Send us a text

Kick off your new year with some forensic fun as we recount our holiday escapades and dive into the latest in digital forensics! Ever wondered how RAM dumps from Android devices can reveal crucial data? We spotlight MSAB's innovative RAMalyzer tool and their new blog series covering RAM from mobile devices.

Discover how the digital forensics community is collaborating to propel the field forward, as we share insights from the DF Pulse 2024 Digital Forensic Practitioner Survey and the delicate dance between competition and cooperation. Standardization is the name of the game, and we're exploring how the field of digital forensics can benefit from it.

Updates to Magnet Axiom's date range capabilities showcase the ceaseless evolution of digital forensics tools. Journey with us as we tackle the intricacies of Bluetooth tracker detection, all while considering the dual nature of technology and the significance of using it responsibly.

From exploring Richard Davis's work with 13 Cubed to discussing Yogesh Khatri's contribution to analyzing the USN Journal, we shine a light on the vital role of principles in our field.

With warm wishes for the new year, we invite you to stay tuned for more episodes brimming with insights and camaraderie.

Notes:
MSAB RAMalyzer series!
https://msab.com/resources/blog/


Paraben Forensic Innovation Conference
https://link.reachpenguin.com/widget/form/99kVMTgaA0mbpZvYLTjG

Tip Tuesday: Troubleshooting in PA
https://www.youtube.com/watch?v=eSNovfdwucw&list=PLwmKlEiYNUYte-pnlbw45YKpPB7K8xCgC&index=1

DFPulse: The 2024 digital forensic practitioner survey
https://www.sciencedirect.com/science/article/pii/S2666281724001719

Magnet Axiom Cyber 8.7: Acquire iCloud backups from ADP-enabled accounts, and more!
https://www.magnetforensics.com/blog/magnet-axiom-cyber-8-7-icloud-adp-and-more/

Android Will Let You Find Unknown Bluetooth Trackers Instead of Just Warning You About Them
https://www.engadget.com/mobile/smartphones/android-will-let-you-find-unknown-bluetooth-trackers-instead-of-just-warning-you-about-them-204707655.html

Be Kind, Rewind... The USN Journal
https://youtu.be/GDc8TbWiQio?feature=shared

Apple Photos phones home on iOS 18 and macOS 15
https://lapcatsoftware.com/articles/2024/12/3.html

SWGDE Considerations for Required Minimization of Digital Evidence Seizure
swgde.org/16-f-002/

Send us a text

Join us for a holiday-themed episode of Digital Forensics Now, where we blend expert insights with personal stories from the field of digital forensics.

This episode delves into cutting-edge tools and techniques for digital forensics. Explore insights from Arsenal on advanced methods for analyzing swap space and memory files. We also share experiences with the Samsung Secure Health Data Parser, highlighting the challenges of decrypting health databases and the critical role of UFED in overcoming them. Don’t miss an in-depth look at the remarkable features of ArtEX, showcasing its value to examiners. Additionally, we introduce the LEAPPS Artifact Viewer App (LAVA), a groundbreaking tool unveiled at the Cyber Social Hub conference.

We discuss the vital role of forensic experts in legal proceedings, from the importance of meticulous validation to the risks of mishandling evidence. Real-world cases and a controversial court rulings that highlight why expert testimony remains essential in interpreting digital artifacts.

We close with gratitude to our listeners and warm holiday wishes. Stay tuned on social media for updates on our next live session after the holidays.

Notes:
Working with 010 Hex-Editor
https://www.youtube.com/playlist?list=PLCS2zI95IiNwheFCTaUEytA1GT0mNOOdn

Arsenal Releases a New Tool!
https://arsenalrecon.com/additional-products

Samsung Secure Health Data Parser - A Forensic Tool for Parsing & Analyzing Samsung Secure Health Databases https://github.com/breakpointforensics/Samsung-Secure-Health-Data-Parser-/tree/main

ArtEx Artifact Examiner
https://www.doubleblak.com/app.php?id=ArtEx2

Why the Manual Preview/Screenshots May Not Hold Up in Court https://www.forbes.com/sites/larsdaniel/2024/11/13/think-that-screenshot-is-proof-heres-why-it-might-not-hold-up-in-court/ https://www.forbes.com/sites/larsdaniel/2024/12/06/smartphone-forensics-and-fake-texts-how-are-courts-responding/

What's New with the LEAPPS!?
Google Keep Notes
https://charpy4n6.blogspot.com/2024/12/google-keep-notes.html
Signup for Updates! leapps.org

Send us a text

The latest episode of Digital Forensics Now kicks off with lighthearted banter about Heather's newfound fame in commercials, bringing a fun and relatable start to a tech-heavy discussion. Following the laughs, the conversation shifts to an invigorating recap of Alexis' recent experience at SANS DFIRCON, featuring interactions with digital forensics luminaries like Brian Maloney and Ian Whiffin. Ian's ArtEx tool, which cleverly maps locations for forensic investigations, also takes center stage as a highlight of the conference. The episode weaves in personal reflections, including a scenic family train ride from Orlando to Miami and the implementation of a Python artifact exercise during a teaching session.

The journey continues with a vibrant detour to the Tanganyika Wildlife Park in Kansas, where the usual birthday horseback riding tradition was replaced with unforgettable encounters like swimming with penguins, feeding giraffes, and snapping selfies with lemurs. These charming moments with nature set a refreshing tone before diving back into the tech world.

In the realm of digital forensics, the episode explores reverse engineering iOS 18, discusses the brief availability of BitLocker support in FTK Imager, and examines the evolving landscape of BFU (Before First Unlock) data extraction in law enforcement. The hosts delve deep into the complexities of digital forensics tools, translating technical data structures into accessible insights while emphasizing the importance of a strong digital evidence strategy. Topics include advancements in the LEAPP Parsers, the innovative Lava Viewer, and the latest developments in Blue Sky data structures, offering a comprehensive look at the tools shaping the field.

The episode wraps up with an open invitation for listeners to connect on social platforms, share their thoughts, and showcase innovative projects within the community, fostering a collaborative and forward-thinking space for digital forensics enthusiasts.

Notes
iOS Devices Rebooting Continuedhttps://naehrdine.blogspot.com/2024/11/reverse-engineering-ios-18-inactivity.html

Samsung Secure Health Data Parser https://breakpointforensics.com/2024/11/06/samsung-secure-health-data-parser-a-forensic-tool-for-parsing-analyzing-samsung-secure-health-databases/
https://github.com/breakpointforensics/Samsung-Secure-Health-Data-Parser-/tree/main

Mobile Forensics Data Structures: Extracting and Analyzing Data with Free Toolshttps://www.hexordia.com/blog/mobile-forensics-data-structures

GAMEPLANS: A template for robust digital evidence strategy developmenthttps://onlinelibrary.wiley.com/doi/10.1111/1556-4029.15655Digital Evidence

Enhancing public safety using digital investigative technologieshttps://majorcitieschiefs.com/wp-content/uploads/2024/10/MCCA-Digital-Evidence-White-Paper-_-Oct-2024.pdf

Importance of BFU Partial Filesystem Extractions!https://www.linkedin.com/posts/1carl-lawrence_dfir-polcing-digitalforensics-activity-7264179600631468034-FHGh

Sumuri Gives Back 2024
https://sumuri.com/sumuri-gives-back-2024/

Send us a text

Join us on the Digital Forensics Now podcast as we explore the details of the iOS 18 inactivity reboot issue with mobile forensics expert Christopher Vance from Magnet Forensics. Chris traces the origins of this challenge back to iOS 17 and explains how unified logs play a key role in diagnosing these system memory resets. This episode is packed with valuable insights for anyone interested in the inner workings of iOS devices and the unique considerations they present in digital forensics.

We also discuss device security and data preservation, focusing on iOS devices. Examining the balance between law enforcement’s need for data access and Apple’s privacy measures, we highlight the importance of extracting the data from devices quickly to prevent data loss. Our conversation covers the legal complexities, jurisdictional nuances, and the demand for data preservation tools to address these challenges effectively.

We explore recent developments in mobile technology, specifically Android 15's "Private Space" feature and how it will effect the digital forensic community workflow.

With insights from industry experts, this episode is full of essential updates tailored for digital forensics professionals looking to stay current.

Notes:
iOS Devices Rebooting
https://www.magnetforensics.com/blog/understanding-the-security-impacts-of-ios-18s-inactivity-reboot/

5 iOS forensics evidence sources to capture before they expire
https://www.magnetforensics.com/blog/ios-forensics-evidence-sources-to-capture-before-they-expire

Mac and iOS Forensic Analysis and Incident Response Poster
https://www.sans.org/posters/macos-ios-forensic-analysis/

Send us a text

Could AI in forensic analysis be more of a liability than an asset? Join us as we explore this pressing concern.

We kick off this episode with an important update for those dealing with Android extractions. Recent changes to the Android OS and Google Play Store might be causing the Keystore (secrets.json) file to either miss data or not be extracted at all. This brings attention to the vital role decryption keys play in accessing data from mobile devices.

Next, we dive into advancements in forensic tools like MSAB’s new RAM analyzer for XRY Pro users.

For iOS investigators, if you’re working with Cache.sqlite data, you’ll want to check out iCatch, a tool designed to map the data efficiently and streamline your workflow.

Shifting to the role of AI, we examine a recent legal case that highlights the dangers of relying on AI-generated results without proper verification. Accuracy and repeatability are key, and our discussion focuses on the ethical implications of using AI in forensic investigations. We emphasize the importance of thoroughly validating AI tools to maintain trust in the legal process.

Notes:

Updated Telegram Policy
https://www.linkedin.com/posts/luca-cadonici-41299b4b_policy-telegram-cybersecurity-activity-7244258209979334656-AxPlhttps://telegram.org/privacy#8-3-law-enforcement-authorities

MSAB RAMalyzer
https://www.youtube.com/watch?v=1SEgSYSF03A

Expert witness used Copilot to make up fake damages, irking judge
https://arstechnica.com/tech-policy/2024/10/judge-confronts-expert-witness-who-used-copilot-to-fake-expertise/https://law.justia.com/cases/new-york/other-courts/2024/2024-ny-slip-op-24258.html

iCATCH
https://github.com/AXYS-Cyber/iCATCH

Send us a text

Join us as we discuss the latest blogs and training opportunities available to keep you at the forefront of digital forensics.

We’ll then dive into the release of iOS 18 and its impact on digital forensic investigations. Beyond tools and gadgets, we'll explore the shift towards cloud-based evidence storage, weighing its benefits and security challenges against traditional air-gapped networks.

Whether you're a seasoned professional or just beginning your journey, this episode offers a mix of education, entertainment, and a sense of community, all with a dash of geek culture fun.

Notes:

-Triple Trouble. iOS 16, Android 14, and iOS 17 Images Now Available!
https://thebinaryhick.blog/2024/09/14/triple-trouble-ios-16-android-14-and-ios-17-images-now-available/

-A First Look at iOS 18 Forensics
https://blog.digital-forensics.it/2024/09/a-first-look-at-ios-18.htmlhttps://www.magnetforensics.com/blog/a-look-into-ios-18s-changes/

-New iOS Feature - Brian Krebs Linkedin Post
https://support.apple.com/guide/iphone/request-give-remote-control-a-facetime-call-iph5d70f34a3/ios

-macOS 15 (Sequoia): What Forensic Examiners Need to Know
https://www.linkedin.com/pulse/macos-15-sequoia-what-forensic-examiners-need-know-sumuriforensics-ohbrc/

-25th Anniversary of Paraben
https://l.paraben.com/25-year-anniversary-3005

-Oxygen 2024 International User Summit
https://oxygenforensics.com/en/user-summit-2024/

-When is an app not an app? Investigating WebAPKs on Android
https://www.cclsolutionsgroup.com/post/when-is-an-app-not-an-app-investigating-webapks-on-android

-mr. eerie Blog
https://mreerie.com/2024/09/30/exploring-ufade-to-extract-data-from-ios-devices/

-Learn With Hexordia Launch
https://learn.hexordia.com

-Noel Lowdon-Vehicle Systems Forensics
https://www.linkedin.com/in/noel-lowdon-74685769/

-Not Scary Binary
https://us02web.zoom.us/webinar/register/WN_8G0VMawERVO-kpaDJbE2Ww#/registration

-Marco Neumann added Withings HealthMate on iOS (iLEAPP)
https://bebinary4n6.blogspot.com/2024/09/withings-healthmate-on-ios.html

Send us a text

Recognizing excellence is key in our community, and we spotlight the SANS Difference Maker Awards and Cellebrite Summit Digital Justice Awards. Discover why it’s crucial to nominate your peers and learn about the newly opened registration for IACIS 2025 training classes, featuring must-attend courses like Advanced Mobile Device Forensics.

While highlighting a recent article by Brett Shavers, we stress the significance of continuous education and community acknowledgment in helping digital forensics professionals grow and excel.

Our conversation delves into the technical challenges of iOS Telegram data analysis and the development of tools like Kathryn Hedley's Parse USBs script. We shed light on the importance of peer reviews and cognitive bias in forensics. This episode is a deep dive into the intricacies of digital forensics, education, and the community that drives it forward.

Notes:

SANS Difference Maker Awards
https://www.sans.org/about/awards/difference-makers/

Cellebrite Summit Digital Justice awards
https://cellebrite.com/en/c2c-summit-digital-justice-awards/

IACIS 2025 Training
https://iacis.com/training/

Belkasoft - iOS Telegram Acquisition and Database Analysis
https://belkasoft.com/ios-telegram-forensics-acquisition-and-database-analysis

Kathryn Hedley parseusbs script
https://www.khyrenz.com/post/automated-usb-artefact-parsing-from-the-registryhttps://github.com/khyrenz/parseusbs

Cracking OneDrives Personal Vault -Brian Maloney
https://malwaremaloney.blogspot.com/2024/09/cracking-onedrives-personal-vault.html
https://github.com/Beercow/Personal-Vault-BEK

Brett Shavers New Article - Today, today I rant
https://www.linkedin.com/pulse/today-i-rant-dfir-training-brett-shavers--pij4c/

Lionel Notari Logs of the Week
https://www.ios-unifiedlogs.com/unifiedlogoftheweek

Send us a text

What's the real impact of AI on law enforcement documentation? Can digital forensics tools truly revolutionize our investigative processes? These are just some of the provocative questions we tackle in our season two premiere of Digital Forensics Now! Join us as we celebrate our one-year anniversary with reflections on the past year, exciting updates, and plans for the future.

The episode takes a deep dive into the ethical and practical implications of AI in law enforcement, sparked by a recent AP News article on police officers using AI chatbots for writing crime reports. We express our skepticism about AI's accuracy and discuss the vital need for human oversight. Examining AI’s influence on officers' recollection of events, this episode scrutinizes the potential pitfalls and ethical concerns associated with AI in policing. We also humorously critique some AI-generated descriptions of our podcast, shedding light on AI's current limitations and biases.

Don't forget to vote for your favorite difference makers with the SANS Difference Maker Awards!

In the latter part of the show, we shine a spotlight on Recuperabit, a forensic file system reconstruction tool, and Lionel Notari's invaluable contributions on iOS log files. We tackle the challenges of modifying third-party tools and discuss the broader ethical concerns of reverse engineering. As we wrap up, we celebrate our anniversary by announcing the winners of our prize draw and featuring the "Meme of the Week," which humorously highlights the financial struggles in our field. Tune in for an informative and engaging episode!

Notes-
Local Storage and Session Storage in Mozilla FireFox Part 1
https://www.cclsolutionsgroup.com/post/local-storage-and-session-storage-in-mozilla-firefox-part-1

SANS Difference Maker Awards
https://www.sans.org/about/awards/difference-makers/

Police officers are starting to use AI chatbots to write crime reports. Will they hold up in court?
https://apnews.com/article/ai-writes-police-reports-axon-body-cameras-chatgpt-a24d1502b53faae4be0dac069243f418

Magnet Forensics acquires Medex Forensics
https://www.magnetforensics.com/news/magnet-forensics-acquires-medex-forensics-strengthening-video-evidence-integrity-with-detection-of-deepfakes-and-generative-ai/

RecuperaBit Forensic File System Reconstruction
https://www.forensicfocus.com/interviews/andrea-lazzarotto-digital-forensics-consultant-and-developer/https://github.com/Lazza/RecuperaBit

The Logs of the Week
https://www.ios-unifiedlogs.com/unifiedlogoftheweek