This news feed is supplied with permission from the Forensic Focus website.To read more on any news snippet click on its headline.

Passware Exposes Suspects’ Photo Stream to Computer Forensics

Passware, Inc., a provider of password recovery, decryption, and electronic evidence discovery software for computer forensics, law enforcement organizations, government agencies, and private investigators, announces version 2 of its flagship encrypted electronic evidence discovery product – Passware Kit Forensic 2015. This new release now acquires suspects’ iPhone and iPad photos without an Apple ID or password, provided there is physical access to the computer with iCloud application installed.

According to, “Your new photos appear automatically on the iOS devices, computers, and Apple TV you set up with My Photo Stream, no matter which iOS device or computer you use to take or import new photos.” (Source: Apple). This also concerns shared photo stream where photos and videos of trusted contacts are automatically synchronized with the Apple device.Posted: 25 March 2015

Interview with Nikola Radovanović, CEO, HddSurgery

Nikola, please tell us about HddSurgery. What first gave you the idea to develop tools for data recovery and computer forensics?

I would not call it an idea, it was more a need for such tools. We have data recovery and forensics operations here and we had a problem that we needed to solve. At that time, seven years ago, we tried all the tools that were on the market.

To our regret, all the tools that we could buy were bad quality and could not help us in job well or could not help us every time as they are supposed to. It was all up to engineer who is doing data recovery and forensics, his/her experience and good mood. There were obviously repeatability problems.

Read MorePosted: 24 March 2015

New AccessData UTK® Bundle

When it comes to incident response, the quick collection and triage of digital devices is crucial to identify where evidence may be contained. This expedites device processing and evidence identification to ultimately reduce case backlogs. AccessData’s Ultimate Toolkit® (UTK®) include FTK, nFIELD and AD Triage to allow you to collect and triage devices on-scene as well as analyze data from different sources faster.

Three solutions, three discounted packages.Posted: 24 March 2015

Webinar: Being Your Own Cybersecurity “Expert Witness”

Date: March 26, 2015
Time: 1:00pm EST (US) / 5:00pm GMT (UK)
Duration: 60-75 minutes
Presenters: Spencer Wilcox, CISSP, Excelon; Herbert Joe, Certified Forensics Consultant, Yonovitz & Joe, LLP; Andrew Neal, TransPerfect

With data breaches and data leakage incidents becoming front page news, cyber investigations are taking on more importance within organizations. This calls for a new set of skills to be developed such as the ability to work with all levels of law enforcement, lawyers and attorneys and within the judicial system. Many of these investigations will call for the cybersecurity practitioner to be a witness and give testimony. What’s the best way to do this to protect yourself and the organization, while also providing the information that will help law enforcement and the justice system to get the information they need? Join (ISC)2 on March 26, 2015 at 1:00 p.m. Eastern for their next “From the Trenches” webcast where they will talk about what it means to be an expert witness and the best practices for serving as one.

Register now at 23 March 2015

Susteen Announces Acquisition of Pincodes/Passcodes from iPhones and Android

Susteen Inc. is proud to announce their brand new iPhone/Android pincode breaking software. The SV Strike Secure View Strike is capable of acquiring 4 digit pincode/passcodes on the most popular phones including the new iPhone 6 and 6 plus. than just a simple brute force “box”, created and built in the United States, this new technology gives the forensic investigator the go-to tool for breaking into iPhones and Android devices. With easy to view videos and instructions, the SV Strike aims to replace foreign devices with unproven abilities.Posted: 19 March 2015

How to Use EnCase and IEF Together

When it comes to computer forensics, investigators often rely on a variety of tools to find the evidence they need. The real challenge is understanding how to use these tools together to make your investigations more efficient while still maximizing your results. In a previous blog post, we discussed the top reasons to use EnCase and IEF together to enable investigators to work through cases more thoroughly and efficiently. In this post, I want to take an in-depth look at how to integrate both tools into your investigations and get the most out of your analysis.

Read (Magnet Forensics)Posted: 19 March 2015

Review: Mobile Phone Examiner Plus (MPE+) – Part 1

Reviewed by Si Biles, Thinking Security

That mobile devices are going to be used in any criminal activity is almost a given now – although post Snowden, at least the more intelligent crook might give some pause to consider the NSA or GCHQ before making their call. The capabilities of these devices have advanced so far that some manufacturers have attempted to use them to replace laptops…and that’s not considering the whole arena of tablets, a majority of which run variations of the mobile phone operating systems – Android, iOS or Windows Mobile.

Clearly this is a growing field, and to that end, it would be a foolhardy forensic software developer who didn’t produce a mobile phone tool. AccessData (henceforth AD) have survived long enough to prove that they aren’t foolhardy, and thus their tool Mobile Phone Examiner Plus (henceforth MPE+) is available to deal with that requirement for their clients…

Read MorePosted: 19 March 2015

Investigating the new Skype media_cache with the Forensic Browser for SQLite

Skype recently introduced cloud based operation and started moving away from peer-to-peer messaging with a view, to paraphrase Skype, of improving the service that we receive.

The move has had the effect of introducing a new set of artefacts and in particular a new location for stored/cached image files (pictures).

This article deals with the SQLite tables that reference to these pictures, the locations of the pictures themselves and how to join the relevant tables, decode the data held in certain blob fields and create a report showing who sent what to whom including the pictorial evidence where possible.Posted: 18 March 2015