Digital Forensics Now – Détails, épisodes et analyse

Send us a text

Join us on the Digital Forensics Now podcast as we explore the details of the iOS 18 inactivity reboot issue with mobile forensics expert Christopher Vance from Magnet Forensics. Chris traces the origins of this challenge back to iOS 17 and explains how unified logs play a key role in diagnosing these system memory resets. This episode is packed with valuable insights for anyone interested in the inner workings of iOS devices and the unique considerations they present in digital forensics.

We also discuss device security and data preservation, focusing on iOS devices. Examining the balance between law enforcement’s need for data access and Apple’s privacy measures, we highlight the importance of extracting the data from devices quickly to prevent data loss. Our conversation covers the legal complexities, jurisdictional nuances, and the demand for data preservation tools to address these challenges effectively.

We explore recent developments in mobile technology, specifically Android 15's "Private Space" feature and how it will effect the digital forensic community workflow. 

With insights from industry experts, this episode is full of essential updates tailored for digital forensics professionals looking to stay current.

Notes:
iOS Devices Rebooting
https://www.magnetforensics.com/blog/understanding-the-security-impacts-of-ios-18s-inactivity-reboot/

5 iOS forensics evidence sources to capture before they expire
https://www.magnetforensics.com/blog/ios-forensics-evidence-sources-to-capture-before-they-expire

Mac and iOS Forensic Analysis and Incident Response Poster
https://www.sans.org/posters/macos-ios-forensic-analysis/

Send us a text

Could AI in forensic analysis be more of a liability than an asset? Join us as we explore this pressing concern. 

We kick off this episode with an important update for those dealing with Android extractions. Recent changes to the Android OS and Google Play Store might be causing the Keystore (secrets.json) file to either miss data or not be extracted at all. This brings attention to the vital role decryption keys play in accessing data from mobile devices.

Next, we dive into advancements in forensic tools like MSAB’s new RAM analyzer for XRY Pro users. 

For iOS investigators, if you’re working with Cache.sqlite data, you’ll want to check out iCatch, a tool designed to map the data efficiently and streamline your workflow.

Shifting to the role of AI, we examine a recent legal case that highlights the dangers of relying on AI-generated results without proper verification. Accuracy and repeatability are key, and our discussion focuses on the ethical implications of using AI in forensic investigations. We emphasize the importance of thoroughly validating AI tools to maintain trust in the legal process.

Notes: 

Updated Telegram Policy
https://www.linkedin.com/posts/luca-cadonici-41299b4b_policy-telegram-cybersecurity-activity-7244258209979334656-AxPlhttps://telegram.org/privacy#8-3-law-enforcement-authorities

MSAB RAMalyzer
https://www.youtube.com/watch?v=1SEgSYSF03A

Expert witness used Copilot to make up fake damages, irking judge
https://arstechnica.com/tech-policy/2024/10/judge-confronts-expert-witness-who-used-copilot-to-fake-expertise/https://law.justia.com/cases/new-york/other-courts/2024/2024-ny-slip-op-24258.html

iCATCH
https://github.com/AXYS-Cyber/iCATCH

Send us a text

Navigating the complexities of digital forensics can be daunting, but this week we've got your back with the exploration of Magnet Forensics' Axiom version 8, and its transformative Mobile View feature. As your hosts we're not just sharing tech updates; we're discussing the impact these tools have on our work and how they shape the narratives we construct. 

When it comes to the integrity of an investigation, the devil is in the details—and in the documentation. We delve into the craft of forensic reporting, dissecting why an analyst's narrative is just as critical as the raw data pulled from tools. From the subtleties of crafting a timeline to the nuances of articulating the relevance of each artifact, we've got the insights that will assist you on your report writing journey. 

Finally, join us for a celebration of the community spirit that fuels this field, illustrated by new blogs and newly supported artifacts in the LEAPPS. We also look at the growing significance of vehicle forensics in investigations. And because we all need a good chuckle, don't miss our 'meme of the week' segment. It's an episode brimming with expertise, but not without its moments of laughter because finding joy in our work is paramount. Come for the knowledge, stay for the camaraderie, and enhance your forensic acumen with us.

Notes-
Job Alert- Upcoming Openings at the New York State Police
https://troopers.ny.gov/civilian-employment

Capture the Flags
Hexordia
https://www.hexordia.com/spring2024-weekly-ctf-challenge
Oxygen
https://oxygenforensics.com/en/training/events/ctf-apr-19-2024/
Belkasoft
https://belkasoft.com/belkactf6/info

Mobile View and Copilot in Magnet Axiom
https://www.magnetforensics.com/blog/bring-your-mobile-evidence-to-life-with-the-new-mobile-view-in-magnet-axiom/
https://www.magnetforensics.com/blog/identify-deepfakes-and-quickly-surface-evidence-with-new-ai-tools-in-magnet-axiom/

DeRR.p. Investigating Power Events on Samsung Devices
https://thebinaryhick.blog/2024/04/07/__trashed/

Peer Review Checklist
https://www.hexordia.com/blog-1-1/gc0vnvj80ogwx724ovu7avzwvjl742

What's the Buz: Forensic Analysis of Buz for iOS
https://laurora4n6.wixsite.com/aurora4n6/post/what-s-the-buz

What's New with the LEAPPS?
https://www.stark4n6.com/2024/04/splitwise-on-ios.html

Send us a text

In mobile forensics, with each update brings new challenges and opportunities. Join us as we dissect the latest iOS 17.4 impacts, including the nuances of SQLite databases and the advent of write-ahead logs in Advanced Logical extractions. Our episode is brimming with insights that could change the way you approach data extraction and parsing. 

The forensic landscape is ever-evolving, and this episode isn't shy about the hurdles we face, or the workarounds that keep us ahead. Discover how matching forensic work environments with devices' native operating systems and utilizing tools like Christian Perter's  and Lionel Notari's for Logical and Unified Log extraction can streamline your investigative processes. 

Building a personal brand in digital forensics isn't just about notoriety; it's about cultivating a reputation that commands respect and opens doors. This episode celebrates those who contribute to the community, from the creation of new parsers to the latest features in FTK 8, and how these actions bolster not just your standing but the entire field. We explore the unique journeys that shape our professional identities and share laughter over common forensics foibles. It's an episode that champions growth, community, and the personal touch that makes all the difference in a technical world.

Notes-
A Gift From Apple:
https://www.msab.com/blog/apple-deleted-data-itunes-backups/

UFADE Universal Forensic Apple Device Extractor:
https://github.com/prosch88/UFADE

iOS Unified Logs tool:
https://www.ios-unifiedlogs.com/blog

FTK LevelDB Support:
https://www.exterro.com/ftk-product-downloads

What's New with the LEAPPS?
https://github.com/abrignoni

Send us a text

Unlock the secrets of advanced forensic analysis with us! We reveal essential training classes that every digital sleuth needs to stay ahead in an ever-changing tech landscape. Sign-on to be enlightened by experts in the captivating world of data structures through Hexordia's class and IACIS's comprehensive course.  But it's not all about the classes; we're also sending a must-read book your way to sharpen that detective wit you pride yourself on. 

Get ready to explore the controversial yet fascinating realm of facial recognition with our introduction of Exponent Faces, a  X-Ways Forensics X-Tension. Whether it's identifying suspects or navigating the ethical minefields of biometric data, we're weighing in with all the expertise you could hope for. 

Finally, journey with us as we dissect the pivotal role of soft skills and community support for forensic examiners, you'll find this episode is not just about the tech—it's about the people behind the screens who make justice possible. Join us, where knowledge is power and staying updated is as crucial as the evidence itself.

Notes:
IACIS Advanced Mobile Device Forensics
https://www.iacis.com/training/amdf-advanced-mobile-device-forensics/

DFIR Investigative Mindset-Brett Shavers
Book release March 22, 2024- 1/2 price for one week!

Facial Recognition in DFIR
https://www.apiforensics.com/blogs/announcing-exponent-faces.asp
https://abcnews.go.com/Business/controversy-illuminates-rise-facial-recognition-private-sector/story?id=96116545

Google Chrome Platform Notification Analysis
https://www.sans.org/blog/google-chrome-platform-notification-analysis/

The Digital Forensic Practitioner Survey (DFPulse2024)
https://bit.ly/dfpulse

What's New with the LEAPPs?
https://github.com/abrignoni

Send us a text

Embark on a journey through both history and the cutting-edge world of digital forensics with us as we pay homage to the brilliant Dr. Gladys West, whose work underpins the GPS technology we take for granted today. In celebration of Black History Month, we draw inspiration from Dr. Martin Luther King Jr., discussing how we can all contribute to the fight against enduring societal challenges. Our conversation is a testament to the power of empathy and action in fostering societal change, spotlighting the often overlooked breadth of achievements by historical figures like Dr. West and Dr. King.

Unravel the complexities of iOS location and  Unified Log analysis through our educational talk on the recent breakthroughs highlighted by experts like Ian Whiffin and Lionel Notari. Discover the new feature from Magnet Axiom. The Animated Map Routes feature provides an additional facet for courtroom presentation. 

We wrap up with a deep appreciation for the significance of training and expertise in digital forensics, engaging with the thoughts presented by Shafik Punja in his 'Bullshit Hunting: Digital Forensics Edition' article. The discussion traverses the critical role of proper forensic training and tools, the ethical responsibilities that accompany our work, and the profound impact that our industry has on legal outcomes and lives. 


Notes-

The Cyber Social Hub- Daily Digital Investigator Episodes
https://podcast.cybersocialhub.com/

Belkasoft's Free Android Forensics Class
https://belkasoft.com/android-forensics-training

Apple Maps - Visited Location?
https://www.doubleblak.com/blogPost.php?k=mapssync

iOS Unified Logs - WiFi and AirPlane Mode
https://www.ios-unifiedlogs.com/post/ios-unified-logs-wifi-and-airplane-mode

Animated Map Routes in Magnet Axiom
https://www.youtube.com/watch?v=fyPrJKLhD9k

8 Log Files You Can Collect from iOS and Android Devices
https://www.magnetforensics.com/blog/8-log-files-you-can-collect-from-ios-and-android-devices/

Candidate Examiner's and Training Programs
https://www.bullshithunting.com/p/bullshit-hunting-digital-forensics

Sources of Error in Digital Forensics
https://www.sciencedirect.com/science/article/pii/S2666281724000027

Send us a text

Discover the intersection of digital innovation and forensic expertise as we celebrate and honor the incredible legacy of computing pioneer Mark Dean during Black History Month. With a salute to unsung heroes like Johann, who fuel the open-source tools we rely on, this episode is a tribute to the collaborative spirit that propels digital forensics forward.

Peek behind the curtain of the Photos SQLite database with insights from the Forensic Scooter blog, uncovering the depths of data crucial to forensic investigations. We explore how metadata comparison can reveal content manipulation, the importance of distinguishing between cloud and device media origins, and the crafty skills required to validate findings in a world where AI is becoming a pivotal tool. This episode isn't just about the tools we use; it's about the critical thinking and validation skills necessary to ensure AI assists rather than misleads.

Fasten your seatbelt as we navigate the evolving landscape of vehicle forensics and tackle the challenges posed by encryption in new vehicle modules. Reflect on how data from vehicle systems can be leveraged in accident reconstruction and criminal investigations, emphasizing the need to stay ahead of technological advancements. Wrapping up, we delve into the latest from the LEAPPs framework and the implications of Android's multi-user support, underscoring the episode's commitment to sharing knowledge that keeps the digital forensics community at the cutting edge.

Notes-
Black History Month Notable Contributor to Digital Forensics-Mark Dean
https://web.eecs.utk.edu/~markdean/

Device Set-up – Transferring data to new iPhone & Effects to Photos.sqlite
https://theforensicscooter.com/2024/02/04/device-setup-transferring-data-to-new-iphone-effects-to-photos-sqlite/

Dissecting the Android WiFiConfigStore.xml for Forensic Analysis
https://blog.digital-forensics.it/2024/02/dissecting-android-wificonfigstorexml.html

AI Generated Imagery
https://us5.campaign-archive.com/?u=a5a2a1131e612711f02b96e2c&id=81d1b025e7

Magnet Idea Lab-Project Goose
https://magnetidealab.com/projects/project-goose/

Vehicle Forensics
How to access logical files in a QNX partition-   https://www.youtube.com/watch?v=8SAZthXjT5s

The LEAPPS
https://github.com/abrignoni

Send us a text

Embark on an enlightening path as we meld the celebration of Black History Month with the dynamism of mobile forensics. This episode is a tribute not only to the past but a clarion call for the future, as we honor Annie Easley, the trailblazing NASA computer scientist, while also navigating the rapidly evolving landscape of digital investigation tools. As your guides, we unravel the intricacies of open-source forensics tools, and the necessity of test devices, ensuring your knowledge remains at the forefront of technological advancements.

With a constant eye on professional growth, we're excited to share information about upcoming conferences, training and opportunities to sharpen your digital forensic skills. We share our experiences, opening doors for you to learn and grow right beside us. Our conversation takes a stimulating turn as we discuss the Rabbit R1, a new AI gadget that promises to redefine app interaction and its implications for data privacy. As we dissect the nuances of AI in fingerprint analysis, we invite you to journey with us through the maze of modern forensics, where even the uniqueness of fingerprints is called into question.

As we wrap up, our passion for the subject matter shines through with the introduction of cutting-edge features in mobile forensics updates, and the vital role of resource management in our field. We laugh over the meme of the week but also reflect on the serious undertones it brings to the prioritization of forensic cases. Closing the session, we express our heartfelt gratitude for the engagement and support that fuels our podcast, leaving you with an anticipation for deeper discussions and discoveries in the episodes to come. Join us, and together, let's shape the narrative of digital forensics and its rich connection to history and innovation.

Notes-
Honoring Annie Easley-Black History Month Feb 2024
https://elective.collegeboard.org/annie-easley-computer-science-pioneer

Testing and Validation
https://www.hexordia.com/blog-1-1/unlock-rooting-pixel6a
https://blog.d204n6.com/2020/08/setting-up-testing-lab-of-ios-and.html

Paraben Forensic Innovation Conference
https://pfic-conference.com/

Free Android Training from Belkasoft
https://belkasoft.com/android-forensics-training

Cellebrite Case to Closure Summit and Awards 
https://global-c2c-summit-2024.cventevents.com/event/ec371a30-107d-4ce4-8bad-44e331148339/summary
https://cellebrite.com/en/c2c-summit-digital-justice-awards/

Magnet Virtual Summit/Capture the Flag
https://magnetvirtualsummit.com/
https://magnetvirtualsummit.com/capture-the-flag/

Rabbit R1
https://www.theverge.com/2024/1/9/24030667/rabbit-r1-ai-action-model-price-release-date

AI- Fingerprints Unique or Maybe Not?
https://www.cnn.com/2024/01/12/world/fingerprints-ai-based-study-scn/index.html

Layoffs Due to AI
https://www.theverge.com/2024/1/14/24038397/google-layoffs-just-the-beginning

Hidden Gem in iOS 17
https://www.linkedin.com/posts/luca-cadonici-41299b4b_ios-ipados-passcode-activity-7152770642168160257-VJ7C

Android Auto Reboots
https://www.bleepingcomputer.com/news/security/grapheneos-frequent-android-auto-reboots-block-firmware-exploits/

The LEAPPS
https://github.com/abrignoni

Send us a text

Get ready to navigate the complexities of digital forensics with the latest industry insights, as we shine a light on Cellebrite's recent rebranding journey. From the quirky 'EYE' twist in their new product names to the strategic significance behind the move, we've got it all covered in a dynamic discussion that promises to clarify and critique the changes afoot. Plus, we'll dive into how Cellebrite is contributing to the tireless work of child protection organizations, aligning tech advancements with noble missions.

We will guide you through our thoughts relating to advertising effectiveness in the forensics domain, and why the quality work of forensic professionals trumps any single tool on the market. The art of communication from businesses about their products and the role of technology in boosting company progression is key.       

The conversation turns to the exciting potential of recent password recovery innovations from Arsenal Recon's Password Sledgehammer and new support for location based and messaging applications in the LEAPPs!

As we wrap up, the discussion turns to the thrilling possibilities of Android device analysis and the ever-evolving policies of giants like Google. We're not just talking about the next big thing; we're living it, breathing it, and sharing our experiences with you. So plug in, turn up the volume, and prepare for an episode that’s as informative as it is engaging.

Notes:

Operation Find Them All-
https://abcnews-go-com.cdn.ampproject.org/c/s/abcnews.go.com/amp/Business/wireStory/cellebrite-donates-ai-investigative-tools-nonprofits-find-missing-106321858

Magnet Forensics Acquires High Peaks Cyber-
https://forensicfocus.com/news/magnet-forensics-acquires-high-peaks-cyber-further-bolstering-the-magnet-graykey-labs-research-team/

Arsenal Password Sledgehammer-
https://arsenalrecon.com/products/arsenal-image-mounter/downloads

Life360 Stark4N6-
https://www.stark4n6.com/

Analysis of Android Settings During a Forensic Investigation-
https://blog.digital-forensics.it/2024/01/analysis-of-android-settings-during.html

Google Location Data News!-
https://www.forbes.com/sites/cyrusfarivar/2023/12/14/google-just-killed-geofence-warrants-police-location-data/?sh=245f8f422c86

https://www.washingtonpost.com/technology/2023/12/14/google-maps-location-history/

Send us a text

Ever found yourself piecing together a complex jigsaw puzzle of digital evidence? That's precisely the journey we invite you to embark on in our latest episode packed with tools, tales, and tech. We're not just talking shop; we're handing you the magnifying glass to examine the intricacies of JSON files with JSON CRACK, and introducing a  python tool to automate investigations involving Google Drive File Stream artifacts, DriveFS-sleuth.

This episode is a testament to the craft of digital forensics, featuring a blog from Mattia at Zena Forensics that aides in answering the question, "Has the user ever used the XYZ application?".  As we unpack the nuances of reverse engineering and celebrate the updates to Hexordia's Evanole, we're reminded that the heart of digital forensics beats to the rhythm of relentless inquiry and meticulous method. 

We delve into the advanced research and exploitation methodologies With Magnet GrayKey Labs and converse about the importance of these capabilities as well as validation. This is coupled with a live demonstration involving SEGB files and the data that can be overlooked without research and the validation of multiple tools.

Raise your glasses—here's to the exuberant spirit of learning and the relentless pursuit of truth that defines our community.  So, are you ready to elevate your understanding of the digital landscape and smash those New Year's resolutions? Join us, and let's make 2024 a year of 4K clarity—in forensics and beyond!

Notes:

JSON Crack-
https://jsoncrack.com/

DriveFS Sleuth — Your Ultimate Google Drive File Stream Investigator!
https://amgedwageh.medium.com/drivefs-sleuth-investigating-google-drive-file-streams-disk-artifacts-0b5ea637c980https://github.com/AmgdGocha/DriveFS-Sleuth

Advanced Research and Exploitation Methodologies With Magnet GRAYKEY Labs
https://www.magnetforensics.com/blog/advanced-research-and-exploitation-methodologies-with-magnet-graykey-labs/

Has the user ever used the XYZ application?
https://blog.digital-forensics.it/2023/12/has-user-ever-used-xyz-application-aka.html

Evanole New Year Reveal! 
https://www.hexordia.com/evanolece