ftree

NavdDoomConductor - Precise Geolocation and Time

Leveraging free, I continues my search for file structure containing the key “latitude”. I stumbled across an intriguing file called NavdDoomConductor.storage and this blog writes up the how and what of locating and understanding this forensic artifact.

Continue reading

Discover New Forensic Evidence with File Structure Analysis

Forensic analysts can discover new evidence in their existing acquisitions by searching through known file structures for responsive artifact/data types leveraging the free forensic tool ftree.

Continue reading

Forensic iOS backups in macOS Catalina

In macOS Catalina, Apple has done away with iTunes and replaced its many features with standalone programs. On feature used by forensic analysts was the backup function. This blog explores the differences in the forensic backup of an iPhone 6 on macOS Catalina vs Mojave.

Continue reading