FORENSIC ANALYSIS Martino Jerian at Amped Software shares some information about Apple’s move to the HEIF file format in iOS 11. Interestingly, the file’s format may be switched back to JPEG when transferring the file. From the image in the post it looks like the file also keeps its EXIF data which is nice. HEIF Image […]
FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog has a few posts on the $INDEX_ROOT NTFS attribute. Firstly, he takes a look at the $INDEX_ROOT NTFS attribute of a file. $INDEX_ROOT と $I30 Hideaki also has a post about ObjectID’s and how they are affected by moving the file across mediums. I’m wondering the […]
FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog walks through the process of creating a deleted record in NTFS $I30. For more information about NTFS index attributes I found this article useful (although the pictures don’t appear to display any more for some reason). NTFS $I30 と Deleted record There were a few posts […]
FORENSIC ANALYSIS Glenn Edwards Jr at Hidden Illusion has a post on enumerating prefetch filename hashes to brute force the original path of an executable. He also lists various use-cases where this may be helpful. Go Prefetch Yourself Jim Hoerricks at Amped Software discusses when someone should seize a DVR and provides some resources for […]
FORENSIC ANALYSIS Adam Harrison has started a new blog, 1234n6, and wrote a couple of articles regarding the analysis of volumes with data deduplication enabled. The “first post serves as an introduction to Data Deduplication and speaks to how to identify whether a system or disk image has Data Deduplication enabled” Windows Server Data Dedupliction and […]
This Month In 4n6 for August 2017,
Special thanks to Animatic on Soundcloud for letting me use one of his tracks in the opening.
FORENSIC ANALYSIS The guys at Cyber Forensicator shared an article by Timothy Opsitnick, Joseph Anguilano and Trevor Tucker on how computer forensics can be used to assist to investigate employee data theft. Using Computer Forensics to Investigate Employee Data Theft There were a couple of posts on Elcomsoft’s blog this week Olga Koksharova at Elcomsoft […]
FORENSIC ANALYSIS There were a few posts on Cyber Forensicator this week They shared a paper by Andrew Case, Arghya Kusum Das, Seung-Jong Park, J. (Ram) Ramanujam and Golden G.Richard III from DFRWS US 2017 titled “Gaslight: A comprehensive fuzzing architecture for memory forensics frameworks” Gaslight: A comprehensive fuzzing architecture for memory forensics frameworks They […]
FORENSIC ANALYSIS Brett Shavers wrote a few articles this week The first post discusses the various aspects of a photograph that can be used to place the suspect at the scene of the crime. This includes the content, combining the various elements of data stored in metadata with your knowledge of the case, as well […]
FORENSIC ANALYSIS The guys at Digital Forensics Corp shared a couple of articles of interest this week They shared an article on idownloadblog about the recent Apple Watch jailbreak released at DC25. Apple Watch jailbreaking They shared an article on Infosec Addicts on performing an Android acquisition. How to do Physical Acquisition in Android Forensics […]
