Archiv des Autors: #DF

Jumplists in depth – understand format

Jumplists in depth – understand format



Jump lists in depth: Understand the format to better understand what your tools are (or aren’t) doing

Check this out on Google+

Extracting filevault2 keys w

Extracting filevault2 keys w. volatility



Extracting FileVault 2 Keys with Volatility
SHORT VERSION: This is a volatility plugin which can recover FileVault 2 Volume Master Keys from memory, based on a certain pattern. It has been briefly tested on OS X 10.9 – 10.11. Plugin on GitHub here.

Check this out on Google+

Forensic analysis of Flash-Friendly File System (F2FS)

Forensic analysis of Flash-Friendly File System (F2FS)



Forensic analysis of Flash-Friendly File System (F2FS) | We Are 4n6
If you are performing digital forensics examinations of Android mobile devices often enough, you must know that there are so many different file systems which can be found on such smartphone or tablet. Android file systems classification. These file systems can be classified as flash memory file …

Check this out on Google+

A series of quick start guide videos are now available on the official X-Ways Forensics YouTube channel

A series of quick start guide videos are now available on the official X-Ways Forensics YouTube channel.



X-Ways Forensics Quick Start Guides – YouTube

Check this out on Google+

Date Decoder

Date Decoder



Sanderson Forensics – DateDecode
I have seen a number of posts recently asking what this date is? and some seemingly random number such as 12883423549317375.

Typically I work by dividing the date by the number of seconds in a year and then succesively by 10 until I get to a sensible ‚epoch‘, i.e. the base date from which the date ‚counts‘. This is great for unknown dates but often Ijust want to look at a number and see which of the date formats that I know about it could be.

Check this out on Google+

Web interface for the Volatility

Web interface for the Volatility



JamesHabben/evolve: Web interface for the Volatility Memory Forensics Framework

Check this out on Google+

Windows Phone 8

Windows Phone 8.10 MMS



Windows Phone 8.10 MMS (for Lumia 530) …
Now with attachment info! Catch the excitement! We recently noticed that while some commercial forensic tools show Windows Phone 8.10 MMS transaction information (eg Date, Phone number), they do not show or list the accompany…

Check this out on Google+

MS Android Emulator

MS Android Emulator



Visual Studio-Emulator für Android
Der Visual Studio-Emulator für Android ist ein schneller, zuverlässiger, Hyper-V-kompatibler Android-Emulator, der eine Vielzahl von Konfigurationen u

Check this out on Google+

FTK 6.0 Webinar

Multi-Language Optical Character Recognition (OCR). Volume Shadow Copy.
FTK® Web Viewer. Easy Button for Processing. Searching across multiple cases simultaneously. Windows 10 support And more!



WebEx Event Center
7

Check this out on Google+

CAIN 7

CAIN 7.0 released



CAINE Live USB/DVD – computer forensics digital forensics
CAINE Computer Aided INvestigative Environment Live CD/DVD, computer forensics, digital forensics

Check this out on Google+