News

This news feed is supplied with permission from the Forensic Focus website.To read more on any news snippet click on its headline.

Secure View Mobile Forensics and Belkasoft Announce Partnership

Susteen Inc, and Belkasoft are happy to announce their new partnership. This partnership will allow respective users of both Susteen’s Secure View cell phone forensic software and Belkasoft’s computer forensic software to receive discounts on each other’s offerings. Both companies offer industry leading tools to law enforcement, military, government and corporate users. This partnership will strengthen the ability for users of both products to manage their forensic cases and increase their forensic capabilities.Posted: 04 March 2015

Oxygen Forensics turns 15!

We are celebrating our 15th anniversary and want to invite you to be a part of it!
We would be more than happy if you share your story with us. We have written a rich history together, and we want to extend an opportunity to you to share your experience with Oxygen Forensics and how it has had a positive influence on your work and how we managed to make this world better and safer together.

Special prizes will be awarded to all the storytellers and three the best ones will also get a fully functional Oxygen Forensic Passware Analyst license.Posted: 03 March 2015

Head replacement tools from HddSurgery

Introduction to head replacement process

Head replacement process refers to the process of replacing defective HDD heads with the heads from identical and functional hard disk drive. This process must be performed in order to recover data from disks that have suffered from head crush failure.

Process of replacing damaged HDD heads with functional ones is pretty complex task, especially if you consider risk of damaging HDD platters, which may cause permanent data loss. Various methods and techniques were used to perform head replacement process, with different percentage of success and high chances that something will go wrong.Posted: 25 February 2015

Exam Outline For CCFP Digital Forensics Certification Available for Download

The Certified Cyber Forensics Professional (CCFP) certification is the only global cyber forensics credential that provides a comprehensive validation of a candidate’s knowledge and skills as a digital forensics expert. Developed by (ISC)2, a leader in the information security certification market, CCFP is for those who have been working in the field and would like to take the next step and apply their cyber forensics expertise to a variety of challenges.

According to a recent report from the Center for Strategic and International Studies (CSIS), sponsored by security firm McAfee, cybercrime costs businesses approximately $400 billion worldwide, impacting approximately 200,000 jobs in the U.S., and 150,000 jobs in the EU.Posted: 24 February 2015

Forensic examination of SQLite Write Ahead Log (WAL) files

I am sure that you are aware that when an SQLite database is opened if there is an associated WAL (Write Ahead Log) file then the pages in this WAL are automatically written to the main database, thus overwriting records, and the WAL file is reset. You may not be aware though that the WAL can contain multiple copies of the same page (each with different data/records) and that there can also be a sort of WAL “slack” i.e. records from a previous database transaction, if you like records from previous WAL files. So by opening the database and committing the WAL you are potentially overwriting/missing valuable evidence.

This article describes how WAL files work and how to deal with them forensically – the steps are very straight forward with the Forensic Toolkit for SQLite and the article takes you through them.Posted: 24 February 2015

Belkasoft Adds Forensic Support for Windows Phone 8.1

Belkasoft updates its digital forensic solution, Belkasoft Evidence Center 2015, with the ability to perform forensic analysis of Windows Phone 8.1 images acquired via JTAG flashers and Cellebrite UFED hardware.

The new release enables automated extraction, discovery and analysis of user data available in chip-off dumps acquired from mobile devices running Windows Phone 8 and 8.1. Supported data includes Web browsing histories, contacts, call logs, chats, instant message conversations, cached social network communications, screenshots of background applications, and many other types of data.Posted: 19 February 2015

IEF Artifact Updates Have Become a More Frequent Thing

To stay on top of the rapidly evolving app landscape (and ensure IEF users continue to find as much digital evidence as possible in their investigations), the Magnet Forensics team has started to release more frequent artifact updates, adding to the list of hundreds of artifacts that IEF supports on computers, smartphones and tablets.

New this month, we have released support for a number of native iOS applications including Owner Information, Saved Wi-Fi Profiles, Saved Bluetooth Devices, Spotlight Searches, Word Dictionary, Installed Applications, Calendar Events, Deleted Notes, and Contacts. This new update is available now to customers who have added the mobile artifacts module to their license…

Read (Magnet Forensics)Posted: 18 February 2015

AccessData MPE+ 5.5.6 has been released

MPE+ 5.5.6 has been released featuring a new simpler installation process as well as new analysis and reporting capabilities. Some of the new features include:

Analysis
You can now select files in both the media and the carved view to export the file to a desired location in the files’ native form. This allows you to:
Report on carved files using the attach file function in reports
Save native files to an evidence folder for later analysis
View files that are not currently viewable in the natural view

Reporting
You can now report the information from the conversation view. While in the SMS view, you may select a message, right-click, and select a conversation view or select the conversation in the conversation pane. You can elect to remove the report by following the same procedure.

Download Release Notes
Download ISOPosted: 18 February 2015