A total of 3 winners will be picked to each win a 3-year license of Forensic Notes!
Belkasoft Evidence Center 2020 v.9.7 (or, in short, BEC ) is an all-in-one forensic solution , combining mobile and computer forensics as well as memory, cloud and remote forensics, and incident investigations in a single tool. Given its affordable price, it is one of the best choices among other available products on the market.
In v.9.7, Belkasoft significantly expanded BEC support of various mobile data sources and improved its Remote Forensics module.
Among major features included in BEC 2020 v.9.7 there are:
Read more https://belkasoft.com/new
Belkasoft announces the upcoming release of BEC ( Belkasoft Evidence Center 2020 ) version 9.7. In v.9.7, Belkasoft significantly expanded BEC support of various mobile data sources and added support for more operating systems in its Remote Forensics module.
Among features expected in the upcoming release of BEC 2020 there are:
Read more here https://belkasoft.com/sneak_peek
KeyScout is a utility built into Oxygen Forensic ® Detective which uncovers and extracts user data, tokens and passwords from apps and web browsers as well as Wi-Fi hotspot passwords, iTunes backups, and operating system data on PCs running Windows.
DeepSpar has a solid reputation in regards their products for recovering data from bad drives. It goes to figure that anything with DeepSpar’s name on it should be just as good, andin the case of the Guardonix, this is true.
BlackLight quickly analyzes computer volumes and mobile devices. It sheds light on user actions and now even includes analysis of memory images. BlackLight allows for easy searching, filtering and otherwise sifting through large data sets. It can logically acquire Android and iPhone/iPad devices, runs on Windows and Mac OS X, and can analyze data from all four major platforms within one interface. It’s simply the best option available for smart, comprehensive analysis.
The following information will allow you to familiarize yourself with the Forensic Notes application, including many new features for organizing & sharing notes in a team environment. Though investigations have typically been a team effort, investigators’ notes have typically not been easy to share, as they usually resided in a paper notebook. With Forensic Notes, you will now be able to easily share important information, without having to photocopy or somehow recreate key information. This increases collaboration and saves everyone a significant amount of time.
Read more https://www.forensicnotes.com/how-to-document-digital-forensic-investigations-with-forensic-notes/
As a follow up to my SANS webcast, I wanted to post detailed instructions on how to use KAPE to collect triage data and generate a mini-timeline from the data collected. As much as I hate to say "push button forensics", once you get KAPE up and running, it really is only a matter of a couple of clicks and you are off to the races.
In iOS 12, Apple went with a different way of storing a user's notifications than I was previously used to. In the past, it wasn't that difficult to track a user's notifications that were still hanging around on the device. It's not impossible right now, but boy is it painful. At least until a friend helped to make it easier for us.
Skadi is a free, open source collection of tools that enables the collection, processing and advanced analysis of forensic artifacts and images. It works on MacOS, Windows, and Linux machines. It scales to work effectively on laptops, desktops, servers, the cloud, and can be installed on top of hardened / gold disk images.
Read more http://www.sectechno.com/skadi-dfir-framework-to-collect-process-and-hunt/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Sectechno+%28SecTechno%29
Introducing a Python 3 script that looks for the UserNotifications folder in iOS 12 full file system extractions and parses the iOS notifications to easily triage their content. The script detailed below is a technical application of the research done at d204n6.com by my friend Christopher Vance that he kindly shared with me before making it public. Check out his blog on the topic at:
Read more https://abrignoni.blogspot.com/2019/08/ios-12-notifications-triage-parser.html
When you start analyzing a Linux memory dump using volatility, the first problem you may need to face is choosing the correct memory profile.
In previous posts, we’ve looked at how malware persists on macOS , taken a practical tour of macOS malware hunting techniques and also discussed techniques for reversing macOS malware. One area that we haven’t discussed so far, and which we’ll offer an introduction to in this and subsequent posts, is macOS post-breach or post-infection incident response. We’ll get started today, in Part 1, by explaining how to quickly gather up vital data about file events, system configuration and the machine’s current environment. In later posts in this mini-series on macOS incident response, we’ll look at discovering user activity, retrieving things like browser history, email messages, notifications, and application usage, among other things.