Jumplists in depth – understand format
Extracting filevault2 keys w. volatility
Extracting FileVault 2 Keys with Volatility
SHORT VERSION: This is a volatility plugin which can recover FileVault 2 Volume Master Keys from memory, based on a certain pattern. It has been briefly tested on OS X 10.9 – 10.11. Plugin on GitHub here.
Forensic analysis of Flash-Friendly File System (F2FS)
Forensic analysis of Flash-Friendly File System (F2FS) | We Are 4n6
If you are performing digital forensics examinations of Android mobile devices often enough, you must know that there are so many different file systems which can be found on such smartphone or tablet. Android file systems classification. These file systems can be classified as flash memory file …
Sanderson Forensics – DateDecode
I have seen a number of posts recently asking what this date is? and some seemingly random number such as 12883423549317375.
Typically I work by dividing the date by the number of seconds in a year and then succesively by 10 until I get to a sensible ‚epoch‘, i.e. the base date from which the date ‚counts‘. This is great for unknown dates but often Ijust want to look at a number and see which of the date formats that I know about it could be.
Web interface for the Volatility
Windows Phone 8.10 MMS
Windows Phone 8.10 MMS (for Lumia 530) …
Now with attachment info! Catch the excitement! We recently noticed that while some commercial forensic tools show Windows Phone 8.10 MMS transaction information (eg Date, Phone number), they do not show or list the accompany…
CAIN 7.0 released
CAINE Live USB/DVD – computer forensics digital forensics
CAINE Computer Aided INvestigative Environment Live CD/DVD, computer forensics, digital forensics