News

This news feed is supplied with permission from the Forensic Focus website.To read more on any news snippet click on its headline.

Police, digital forensics and the case against encryption

Mark Stokes, head of digital and electronics forensics services at the Met Police, keynote speaker at the (ISC)² EMEA Congress in London on Tuesday, detailed the techniques and technologies used to forensically investigate criminals who, he says, are increasingly reliant on smartphones, cloud services, hard disk drives (HDDs) and solid-state drives (SSDs) to hide their activities or crimes.

This deluge of data is becoming hard to investigate, says Stokes, who cited the increasing number of devices used(terrorists are said to have up to six mobile phones each on average), and this is happening in a digital economy which is already seeing the arrival of 1TB USB thumb drives and new US data centres hosting exabytes or Yottabytes of data…

Read (SC Magazine UK)Posted: 17 December 2014

Recovering Live System Artifacts with IEF

The collection of volatile data has become an essential component of a forensic examiner’s processes. While traditional forensic practices have always focused around avoiding any modification of evidence in order to preserve the integrity of the data, this is no longer an option for many investigations. Capturing memory and other live system artifacts is essential to understanding the activity on a system, and can sometimes be the only source of relevant evidence for a case.

Many times, I have worked on malware or intrusion cases where the only evidence found on a live system was in memory. If I had followed the traditional forensic practices of shutting down the computer, I would have destroyed the only clue to understanding how the infection took place…

Read (Magnet Forensics)Posted: 16 December 2014

Evidence extraction from an Android device using MPE+ dSOLO

Data Specialist Group has created a self-extraction kit that includes an SD card pre-loaded with AccessData’s MPE+ dSOLO Android collection capability. dSOLO gives the end user the ability to extract data onsite from any Android smart phone, utilizing just a preconfigured MicroSD card.

This video demonstrates how quick and easy the kit is to use.

The MPE+ dSOLO is a built-in feature that allows users to create an extraction profile and then compile that profile to a MicroSD card. Users can then insert the provisioned MicroSD card into an Android device independent of any connection to MPE+. The configured dSOLO application is then initiated on the Android device and the previously selected extraction capabilities are extracted from the device onto the SD Card in a format that can only be read in MPE+. When extraction completes, users can read the MicroSD card containing the dSOLO data using the “Read dSOLO File” option from the MPE+ toolbar. Once the data is read, it is immediately available for preview, reporting, and analysis in MPE+.

Information:
MPE+ dSOLO video
MPE+ BrochurePosted: 15 December 2014

FTK 5.6 Software Release

AccessData’s Forensic Toolkit 5.6 software upgrade is now available.

Improvements:

– System Information tab allows you to view system information that contains detailed information about disk images in an easy to read format.
– Entity Extraction processing options to identify and extract specific types of data in your evidence such as credit card numbers, phone numbers and social security numbers
– Exchange 2013 Support
– KFF improvements
– IPv6 support
– and more

Download Release Notes (pdf)
Download Software UpgradePosted: 12 December 2014

Analyzing Windows Phone Artifacts with IEF

New with Internet Evidence Finder (IEF) v6.5, Magnet Forensics has added support for a number of native and third-party apps for Windows Phone. Using JTAG and Chip-off techniques, forensics examiners can use IEF to recover call logs, SMS/MMS, emails, and contacts.

One of the major challenges for Windows Phone analysis is the acquisition phase. Unlike other devices, such as iOS and Android, JTAG and Chip-off acquisitions are the only methods to acquire most Windows Phones. This means that your traditional forensic acquisition tools such as Cellebrite, XRY, MPE+, etc., cannot acquire the data from a Windows Phone…

Read (Magnet Forensics)Posted: 10 December 2014

How NIST is helping law enforcement with digital forensics

“Digital forensics is at a time of crisis and a time of opportunity.”

This remark from Eoghan Casey, lead cybersecurity engineer at the MITRE Corp., highlighted the overarching themes presented at the first day of the National Institute of Standards and Technology forensics conference Wednesday.

Throughout the morning, a number of NIST scientists, engineers and program managers poured over the ways the agency is helping law enforcement enhance investigations tied to recovering data from digital devices or improving the accuracy of biometrics…

Read (fedscoop)Posted: 10 December 2014

Oxygen Forensics releases the new and free Oxygen Forensic Viewer

Oxygen Forensics releases Oxygen Forensic Viewer, a stand-alone tool for viewing and sharing information collected with Oxygen Forensic Suite. Fast, easy and lightweight, Oxygen Forensic Viewer allows accessing the complete set of evidence, analyzing deleted data, examining suspects’ communications and locating all types of evidence with built-in search. While the tool is available to licensed users of Oxygen Forensic Suite, the Suite itself is not required for installing and using Oxygen Forensic Viewer.

Effectively, Oxygen Forensic Viewer is a perfect tool for sharing information with colleagues and coworkers, enabling easy access to evidence collected with Oxygen Forensic Suite without additional costs and learning curve.Posted: 09 December 2014

Webinar: Investigating Sexual Crimes in the Tinder Age

Date/Time: Tuesday December 16th, 2014 @ 10:00 am EST (3pm GMT)

The usage of location-based mobile dating applications like Tinder and Grindr has exploded over the last year. This new class of mobile app allows singles to identify, chat with, and meet other singles located in their immediate vicinity. As the popularity of these apps continues to grow, they will become increasingly important sources of evidence for digital forensics examiners.

On Tuesday December 16th, join Jad Saliba and Jamie McQuaid from Magnet Forensics as they explore what you need to know about finding and analyzing evidence from this new class of mobile dating application using a real-world case scenario…

REGISTER TODAY HEREPosted: 04 December 2014