can decrypt iOS 10 and later backups that are encrypted. In this post, we examine the venerable iphone-dataprotection tools developed in 2011 by Jean-Baptiste Bedrune and Jean Sigwald of Sogeti/ESEC.
This is the second post in a blog series describing how analysts can decrypt iOS 10 and later backups that are encrypted. These techniques assume you know the password and do not implement brute force password cracking. The first tool we examine is iRestore by Steve Dunham.
This is the first post in a blog series describing how analysts can decrypt iOS 10 and later backups that are encrypted. These techniques assume you know the password and do not implement brute force password cracking. The first tool we examine is iRestore by Steve Dunham.
This section of my Android Forensic Techniques chapter provides an introduction to the different types of forensics investigations, the differences between logical and physical techniques and some thoughts on a key challenge in mobile forensics - imaging without modifying the device.
This section of my Android Forensics Techniques chapter covers the procedures for handling an Android device including pass code procedures, network isolation, power issues and how techniques to circumvent the pass code.
© 2021 Hack42, LLC. All Rights Reserved.
