Digital Forensics

895

Solutions

2

Articles & Videos

1K

Contributors

Digital forensics encompasses the recovery and investigation of material found in digital devices, often in relation to computer crime. Digital forensics investigations have a variety of applications. The most common is to support or refute a hypothesis before criminal or civil (as part of the electronic discovery process) courts. The technical aspect of an investigation is divided into several sub-branches, relating to the type of digital devices involved; computer forensics, network forensics, forensic data analysis and mobile device forensics. The typical forensic process encompasses the seizure, forensic imaging (acquisition) and analysis of digital media and the production of a report into collected evidence.

Share tech news, updates, or what's on your mind.

Sign up to Post

are there any free tools which could scan a drive on a file server for potential inappropriate images, based on a nudity type calculation. I know these things exist in forensics communities but I have yet to see anything that is free. we need to do a quick scan to ensure one of our employees has not stored any inappropriate material on one of our file servers.
1
Enroll in June's Course of the Month
LVL 9
Enroll in June's Course of the Month

June's Course of the Month is now available! Every 10 seconds, a consumer gets hit with ransomware. Refresh your knowledge of ransomware best practices by enrolling in this month's complimentary course for Premium Members, Team Accounts, and Qualified Experts.

OSXPmem version 2.0.1 will successfully dump to AFF4. However, we need RAW. I found references to a -format flag in various blogs but "-format" is not evident in the OSXPmem man page and entering the flag throws errors. OSXPmem is not really designed to dump to RAW but supposedly it is possible. I just can't get it to work.

My AFF4 dumps are around 12 GB. I attempted to convert these AFF4 dumps to RAW using this command:

bash# osxpmem.app/osxpmem -e /dev/pmem -o Memory_Captures/mem.raw Memory_Captures/mem.aff4

Multiple different copies of my AFF4 memcaps converted to new files sized at exactly 2.06 GB and then stalled with “Imaging failed with the error: -8”. Googling this error yields nothing.

There's very little documentation on OSXPmem and virtually zero support. It looks like you can only use OSXPmem dumps with Rekall. Any suggestions appreciated.
0
We've downloaded Paladin 7.02 to a USB stick and we have successfully booted a MacBook Air.

Attached to the Air via USB is a Mac OS X drive in an enclosure called "Macintosh HD." Also attached is a Windows FAT32-formatted drive, "Image."

We need to E01 image Macintosh HD to the Image target drive.

We see that Paladin has provided 3 "Imaging Tools" that launch Linux terminal sessions. However, we can't find any documentation for how to actually render the E01 image. All suggestions welcome.
0
I have written a module in Delphi that enumerates all the files on a volume.
How do I get to know the files that were updated / deleted / created since my last backup ?
Noticed that the FileUSNReference number and the ParentFileUSNReference number change upon any update done to the file. If I have stored the file details during my previous backup and if I compare the numbers with the current Reference numbers I can get to know that the files have changed.
Just need to know if this is a reliable method as this is just my observation and I do not know if this is how it is supposed to be
0
Hi, I have a 3.5 years old Nokia Lumia device that is about to die because it can barely charge.  I want to buy a new one but I have not because I wanted to extrar my text message threads.  They include videos and photos of my kids that I have sent over the years to family and friends and some of those videos and photos I lost when my computer hard drive died and I had not backed up for a while.  The only place where they still reside are in my very long, 3.5 year old message threads.  Plus, some relevant news like when my kid's first tooth came of, or funny things they said or did, I have always texted my family, and since I have no time for albums, the date and exact memory only reside in these text threads.  I have tried for ways to extract this with no luck.  The phone is the first Nokia Lumia 900 that came out, it has Windows 7.8 installed.  If someone can help me out before it dies on me, it would be great!  Thanks,

Marlene
0
I'm working on my master's dissertation in computer forensics and cyber security, and the topic is on bring-your-own-device (BYOD) acceptable use and security policy. There are many security implications that come along with BYOD. I am most interested in what organisations are doing today regarding BYOD?

If anyone has a few minutes and would like to participate in this anonymous BYOD survey, I would really appreciate the feedback.

The survey can be found here: https://www.surveymonkey.com/s/XPHCQSV 

Thank you!
0

Digital Forensics

895

Solutions

2

Articles & Videos

1K

Contributors

Digital forensics encompasses the recovery and investigation of material found in digital devices, often in relation to computer crime. Digital forensics investigations have a variety of applications. The most common is to support or refute a hypothesis before criminal or civil (as part of the electronic discovery process) courts. The technical aspect of an investigation is divided into several sub-branches, relating to the type of digital devices involved; computer forensics, network forensics, forensic data analysis and mobile device forensics. The typical forensic process encompasses the seizure, forensic imaging (acquisition) and analysis of digital media and the production of a report into collected evidence.

Top Experts In
Digital Forensics
<
Monthly
>