Digital Forensics Now

Send us a text

Join us for a holiday-themed episode of Digital Forensics Now, where we blend expert insights with personal stories from the field of digital forensics.

This episode delves into cutting-edge tools and techniques for digital forensics. Explore insights from Arsenal on advanced methods for analyzing swap space and memory files. We also share experiences with the Samsung Secure Health Data Parser, highlighting the challenges of decrypting health databases and the critical role of UFED in overcoming them. Don’t miss an in-depth look at the remarkable features of ArtEX, showcasing its value to examiners. Additionally, we introduce the LEAPPS Artifact Viewer App (LAVA), a groundbreaking tool unveiled at the Cyber Social Hub conference. 

We discuss the vital role of forensic experts in legal proceedings, from the importance of meticulous validation to the risks of mishandling evidence. Real-world cases and a controversial court rulings that highlight why expert testimony remains essential in interpreting digital artifacts.

We close with gratitude to our listeners and warm holiday wishes. Stay tuned on social media for updates on our next live session after the holidays.

Notes:
Working with 010 Hex-Editor 
https://www.youtube.com/playlist?list=PLCS2zI95IiNwheFCTaUEytA1GT0mNOOdn 

Arsenal Releases a New Tool! 
https://arsenalrecon.com/additional-products 

Samsung Secure Health Data Parser - A Forensic Tool for Parsing & Analyzing Samsung Secure Health Databases https://github.com/breakpointforensics/Samsung-Secure-Health-Data-Parser-/tree/main 

ArtEx Artifact Examiner <br>https://www.doubleblak.com/app.php?id=ArtEx2 

Why the Manual Preview/Screenshots May Not Hold Up in Court https://www.forbes.com/sites/larsdaniel/2024/11/13/think-that-screenshot-is-proof-heres-why-it-might-not-hold-up-in-court/  https://www.forbes.com/sites/larsdaniel/2024/12/06/smartphone-forensics-and-fake-texts-how-are-courts-responding/ 

What's New with the LEAPPS!? 
Google Keep Notes <br>https://charpy4n6.blogspot.com/2024/12/google-keep-notes.html 
Signup for Updates! leapps.org

 

Send us a text

The latest episode of Digital Forensics Now kicks off with lighthearted banter about Heather's newfound fame in commercials, bringing a fun and relatable start to a tech-heavy discussion. Following the laughs, the conversation shifts to an invigorating recap of Alexis' recent experience at SANS DFIRCON, featuring interactions with digital forensics luminaries like Brian Maloney and Ian Whiffin. Ian's ArtEx tool, which cleverly maps locations for forensic investigations, also takes center stage as a highlight of the conference. The episode weaves in personal reflections, including a scenic family train ride from Orlando to Miami and the implementation of a Python artifact exercise during a teaching session.

The journey continues with a vibrant detour to the Tanganyika Wildlife Park in Kansas, where the usual birthday horseback riding tradition was replaced with unforgettable encounters like swimming with penguins, feeding giraffes, and snapping selfies with lemurs. These charming moments with nature set a refreshing tone before diving back into the tech world.

In the realm of digital forensics, the episode explores reverse engineering iOS 18, discusses the brief availability of BitLocker support in FTK Imager, and examines the evolving landscape of BFU (Before First Unlock) data extraction in law enforcement. The hosts delve deep into the complexities of digital forensics tools, translating technical data structures into accessible insights while emphasizing the importance of a strong digital evidence strategy. Topics include advancements in the LEAPP Parsers, the innovative Lava Viewer, and the latest developments in Blue Sky data structures, offering a comprehensive look at the tools shaping the field.

The episode wraps up with an open invitation for listeners to connect on social platforms, share their thoughts, and showcase innovative projects within the community, fostering a collaborative and forward-thinking space for digital forensics enthusiasts.

Notes
iOS Devices Rebooting Continuedhttps://naehrdine.blogspot.com/2024/11/reverse-engineering-ios-18-inactivity.html

Samsung Secure Health Data Parser https://breakpointforensics.com/2024/11/06/samsung-secure-health-data-parser-a-forensic-tool-for-parsing-analyzing-samsung-secure-health-databases/
https://github.com/breakpointforensics/Samsung-Secure-Health-Data-Parser-/tree/main

Mobile Forensics Data Structures: Extracting and Analyzing Data with Free Toolshttps://www.hexordia.com/blog/mobile-forensics-data-structures

GAMEPLANS: A template for robust digital evidence strategy developmenthttps://onlinelibrary.wiley.com/doi/10.1111/1556-4029.15655Digital Evidence 

Enhancing public safety using digital investigative technologieshttps://majorcitieschiefs.com/wp-content/uploads/2024/10/MCCA-Digital-Evidence-White-Paper-_-Oct-2024.pdf

Importance of BFU Partial Filesystem Extractions!https://www.linkedin.com/posts/1carl-lawrence_dfir-polcing-digitalforensics-activity-7264179600631468034-FHGh

Sumuri Gives Back 2024
https://sumuri.com/sumuri-gives-back-2024/

Send us a text

Join us on the Digital Forensics Now podcast as we explore the details of the iOS 18 inactivity reboot issue with mobile forensics expert Christopher Vance from Magnet Forensics. Chris traces the origins of this challenge back to iOS 17 and explains how unified logs play a key role in diagnosing these system memory resets. This episode is packed with valuable insights for anyone interested in the inner workings of iOS devices and the unique considerations they present in digital forensics.

We also discuss device security and data preservation, focusing on iOS devices. Examining the balance between law enforcement’s need for data access and Apple’s privacy measures, we highlight the importance of extracting the data from devices quickly to prevent data loss. Our conversation covers the legal complexities, jurisdictional nuances, and the demand for data preservation tools to address these challenges effectively.

We explore recent developments in mobile technology, specifically Android 15's "Private Space" feature and how it will effect the digital forensic community workflow. 

With insights from industry experts, this episode is full of essential updates tailored for digital forensics professionals looking to stay current.

Notes:
iOS Devices Rebooting
https://www.magnetforensics.com/blog/understanding-the-security-impacts-of-ios-18s-inactivity-reboot/

5 iOS forensics evidence sources to capture before they expire
https://www.magnetforensics.com/blog/ios-forensics-evidence-sources-to-capture-before-they-expire

Mac and iOS Forensic Analysis and Incident Response Poster
https://www.sans.org/posters/macos-ios-forensic-analysis/

Send us a text

Could AI in forensic analysis be more of a liability than an asset? Join us as we explore this pressing concern. 

We kick off this episode with an important update for those dealing with Android extractions. Recent changes to the Android OS and Google Play Store might be causing the Keystore (secrets.json) file to either miss data or not be extracted at all. This brings attention to the vital role decryption keys play in accessing data from mobile devices.

Next, we dive into advancements in forensic tools like MSAB’s new RAM analyzer for XRY Pro users. 

For iOS investigators, if you’re working with Cache.sqlite data, you’ll want to check out iCatch, a tool designed to map the data efficiently and streamline your workflow.

Shifting to the role of AI, we examine a recent legal case that highlights the dangers of relying on AI-generated results without proper verification. Accuracy and repeatability are key, and our discussion focuses on the ethical implications of using AI in forensic investigations. We emphasize the importance of thoroughly validating AI tools to maintain trust in the legal process.

Notes: 

Updated Telegram Policy
https://www.linkedin.com/posts/luca-cadonici-41299b4b_policy-telegram-cybersecurity-activity-7244258209979334656-AxPlhttps://telegram.org/privacy#8-3-law-enforcement-authorities

MSAB RAMalyzer
https://www.youtube.com/watch?v=1SEgSYSF03A

Expert witness used Copilot to make up fake damages, irking judge
https://arstechnica.com/tech-policy/2024/10/judge-confronts-expert-witness-who-used-copilot-to-fake-expertise/https://law.justia.com/cases/new-york/other-courts/2024/2024-ny-slip-op-24258.html

iCATCH
https://github.com/AXYS-Cyber/iCATCH

Send us a text

Join us as we discuss the latest blogs and training opportunities available to keep you at the forefront of digital forensics.

We’ll then dive into the release of iOS 18 and its impact on digital forensic investigations. Beyond tools and gadgets, we'll explore the shift towards cloud-based evidence storage, weighing its benefits and security challenges against traditional air-gapped networks.

Whether you're a seasoned professional or just beginning your journey, this episode offers a mix of education, entertainment, and a sense of community, all with a dash of geek culture fun.

Notes:

-Triple Trouble. iOS 16, Android 14, and iOS 17 Images Now Available!
https://thebinaryhick.blog/2024/09/14/triple-trouble-ios-16-android-14-and-ios-17-images-now-available/

-A First Look at iOS 18 Forensics
https://blog.digital-forensics.it/2024/09/a-first-look-at-ios-18.htmlhttps://www.magnetforensics.com/blog/a-look-into-ios-18s-changes/

-New iOS Feature - Brian Krebs Linkedin Post
https://support.apple.com/guide/iphone/request-give-remote-control-a-facetime-call-iph5d70f34a3/ios

-macOS 15 (Sequoia): What Forensic Examiners Need to Know
https://www.linkedin.com/pulse/macos-15-sequoia-what-forensic-examiners-need-know-sumuriforensics-ohbrc/

-25th Anniversary of Paraben
https://l.paraben.com/25-year-anniversary-3005

-Oxygen 2024 International User Summit
https://oxygenforensics.com/en/user-summit-2024/

-When is an app not an app? Investigating WebAPKs on Android
https://www.cclsolutionsgroup.com/post/when-is-an-app-not-an-app-investigating-webapks-on-android

-mr. eerie Blog
https://mreerie.com/2024/09/30/exploring-ufade-to-extract-data-from-ios-devices/

-Learn With Hexordia Launch
https://learn.hexordia.com

-Noel Lowdon-Vehicle Systems Forensics
https://www.linkedin.com/in/noel-lowdon-74685769/

-Not Scary Binary
https://us02web.zoom.us/webinar/register/WN_8G0VMawERVO-kpaDJbE2Ww#/registration

-Marco Neumann added Withings HealthMate on iOS (iLEAPP)
https://bebinary4n6.blogspot.com/2024/09/withings-healthmate-on-ios.html

Send us a text

Recognizing excellence is key in our community, and we spotlight the SANS Difference Maker Awards and Cellebrite Summit Digital Justice Awards. Discover why it’s crucial to nominate your peers and learn about the newly opened registration for IACIS 2025 training classes, featuring must-attend courses like Advanced Mobile Device Forensics. 

While highlighting a recent article by Brett Shavers, we stress the significance of continuous education and community acknowledgment in helping digital forensics professionals grow and excel.

Our conversation delves into the technical challenges of iOS Telegram data analysis and the development of tools like Kathryn Hedley's Parse USBs script. We shed light on the importance of peer reviews and cognitive bias in forensics. This episode is a deep dive into the intricacies of digital forensics, education, and the community that drives it forward.

Notes:

SANS Difference Maker Awards 
https://www.sans.org/about/awards/difference-makers/

Cellebrite Summit Digital Justice awards
https://cellebrite.com/en/c2c-summit-digital-justice-awards/

IACIS 2025 Training
https://iacis.com/training/

Belkasoft - iOS Telegram Acquisition and Database Analysis
 https://belkasoft.com/ios-telegram-forensics-acquisition-and-database-analysis

Kathryn Hedley parseusbs script
https://www.khyrenz.com/post/automated-usb-artefact-parsing-from-the-registryhttps://github.com/khyrenz/parseusbs

Cracking OneDrives Personal Vault -Brian Maloney
https://malwaremaloney.blogspot.com/2024/09/cracking-onedrives-personal-vault.html
https://github.com/Beercow/Personal-Vault-BEK

Brett Shavers New Article - Today, today I rant
https://www.linkedin.com/pulse/today-i-rant-dfir-training-brett-shavers--pij4c/

Lionel Notari Logs of the Week
https://www.ios-unifiedlogs.com/unifiedlogoftheweek

Send us a text

What's the real impact of AI on law enforcement documentation? Can digital forensics tools truly revolutionize our investigative processes? These are just some of the provocative questions we tackle in our season two premiere of Digital Forensics Now! Join us as we celebrate our one-year anniversary with reflections on the past year, exciting updates, and plans for the future. 

The episode takes a deep dive into the ethical and practical implications of AI in law enforcement, sparked by a recent AP News article on police officers using AI chatbots for writing crime reports. We express our skepticism about AI's accuracy and discuss the vital need for human oversight. Examining AI’s influence on officers' recollection of events, this episode scrutinizes the potential pitfalls and ethical concerns associated with AI in policing. We also humorously critique some AI-generated descriptions of our podcast, shedding light on AI's current limitations and biases.

Don't forget to vote for your favorite difference makers with the SANS Difference Maker Awards!

In the latter part of the show, we shine a spotlight on Recuperabit, a forensic file system reconstruction tool, and Lionel Notari's invaluable contributions on iOS log files. We tackle the challenges of modifying third-party tools and discuss the broader ethical concerns of reverse engineering. As we wrap up, we celebrate our anniversary by announcing the winners of our prize draw and featuring the "Meme of the Week," which humorously highlights the financial struggles in our field. Tune in for an informative and engaging episode!

Notes-
Local Storage and Session Storage in Mozilla FireFox Part 1
https://www.cclsolutionsgroup.com/post/local-storage-and-session-storage-in-mozilla-firefox-part-1

SANS Difference Maker Awards
https://www.sans.org/about/awards/difference-makers/

Police officers are starting to use AI chatbots to write crime reports. Will they hold up in court?
https://apnews.com/article/ai-writes-police-reports-axon-body-cameras-chatgpt-a24d1502b53faae4be0dac069243f418

Magnet Forensics acquires Medex Forensics
https://www.magnetforensics.com/news/magnet-forensics-acquires-medex-forensics-strengthening-video-evidence-integrity-with-detection-of-deepfakes-and-generative-ai/

RecuperaBit Forensic File System Reconstruction
https://www.forensicfocus.com/interviews/andrea-lazzarotto-digital-forensics-consultant-and-developer/https://github.com/Lazza/RecuperaBit

The Logs of the Week
https://www.ios-unifiedlogs.com/unifiedlogoftheweek

Send us a text

(THIS IS WHAT AN AI GENERATED DESCRIPTION WITH NO HUMAN CORRECTIONS WILL PROVIDE FOR YOU! SO NATURALLY WE HAD TO KEEP IT HAHA!)

What happens when a digital forensics expert sets up a podcast studio in a cupboard under the stairs and a co-host becomes a modern-day Snow White with her Bird Buddy camera? You get a lively and engaging episode of the Digital Forensics Now podcast! Alexis Brignoni, aka Briggs, and Heather Charpentier kick off this special episode with humor and camaraderie, sharing personal anecdotes and giving shout outs to their devoted listeners like Adam and Kevin. Plus, we nod to fellow podcaster Justin Tolman for his enlightening episodes on forensic technology, including a riveting discussion on AI and legal standards with Brandon Epstein.

Ever wondered how driving on the opposite side of the road or discovering local flavors like Vegemite could become part of a professional journey? This episode takes you on an entertaining trip to New Zealand, where Alexis recounts his experiences teaching at a New Zealand Customs event alongside experts like Jung Son and Mario Merendon. From navigating tiny light switches to marveling at Auckland’s architectural wonders, this chapter is filled with both professional insights and delightful cultural encounters. The rooftop bar with waist-high glass bumps offering views into the train station below is a highlight not to be missed!

For our tech-savvy listeners, we dive deep into the world of digital forensics tools and training. We discuss the significance of volunteering for IACIS, troubleshoot  Magnet Axiom software, and outline upcoming training events like the SANS Community Learning Day in Miami. We also explore the practicalities of running Python scripts, showcasing a new tool called Mister Skinnylegs, caution against over-reliance on AI, and stress the importance of fundamental knowledge in digital forensics. From iOS tool updates and Metadata Forensics to sourcing forensic-related blogs, this episode is packed with valuable insights to enhance your forensic expertise.

Notes:
DFIRCON xLEAPP
https://www.sans.org/mlp/dfircon-miami-agenda/

CCL Solutions Group - Mister Skinnylegs
https://github.com/cclgroupltd/mister-skinnylegs

iOS 17- The “Forever” Setting That Isn’t… Or Is It?
https://smarterforensics.com/2024/08/ios-17-the-forever-setting-that-isnt-or-is-it/

Identity Lookup Service
https://djangofaiola.blogspot.com/2024/08/identity-lookup-service.html

Send us a text

Welcome back to another episode of the Digital Forensics Now podcast! In this episode, we explore the critical need for continuous learning in the field, discuss fascinating forensic tools, showcase UFADE with its new chat capture feature, and engage in a spirited debate on the value of certifications. Get ready to expand your knowledge and stay at the forefront of this ever-evolving industry.

We begin by discussing the intricacies of unconscious and conscious incompetence as outlined in Brett Shavers new article. The episode continues with a detailed demonstration of UFADE, created by Christian Peter highlighting its user-friendly interface and the new chat capture feature. The hosts walk you through the tool's capabilities, showcasing its accessibility and usefulness in digital forensics investigations. From breaking Windows logon passwords using a Raspberry Pi Zero W to exploring the distinction between exploratory and explanatory data analysis, this segment offers a wealth of knowledge and practical insights. We also touch on the value of certifications, sparking a lively debate that challenges conventional wisdom and invites listeners to question the true measure of expertise in the tech industry. Get ready to be engaged in this thought-provoking episode.

Notes-
DFIR Competence: Are you Truly Skilled or Just Fooling Yourself?
https://www.dfir.training/blog/dfir-competence-are-you-truly-skilled-or-just-fooling-yourself

Oxygen Forensics Call for Speakers at the 2024 International User Summit
https://oxygenforensics.com/en/call-for-speakers-user-summit/

UFADE Updates
https://github.com/prosch88/UFADE

P4WNP1 Build
https://lush-seeder-8ab.notion.site/P4WNP1-Build-54ffcdbe7cdf4e74b47861e9bd80f857

SANS Webcast Series
https://www.sans.org/webcasts/demystifying-data-conversion-binary-hexadecimal-decimal-ascii/

Bitlocker on by Default Windows 11
https://www.tomshardware.com/software/windows/windows-11-24h2-will-enable-bitlocker-encryption-for-everyone-happens-on-both-clean-installs-and-reinstalls

ChatGPT 
https://www.sciencedirect.com/science/article/pii/S2666281724001252?dgcid=author

Send us a text

Join us as we recount our recent travels to Argentina and the Techno Security & Digital Forensics conference. We'll share the highlights of our trips before diving into the core content.

What could possibly go wrong with a feature designed for user convenience? We'll scrutinize Microsoft's controversial "Recall" feature, exploring its significant privacy concerns and implications for digital forensics. From unencrypted data to automatic opt-ins, we speculate on the potential user backlash. We'll also dive into the latest tech updates, including CCL Solutions Group's enhancements to the Rabbit Hole tool and how these advancements can revolutionize data analysis processes.

Discover the capabilities of VFC from MD5 and the latest tools for examining data from platforms like Snapchat and Facebook. We'll introduce new and updated blogs, innovative Python scripts, and the latest additions to the LEAPPS in this packed episode. Stick around for an insightful discussion and a sneak peek at what's coming in future episodes.

Notes- 
Rabbit Hole Updates and SQLite Blog/Cheatsheet
https://vimeo.com/948752153
https://www.cclsolutionsgroup.com/post/time-travelling-with-sqlite-journals-and-wal
https://vimeo.com/953570512
https://cdn.prod.website-files.com/5f02f2c93eab87a6ea84e2f3/665ed5e6ec5ef877d9d74dd2_sqlite-journal-cheatsheet.pdf

Copilot+ Recall disaster & Forensic Applications of Microsoft Recall 
https://doublepulsar.com/recall-stealing-everything-youve-ever-typed-or-viewed-on-your-own-windows-pc-is-now-possible-da3e12e9465e
https://cybercx.com.au/blog/forensic-applications-of-microsoft-recall/

Rising Star Jeremy McBroom
https://yeahihaveaquestion.com/

Analysis of Browser Artefacts from File Sharing Services
https://us5.campaign-archive.com/?u=a5a2a1131e612711f02b96e2c&id=9555c3f865
https://github.com/cclgroupltd/ccl_chromium_reader

SQLite Freelist Page Checker
https://github.com/SpyderForensics/SQLite_Forensics

Forensics StartMe Page
https://start.me/p/q6mw4Q/forensics?locale=en

Send us a text

Join us for an engaging session where we'll recap recent events and activities before diving into the latest research, cutting-edge tools, and exciting updates!

Tune in as we explore groundbreaking research conducted by emerging stars in the DFIR community. We'll delve into the testing of data stored in iOS Unified Logs, focusing on driving and motion states—this is sure to be fascinating. Discover the newly documented multi-user/multi-account functionality, such as Samsung's Dual Messenger, uncovered by a newcomer to digital forensics. Stay informed about enhancements and new capabilities for tools like UFADE.

We'll also ponder the implications of significant market acquisitions, such as Thoma Bravo's, and discuss their potential impact on the digital forensics field.

Additionally, learn about Android's innovative anti-theft features designed to thwart device thieves, which will also have implications for forensic investigations.

This episode is packed with insights you won't want to miss!

Notes-
iOS Unified Logs - Driving and Motion States
https://www.ios-unifiedlogs.com/post/ios-unified-logs-driving

Thoma Bravo Announces a Cash Offer to Acquire Cybersecurity Leader Darktrace
https://www.thomabravo.com/press-releases/thoma-bravo-announces-a-cash-offer-to-acquire-cybersecurity-leader-darktrace

Magnet One
https://www.magnetforensics.com/products/magnet-one/

UFADE Updates
https://github.com/prosch88/UFADE/

Android’s Theft Protection Features Keep Your Device and Data Safe
https://blog.google/products/android/android-theft-protection/

CCL Updates
https://github.com/cclgroupltd/ccl-segb

Brian Hempsteads Work on the Session Application
https://www.linkedin.com/posts/bhempstead_a-guide-for-session-app-sqlite-database-navigation-activity-7196877311659446272-zebu

Phil Hagen YouTube Channel
https://www.youtube.com/@PhilHagen

VMware Fusion Pro: Now Available Free for Personal Use
https://blogs.vmware.com/teamfusion/2024/05/fusion-pro-now-available-free-for-personal-use.html
https://unexploredterritory.tech/074-newsflash-vmware-workstation-and-fusion-licensing-changes-did-i-hear-free/

Send us a text

Live from the International Association of Computer Investigative Specialists (IACIS) with special guest Bill "the phone wizard" Aycock!!


Notes:
Three New SANS Posters
https://www.sans.org/posters/ios-third-party-apps-forensics-reference-guide-poster/
https://www.sans.org/posters/android-third-party-apps-forensics/https://www.sans.org/posters/dfir-advanced-smartphone-forensics/

New Release of Mushy
https://doubleblak.com/app.php?id=Mushy

Blue Crew Forensics
https://bluecrewforensics.com/2022/03/07/ios-app-intents/

Send us a text

Navigating the complexities of digital forensics can be daunting, but this week we've got your back with the exploration of Magnet Forensics' Axiom version 8, and its transformative Mobile View feature. As your hosts we're not just sharing tech updates; we're discussing the impact these tools have on our work and how they shape the narratives we construct. 

When it comes to the integrity of an investigation, the devil is in the details—and in the documentation. We delve into the craft of forensic reporting, dissecting why an analyst's narrative is just as critical as the raw data pulled from tools. From the subtleties of crafting a timeline to the nuances of articulating the relevance of each artifact, we've got the insights that will assist you on your report writing journey. 

Finally, join us for a celebration of the community spirit that fuels this field, illustrated by new blogs and newly supported artifacts in the LEAPPS. We also look at the growing significance of vehicle forensics in investigations. And because we all need a good chuckle, don't miss our 'meme of the week' segment. It's an episode brimming with expertise, but not without its moments of laughter because finding joy in our work is paramount. Come for the knowledge, stay for the camaraderie, and enhance your forensic acumen with us.

Notes-
Job Alert- Upcoming Openings at the New York State Police
https://troopers.ny.gov/civilian-employment

Capture the Flags
Hexordia
https://www.hexordia.com/spring2024-weekly-ctf-challenge
Oxygen
https://oxygenforensics.com/en/training/events/ctf-apr-19-2024/
Belkasoft
https://belkasoft.com/belkactf6/info

Mobile View and Copilot in Magnet Axiom
https://www.magnetforensics.com/blog/bring-your-mobile-evidence-to-life-with-the-new-mobile-view-in-magnet-axiom/
https://www.magnetforensics.com/blog/identify-deepfakes-and-quickly-surface-evidence-with-new-ai-tools-in-magnet-axiom/

DeRR.p. Investigating Power Events on Samsung Devices
https://thebinaryhick.blog/2024/04/07/__trashed/

Peer Review Checklist
https://www.hexordia.com/blog-1-1/gc0vnvj80ogwx724ovu7avzwvjl742

What's the Buz: Forensic Analysis of Buz for iOS
https://laurora4n6.wixsite.com/aurora4n6/post/what-s-the-buz

What's New with the LEAPPS?
https://www.stark4n6.com/2024/04/splitwise-on-ios.html

Send us a text

In mobile forensics, with each update brings new challenges and opportunities. Join us as we dissect the latest iOS 17.4 impacts, including the nuances of SQLite databases and the advent of write-ahead logs in Advanced Logical extractions. Our episode is brimming with insights that could change the way you approach data extraction and parsing. 

The forensic landscape is ever-evolving, and this episode isn't shy about the hurdles we face, or the workarounds that keep us ahead. Discover how matching forensic work environments with devices' native operating systems and utilizing tools like Christian Perter's  and Lionel Notari's for Logical and Unified Log extraction can streamline your investigative processes. 

Building a personal brand in digital forensics isn't just about notoriety; it's about cultivating a reputation that commands respect and opens doors. This episode celebrates those who contribute to the community, from the creation of new parsers to the latest features in FTK 8, and how these actions bolster not just your standing but the entire field. We explore the unique journeys that shape our professional identities and share laughter over common forensics foibles. It's an episode that champions growth, community, and the personal touch that makes all the difference in a technical world.

Notes-
A Gift From Apple:
https://www.msab.com/blog/apple-deleted-data-itunes-backups/

UFADE Universal Forensic Apple Device Extractor:
https://github.com/prosch88/UFADE

iOS Unified Logs tool:
https://www.ios-unifiedlogs.com/blog

FTK LevelDB Support:
https://www.exterro.com/ftk-product-downloads

What's New with the LEAPPS?
https://github.com/abrignoni

Send us a text

Unlock the secrets of advanced forensic analysis with us! We reveal essential training classes that every digital sleuth needs to stay ahead in an ever-changing tech landscape. Sign-on to be enlightened by experts in the captivating world of data structures through Hexordia's class and IACIS's comprehensive course.  But it's not all about the classes; we're also sending a must-read book your way to sharpen that detective wit you pride yourself on. 

Get ready to explore the controversial yet fascinating realm of facial recognition with our introduction of Exponent Faces, a  X-Ways Forensics X-Tension. Whether it's identifying suspects or navigating the ethical minefields of biometric data, we're weighing in with all the expertise you could hope for. 

Finally, journey with us as we dissect the pivotal role of soft skills and community support for forensic examiners, you'll find this episode is not just about the tech—it's about the people behind the screens who make justice possible. Join us, where knowledge is power and staying updated is as crucial as the evidence itself.

Notes:
IACIS Advanced Mobile Device Forensics
https://www.iacis.com/training/amdf-advanced-mobile-device-forensics/

DFIR Investigative Mindset-Brett Shavers
Book release March 22, 2024- 1/2 price for one week!

Facial Recognition in DFIR
https://www.apiforensics.com/blogs/announcing-exponent-faces.asp
https://abcnews.go.com/Business/controversy-illuminates-rise-facial-recognition-private-sector/story?id=96116545

Google Chrome Platform Notification Analysis
https://www.sans.org/blog/google-chrome-platform-notification-analysis/

The Digital Forensic Practitioner Survey (DFPulse2024)
https://bit.ly/dfpulse

What's New with the LEAPPs?
https://github.com/abrignoni

Send us a text

Embark on a journey through both history and the cutting-edge world of digital forensics with us as we pay homage to the brilliant Dr. Gladys West, whose work underpins the GPS technology we take for granted today. In celebration of Black History Month, we draw inspiration from Dr. Martin Luther King Jr., discussing how we can all contribute to the fight against enduring societal challenges. Our conversation is a testament to the power of empathy and action in fostering societal change, spotlighting the often overlooked breadth of achievements by historical figures like Dr. West and Dr. King.

Unravel the complexities of iOS location and  Unified Log analysis through our educational talk on the recent breakthroughs highlighted by experts like Ian Whiffin and Lionel Notari. Discover the new feature from Magnet Axiom. The Animated Map Routes feature provides an additional facet for courtroom presentation. 

We wrap up with a deep appreciation for the significance of training and expertise in digital forensics, engaging with the thoughts presented by Shafik Punja in his 'Bullshit Hunting: Digital Forensics Edition' article. The discussion traverses the critical role of proper forensic training and tools, the ethical responsibilities that accompany our work, and the profound impact that our industry has on legal outcomes and lives. 


Notes-

The Cyber Social Hub- Daily Digital Investigator Episodes
https://podcast.cybersocialhub.com/

Belkasoft's Free Android Forensics Class
https://belkasoft.com/android-forensics-training

Apple Maps - Visited Location?
https://www.doubleblak.com/blogPost.php?k=mapssync

iOS Unified Logs - WiFi and AirPlane Mode
https://www.ios-unifiedlogs.com/post/ios-unified-logs-wifi-and-airplane-mode

Animated Map Routes in Magnet Axiom
https://www.youtube.com/watch?v=fyPrJKLhD9k

8 Log Files You Can Collect from iOS and Android Devices
https://www.magnetforensics.com/blog/8-log-files-you-can-collect-from-ios-and-android-devices/

Candidate Examiner's and Training Programs
https://www.bullshithunting.com/p/bullshit-hunting-digital-forensics

Sources of Error in Digital Forensics
https://www.sciencedirect.com/science/article/pii/S2666281724000027

Send us a text

Discover the intersection of digital innovation and forensic expertise as we celebrate and honor the incredible legacy of computing pioneer Mark Dean during Black History Month. With a salute to unsung heroes like Johann, who fuel the open-source tools we rely on, this episode is a tribute to the collaborative spirit that propels digital forensics forward.

Peek behind the curtain of the Photos SQLite database with insights from the Forensic Scooter blog, uncovering the depths of data crucial to forensic investigations. We explore how metadata comparison can reveal content manipulation, the importance of distinguishing between cloud and device media origins, and the crafty skills required to validate findings in a world where AI is becoming a pivotal tool. This episode isn't just about the tools we use; it's about the critical thinking and validation skills necessary to ensure AI assists rather than misleads.

Fasten your seatbelt as we navigate the evolving landscape of vehicle forensics and tackle the challenges posed by encryption in new vehicle modules. Reflect on how data from vehicle systems can be leveraged in accident reconstruction and criminal investigations, emphasizing the need to stay ahead of technological advancements. Wrapping up, we delve into the latest from the LEAPPs framework and the implications of Android's multi-user support, underscoring the episode's commitment to sharing knowledge that keeps the digital forensics community at the cutting edge.

Notes-
Black History Month Notable Contributor to Digital Forensics-Mark Dean
https://web.eecs.utk.edu/~markdean/

Device Set-up – Transferring data to new iPhone & Effects to Photos.sqlite
https://theforensicscooter.com/2024/02/04/device-setup-transferring-data-to-new-iphone-effects-to-photos-sqlite/

Dissecting the Android WiFiConfigStore.xml for Forensic Analysis
https://blog.digital-forensics.it/2024/02/dissecting-android-wificonfigstorexml.html

AI Generated Imagery
https://us5.campaign-archive.com/?u=a5a2a1131e612711f02b96e2c&id=81d1b025e7

Magnet Idea Lab-Project Goose
https://magnetidealab.com/projects/project-goose/

Vehicle Forensics
How to access logical files in a QNX partition-   https://www.youtube.com/watch?v=8SAZthXjT5s

The LEAPPS
https://github.com/abrignoni

Send us a text

Embark on an enlightening path as we meld the celebration of Black History Month with the dynamism of mobile forensics. This episode is a tribute not only to the past but a clarion call for the future, as we honor Annie Easley, the trailblazing NASA computer scientist, while also navigating the rapidly evolving landscape of digital investigation tools. As your guides, we unravel the intricacies of open-source forensics tools, and the necessity of test devices, ensuring your knowledge remains at the forefront of technological advancements.

With a constant eye on professional growth, we're excited to share information about upcoming conferences, training and opportunities to sharpen your digital forensic skills. We share our experiences, opening doors for you to learn and grow right beside us. Our conversation takes a stimulating turn as we discuss the Rabbit R1, a new AI gadget that promises to redefine app interaction and its implications for data privacy. As we dissect the nuances of AI in fingerprint analysis, we invite you to journey with us through the maze of modern forensics, where even the uniqueness of fingerprints is called into question.

As we wrap up, our passion for the subject matter shines through with the introduction of cutting-edge features in mobile forensics updates, and the vital role of resource management in our field. We laugh over the meme of the week but also reflect on the serious undertones it brings to the prioritization of forensic cases. Closing the session, we express our heartfelt gratitude for the engagement and support that fuels our podcast, leaving you with an anticipation for deeper discussions and discoveries in the episodes to come. Join us, and together, let's shape the narrative of digital forensics and its rich connection to history and innovation.

Notes-
Honoring Annie Easley-Black History Month Feb 2024
https://elective.collegeboard.org/annie-easley-computer-science-pioneer

Testing and Validation
https://www.hexordia.com/blog-1-1/unlock-rooting-pixel6a
https://blog.d204n6.com/2020/08/setting-up-testing-lab-of-ios-and.html

Paraben Forensic Innovation Conference
https://pfic-conference.com/

Free Android Training from Belkasoft
https://belkasoft.com/android-forensics-training

Cellebrite Case to Closure Summit and Awards 
https://global-c2c-summit-2024.cventevents.com/event/ec371a30-107d-4ce4-8bad-44e331148339/summary
https://cellebrite.com/en/c2c-summit-digital-justice-awards/

Magnet Virtual Summit/Capture the Flag
https://magnetvirtualsummit.com/
https://magnetvirtualsummit.com/capture-the-flag/

Rabbit R1
https://www.theverge.com/2024/1/9/24030667/rabbit-r1-ai-action-model-price-release-date

AI- Fingerprints Unique or Maybe Not?
https://www.cnn.com/2024/01/12/world/fingerprints-ai-based-study-scn/index.html

Layoffs Due to AI
https://www.theverge.com/2024/1/14/24038397/google-layoffs-just-the-beginning

Hidden Gem in iOS 17
https://www.linkedin.com/posts/luca-cadonici-41299b4b_ios-ipados-passcode-activity-7152770642168160257-VJ7C

Android Auto Reboots
https://www.bleepingcomputer.com/news/security/grapheneos-frequent-android-auto-reboots-block-firmware-exploits/

The LEAPPS
https://github.com/abrignoni

Send us a text

Get ready to navigate the complexities of digital forensics with the latest industry insights, as we shine a light on Cellebrite's recent rebranding journey. From the quirky 'EYE' twist in their new product names to the strategic significance behind the move, we've got it all covered in a dynamic discussion that promises to clarify and critique the changes afoot. Plus, we'll dive into how Cellebrite is contributing to the tireless work of child protection organizations, aligning tech advancements with noble missions.

We will guide you through our thoughts relating to advertising effectiveness in the forensics domain, and why the quality work of forensic professionals trumps any single tool on the market. The art of communication from businesses about their products and the role of technology in boosting company progression is key.       

The conversation turns to the exciting potential of recent password recovery innovations from Arsenal Recon's Password Sledgehammer and new support for location based and messaging applications in the LEAPPs!

As we wrap up, the discussion turns to the thrilling possibilities of Android device analysis and the ever-evolving policies of giants like Google. We're not just talking about the next big thing; we're living it, breathing it, and sharing our experiences with you. So plug in, turn up the volume, and prepare for an episode that’s as informative as it is engaging.

Notes:

Operation Find Them All-
https://abcnews-go-com.cdn.ampproject.org/c/s/abcnews.go.com/amp/Business/wireStory/cellebrite-donates-ai-investigative-tools-nonprofits-find-missing-106321858

Magnet Forensics Acquires High Peaks Cyber-
https://forensicfocus.com/news/magnet-forensics-acquires-high-peaks-cyber-further-bolstering-the-magnet-graykey-labs-research-team/

Arsenal Password Sledgehammer-
https://arsenalrecon.com/products/arsenal-image-mounter/downloads

Life360 Stark4N6-
https://www.stark4n6.com/

Analysis of Android Settings During a Forensic Investigation-
https://blog.digital-forensics.it/2024/01/analysis-of-android-settings-during.html

Google Location Data News!-
https://www.forbes.com/sites/cyrusfarivar/2023/12/14/google-just-killed-geofence-warrants-police-location-data/?sh=245f8f422c86

https://www.washingtonpost.com/technology/2023/12/14/google-maps-location-history/

Send us a text

Ever found yourself piecing together a complex jigsaw puzzle of digital evidence? That's precisely the journey we invite you to embark on in our latest episode packed with tools, tales, and tech. We're not just talking shop; we're handing you the magnifying glass to examine the intricacies of JSON files with JSON CRACK, and introducing a  python tool to automate investigations involving Google Drive File Stream artifacts, DriveFS-sleuth.

This episode is a testament to the craft of digital forensics, featuring a blog from Mattia at Zena Forensics that aides in answering the question, "Has the user ever used the XYZ application?".  As we unpack the nuances of reverse engineering and celebrate the updates to Hexordia's Evanole, we're reminded that the heart of digital forensics beats to the rhythm of relentless inquiry and meticulous method. 

We delve into the advanced research and exploitation methodologies With Magnet GrayKey Labs and converse about the importance of these capabilities as well as validation. This is coupled with a live demonstration involving SEGB files and the data that can be overlooked without research and the validation of multiple tools.

Raise your glasses—here's to the exuberant spirit of learning and the relentless pursuit of truth that defines our community.  So, are you ready to elevate your understanding of the digital landscape and smash those New Year's resolutions? Join us, and let's make 2024 a year of 4K clarity—in forensics and beyond!

Notes:

JSON Crack-
https://jsoncrack.com/

DriveFS Sleuth — Your Ultimate Google Drive File Stream Investigator!
https://amgedwageh.medium.com/drivefs-sleuth-investigating-google-drive-file-streams-disk-artifacts-0b5ea637c980https://github.com/AmgdGocha/DriveFS-Sleuth

Advanced Research and Exploitation Methodologies With Magnet GRAYKEY Labs
https://www.magnetforensics.com/blog/advanced-research-and-exploitation-methodologies-with-magnet-graykey-labs/

Has the user ever used the XYZ application?
https://blog.digital-forensics.it/2023/12/has-user-ever-used-xyz-application-aka.html

Evanole New Year Reveal! 
https://www.hexordia.com/evanolece