Read More Black Bag Technologies have released the latest version of Mac Quisition: 2018 R1.Oxygen Forensics have teamed up with Project VIC to help fight child exploitation.
AXIOM 1.2.3, the latest version of Magnet's popular solution, now includes improved smartphone acquisition features.
Magnet Forensics have released a white paper on Windows password cracking.
This includes, but is not limited to, the Security & Intelligence products. Magnet Forensics Founder and CTO, Jad Saliba, and Jamie Mc Quaid, our Forensics Consultant, have made it clear how fundamental these elements are to an investigation.
The Nuix S&I products augment the entire Nuix product line, extending their coverage over client issues, and providing the ‘single pane of glass’ to meet the investigative challenges our clients face. They both insist that a tool box approach is the only “right” way to investigate evidence and achieve these results.
Even in digital forensics there are several projects, so I get to move from topic to topic.
Friday, I gave a 5 year review of our digital forensics program to NIST management, helped a fellow manager in the Applied Security Division create a vacancy announcement, and spent some time reading about about new approaches to software assurance.Read More Recently we received a good question from one of our DFIR mates: “How can one detect backdating of the system clock forensicating mac OS? This is a really good question, at least for us, so we decided to research it.If we are talking about Windows system clock backdating there are a lot of information to help, for example, this SANS white paper by Xiaoxi Fan, but there is nothing about mac OS.As in other storage devices, volatile memory also has several formats. According to (Ligh et al, 2018) these raw file formatted memory dumps do not contain headers, metadata, or magic values.According to the acquisition method that is in use, the captured file format can be vary. Read More The Magnet User Summit Series is back, and it’s coming to more cities this year!Let’s start from mac OS timestamps as they are very interesting and have a lot of evidentiary value.