Digital Forensics Now

Send us a textJoin us for a holiday-themed episode of Digital Forensics Now, where we blend expert insights with personal stories from the field of digital forensics.This episode delves into cutting-edge tools and techniques for digital forensics. Explore insights from Arsenal on advanced methods for analyzing swap space and memory files. We also share experiences with the Samsung Secure Health Data Parser, highlighting the challenges of decrypting health databases and the critical role of UFED in overcoming them. Don’t miss an in-depth look at the remarkable features of ArtEX, showcasing its value to examiners. Additionally, we introduce the LEAPPS Artifact Viewer App (LAVA), a groundbreaking tool unveiled at the Cyber Social Hub conference. We discuss the vital role of forensic experts in legal proceedings, from the importance of meticulous validation to the risks of mishandling evidence. Real-world cases and a controversial court rulings that highlight why expert testimony remains essential in interpreting digital artifacts.We close with gratitude to our listeners and warm holiday wishes. Stay tuned on social media for updates on our next live session after the holidays.Notes:Working with 010 Hex-Editor https://www.youtube.com/playlist?list=PLCS2zI95IiNwheFCTaUEytA1GT0mNOOdn Arsenal Releases a New Tool! https://arsenalrecon.com/additional-products Samsung Secure Health Data Parser - A Forensic Tool for Parsing & Analyzing Samsung Secure Health Databases https://github.com/breakpointforensics/Samsung-Secure-Health-Data-Parser-/tree/main ArtEx Artifact Examiner <br>https://www.doubleblak.com/app.php?id=ArtEx2 Why the Manual Preview/Screenshots May Not Hold Up in Court https://www.forbes.com/sites/larsdaniel/2024/11/13/think-that-screenshot-is-proof-heres-why-it-might-not-hold-up-in-court/  https://www.forbes.com/sites/larsdaniel/2024/12/06/smartphone-forensics-and-fake-texts-how-are-courts-responding/ What's New with the LEAPPS!? Google Keep Notes <br>https://charpy4n6.blogspot.com/2024/12/google-keep-notes.html Signup for Updates! leapps.org 

Send us a textThe latest episode of Digital Forensics Now kicks off with lighthearted banter about Heather's newfound fame in commercials, bringing a fun and relatable start to a tech-heavy discussion. Following the laughs, the conversation shifts to an invigorating recap of Alexis' recent experience at SANS DFIRCON, featuring interactions with digital forensics luminaries like Brian Maloney and Ian Whiffin. Ian's ArtEx tool, which cleverly maps locations for forensic investigations, also takes center stage as a highlight of the conference. The episode weaves in personal reflections, including a scenic family train ride from Orlando to Miami and the implementation of a Python artifact exercise during a teaching session.The journey continues with a vibrant detour to the Tanganyika Wildlife Park in Kansas, where the usual birthday horseback riding tradition was replaced with unforgettable encounters like swimming with penguins, feeding giraffes, and snapping selfies with lemurs. These charming moments with nature set a refreshing tone before diving back into the tech world.In the realm of digital forensics, the episode explores reverse engineering iOS 18, discusses the brief availability of BitLocker support in FTK Imager, and examines the evolving landscape of BFU (Before First Unlock) data extraction in law enforcement. The hosts delve deep into the complexities of digital forensics tools, translating technical data structures into accessible insights while emphasizing the importance of a strong digital evidence strategy. Topics include advancements in the LEAPP Parsers, the innovative Lava Viewer, and the latest developments in Blue Sky data structures, offering a comprehensive look at the tools shaping the field.The episode wraps up with an open invitation for listeners to connect on social platforms, share their thoughts, and showcase innovative projects within the community, fostering a collaborative and forward-thinking space for digital forensics enthusiasts.NotesiOS Devices Rebooting Continuedhttps://naehrdine.blogspot.com/2024/11/reverse-engineering-ios-18-inactivity.htmlSamsung Secure Health Data Parser https://breakpointforensics.com/2024/11/06/samsung-secure-health-data-parser-a-forensic-tool-for-parsing-analyzing-samsung-secure-health-databases/https://github.com/breakpointforensics/Samsung-Secure-Health-Data-Parser-/tree/mainMobile Forensics Data Structures: Extracting and Analyzing Data with Free Toolshttps://www.hexordia.com/blog/mobile-forensics-data-structuresGAMEPLANS: A template for robust digital evidence strategy developmenthttps://onlinelibrary.wiley.com/doi/10.1111/1556-4029.15655Digital Evidence Enhancing public safety using digital investigative technologieshttps://majorcitieschiefs.com/wp-content/uploads/2024/10/MCCA-Digital-Evidence-White-Paper-_-Oct-2024.pdfImportance of BFU Partial Filesystem Extractions!https://www.linkedin.com/posts/1carl-lawrence_dfir-polcing-digitalforensics-activity-7264179600631468034-FHGhSumuri Gives Back 2024https://sumuri.com/sumuri-gives-back-2024/

Send us a textJoin us on the Digital Forensics Now podcast as we explore the details of the iOS 18 inactivity reboot issue with mobile forensics expert Christopher Vance from Magnet Forensics. Chris traces the origins of this challenge back to iOS 17 and explains how unified logs play a key role in diagnosing these system memory resets. This episode is packed with valuable insights for anyone interested in the inner workings of iOS devices and the unique considerations they present in digital forensics.We also discuss device security and data preservation, focusing on iOS devices. Examining the balance between law enforcement’s need for data access and Apple’s privacy measures, we highlight the importance of extracting the data from devices quickly to prevent data loss. Our conversation covers the legal complexities, jurisdictional nuances, and the demand for data preservation tools to address these challenges effectively.We explore recent developments in mobile technology, specifically Android 15's "Private Space" feature and how it will effect the digital forensic community workflow. With insights from industry experts, this episode is full of essential updates tailored for digital forensics professionals looking to stay current.Notes:iOS Devices Rebootinghttps://www.magnetforensics.com/blog/understanding-the-security-impacts-of-ios-18s-inactivity-reboot/5 iOS forensics evidence sources to capture before they expirehttps://www.magnetforensics.com/blog/ios-forensics-evidence-sources-to-capture-before-they-expireMac and iOS Forensic Analysis and Incident Response Posterhttps://www.sans.org/posters/macos-ios-forensic-analysis/

Send us a textCould AI in forensic analysis be more of a liability than an asset? Join us as we explore this pressing concern. We kick off this episode with an important update for those dealing with Android extractions. Recent changes to the Android OS and Google Play Store might be causing the Keystore (secrets.json) file to either miss data or not be extracted at all. This brings attention to the vital role decryption keys play in accessing data from mobile devices.Next, we dive into advancements in forensic tools like MSAB’s new RAM analyzer for XRY Pro users. For iOS investigators, if you’re working with Cache.sqlite data, you’ll want to check out iCatch, a tool designed to map the data efficiently and streamline your workflow.Shifting to the role of AI, we examine a recent legal case that highlights the dangers of relying on AI-generated results without proper verification. Accuracy and repeatability are key, and our discussion focuses on the ethical implications of using AI in forensic investigations. We emphasize the importance of thoroughly validating AI tools to maintain trust in the legal process.Notes: Updated Telegram Policyhttps://www.linkedin.com/posts/luca-cadonici-41299b4b_policy-telegram-cybersecurity-activity-7244258209979334656-AxPlhttps://telegram.org/privacy#8-3-law-enforcement-authoritiesMSAB RAMalyzerhttps://www.youtube.com/watch?v=1SEgSYSF03AExpert witness used Copilot to make up fake damages, irking judgehttps://arstechnica.com/tech-policy/2024/10/judge-confronts-expert-witness-who-used-copilot-to-fake-expertise/https://law.justia.com/cases/new-york/other-courts/2024/2024-ny-slip-op-24258.htmliCATCHhttps://github.com/AXYS-Cyber/iCATCH

Send us a textJoin us as we discuss the latest blogs and training opportunities available to keep you at the forefront of digital forensics.We’ll then dive into the release of iOS 18 and its impact on digital forensic investigations. Beyond tools and gadgets, we'll explore the shift towards cloud-based evidence storage, weighing its benefits and security challenges against traditional air-gapped networks.Whether you're a seasoned professional or just beginning your journey, this episode offers a mix of education, entertainment, and a sense of community, all with a dash of geek culture fun.Notes:-Triple Trouble. iOS 16, Android 14, and iOS 17 Images Now Available!https://thebinaryhick.blog/2024/09/14/triple-trouble-ios-16-android-14-and-ios-17-images-now-available/-A First Look at iOS 18 Forensicshttps://blog.digital-forensics.it/2024/09/a-first-look-at-ios-18.htmlhttps://www.magnetforensics.com/blog/a-look-into-ios-18s-changes/-New iOS Feature - Brian Krebs Linkedin Posthttps://support.apple.com/guide/iphone/request-give-remote-control-a-facetime-call-iph5d70f34a3/ios-macOS 15 (Sequoia): What Forensic Examiners Need to Knowhttps://www.linkedin.com/pulse/macos-15-sequoia-what-forensic-examiners-need-know-sumuriforensics-ohbrc/-25th Anniversary of Parabenhttps://l.paraben.com/25-year-anniversary-3005-Oxygen 2024 International User Summithttps://oxygenforensics.com/en/user-summit-2024/-When is an app not an app? Investigating WebAPKs on Androidhttps://www.cclsolutionsgroup.com/post/when-is-an-app-not-an-app-investigating-webapks-on-android-mr. eerie Bloghttps://mreerie.com/2024/09/30/exploring-ufade-to-extract-data-from-ios-devices/-Learn With Hexordia Launchhttps://learn.hexordia.com-Noel Lowdon-Vehicle Systems Forensicshttps://www.linkedin.com/in/noel-lowdon-74685769/-Not Scary Binaryhttps://us02web.zoom.us/webinar/register/WN_8G0VMawERVO-kpaDJbE2Ww#/registration-Marco Neumann added Withings HealthMate on iOS (iLEAPP)https://bebinary4n6.blogspot.com/2024/09/withings-healthmate-on-ios.html

Send us a textRecognizing excellence is key in our community, and we spotlight the SANS Difference Maker Awards and Cellebrite Summit Digital Justice Awards. Discover why it’s crucial to nominate your peers and learn about the newly opened registration for IACIS 2025 training classes, featuring must-attend courses like Advanced Mobile Device Forensics. While highlighting a recent article by Brett Shavers, we stress the significance of continuous education and community acknowledgment in helping digital forensics professionals grow and excel.Our conversation delves into the technical challenges of iOS Telegram data analysis and the development of tools like Kathryn Hedley's Parse USBs script. We shed light on the importance of peer reviews and cognitive bias in forensics. This episode is a deep dive into the intricacies of digital forensics, education, and the community that drives it forward.Notes:SANS Difference Maker Awards https://www.sans.org/about/awards/difference-makers/Cellebrite Summit Digital Justice awardshttps://cellebrite.com/en/c2c-summit-digital-justice-awards/IACIS 2025 Traininghttps://iacis.com/training/Belkasoft - iOS Telegram Acquisition and Database Analysis https://belkasoft.com/ios-telegram-forensics-acquisition-and-database-analysisKathryn Hedley parseusbs scripthttps://www.khyrenz.com/post/automated-usb-artefact-parsing-from-the-registryhttps://github.com/khyrenz/parseusbsCracking OneDrives Personal Vault -Brian Maloneyhttps://malwaremaloney.blogspot.com/2024/09/cracking-onedrives-personal-vault.htmlhttps://github.com/Beercow/Personal-Vault-BEKBrett Shavers New Article - Today, today I ranthttps://www.linkedin.com/pulse/today-i-rant-dfir-training-brett-shavers--pij4c/Lionel Notari Logs of the Weekhttps://www.ios-unifiedlogs.com/unifiedlogoftheweek

Send us a textWhat's the real impact of AI on law enforcement documentation? Can digital forensics tools truly revolutionize our investigative processes? These are just some of the provocative questions we tackle in our season two premiere of Digital Forensics Now! Join us as we celebrate our one-year anniversary with reflections on the past year, exciting updates, and plans for the future. The episode takes a deep dive into the ethical and practical implications of AI in law enforcement, sparked by a recent AP News article on police officers using AI chatbots for writing crime reports. We express our skepticism about AI's accuracy and discuss the vital need for human oversight. Examining AI’s influence on officers' recollection of events, this episode scrutinizes the potential pitfalls and ethical concerns associated with AI in policing. We also humorously critique some AI-generated descriptions of our podcast, shedding light on AI's current limitations and biases.Don't forget to vote for your favorite difference makers with the SANS Difference Maker Awards!In the latter part of the show, we shine a spotlight on Recuperabit, a forensic file system reconstruction tool, and Lionel Notari's invaluable contributions on iOS log files. We tackle the challenges of modifying third-party tools and discuss the broader ethical concerns of reverse engineering. As we wrap up, we celebrate our anniversary by announcing the winners of our prize draw and featuring the "Meme of the Week," which humorously highlights the financial struggles in our field. Tune in for an informative and engaging episode!Notes-Local Storage and Session Storage in Mozilla FireFox Part 1https://www.cclsolutionsgroup.com/post/local-storage-and-session-storage-in-mozilla-firefox-part-1SANS Difference Maker Awardshttps://www.sans.org/about/awards/difference-makers/Police officers are starting to use AI chatbots to write crime reports. Will they hold up in court?https://apnews.com/article/ai-writes-police-reports-axon-body-cameras-chatgpt-a24d1502b53faae4be0dac069243f418Magnet Forensics acquires Medex Forensicshttps://www.magnetforensics.com/news/magnet-forensics-acquires-medex-forensics-strengthening-video-evidence-integrity-with-detection-of-deepfakes-and-generative-ai/RecuperaBit Forensic File System Reconstructionhttps://www.forensicfocus.com/interviews/andrea-lazzarotto-digital-forensics-consultant-and-developer/https://github.com/Lazza/RecuperaBitThe Logs of the Weekhttps://www.ios-unifiedlogs.com/unifiedlogoftheweek

Send us a text(THIS IS WHAT AN AI GENERATED DESCRIPTION WITH NO HUMAN CORRECTIONS WILL PROVIDE FOR YOU! SO NATURALLY WE HAD TO KEEP IT HAHA!)What happens when a digital forensics expert sets up a podcast studio in a cupboard under the stairs and a co-host becomes a modern-day Snow White with her Bird Buddy camera? You get a lively and engaging episode of the Digital Forensics Now podcast! Alexis Brignoni, aka Briggs, and Heather Charpentier kick off this special episode with humor and camaraderie, sharing personal anecdotes and giving shout outs to their devoted listeners like Adam and Kevin. Plus, we nod to fellow podcaster Justin Tolman for his enlightening episodes on forensic technology, including a riveting discussion on AI and legal standards with Brandon Epstein.Ever wondered how driving on the opposite side of the road or discovering local flavors like Vegemite could become part of a professional journey? This episode takes you on an entertaining trip to New Zealand, where Alexis recounts his experiences teaching at a New Zealand Customs event alongside experts like Jung Son and Mario Merendon. From navigating tiny light switches to marveling at Auckland’s architectural wonders, this chapter is filled with both professional insights and delightful cultural encounters. The rooftop bar with waist-high glass bumps offering views into the train station below is a highlight not to be missed!For our tech-savvy listeners, we dive deep into the world of digital forensics tools and training. We discuss the significance of volunteering for IACIS, troubleshoot  Magnet Axiom software, and outline upcoming training events like the SANS Community Learning Day in Miami. We also explore the practicalities of running Python scripts, showcasing a new tool called Mister Skinnylegs, caution against over-reliance on AI, and stress the importance of fundamental knowledge in digital forensics. From iOS tool updates and Metadata Forensics to sourcing forensic-related blogs, this episode is packed with valuable insights to enhance your forensic expertise.Notes:DFIRCON xLEAPPhttps://www.sans.org/mlp/dfircon-miami-agenda/CCL Solutions Group - Mister Skinnylegshttps://github.com/cclgroupltd/mister-skinnylegsiOS 17- The “Forever” Setting That Isn’t… Or Is It?https://smarterforensics.com/2024/08/ios-17-the-forever-setting-that-isnt-or-is-it/Identity Lookup Servicehttps://djangofaiola.blogspot.com/2024/08/identity-lookup-service.html

Send us a textWelcome back to another episode of the Digital Forensics Now podcast! In this episode, we explore the critical need for continuous learning in the field, discuss fascinating forensic tools, showcase UFADE with its new chat capture feature, and engage in a spirited debate on the value of certifications. Get ready to expand your knowledge and stay at the forefront of this ever-evolving industry.We begin by discussing the intricacies of unconscious and conscious incompetence as outlined in Brett Shavers new article. The episode continues with a detailed demonstration of UFADE, created by Christian Peter highlighting its user-friendly interface and the new chat capture feature. The hosts walk you through the tool's capabilities, showcasing its accessibility and usefulness in digital forensics investigations. From breaking Windows logon passwords using a Raspberry Pi Zero W to exploring the distinction between exploratory and explanatory data analysis, this segment offers a wealth of knowledge and practical insights. We also touch on the value of certifications, sparking a lively debate that challenges conventional wisdom and invites listeners to question the true measure of expertise in the tech industry. Get ready to be engaged in this thought-provoking episode.Notes-DFIR Competence: Are you Truly Skilled or Just Fooling Yourself?https://www.dfir.training/blog/dfir-competence-are-you-truly-skilled-or-just-fooling-yourselfOxygen Forensics Call for Speakers at the 2024 International User Summithttps://oxygenforensics.com/en/call-for-speakers-user-summit/UFADE Updateshttps://github.com/prosch88/UFADEP4WNP1 Buildhttps://lush-seeder-8ab.notion.site/P4WNP1-Build-54ffcdbe7cdf4e74b47861e9bd80f857SANS Webcast Serieshttps://www.sans.org/webcasts/demystifying-data-conversion-binary-hexadecimal-decimal-ascii/Bitlocker on by Default Windows 11https://www.tomshardware.com/software/windows/windows-11-24h2-will-enable-bitlocker-encryption-for-everyone-happens-on-both-clean-installs-and-reinstallsChatGPT https://www.sciencedirect.com/science/article/pii/S2666281724001252?dgcid=author

Send us a textJoin us as we recount our recent travels to Argentina and the Techno Security & Digital Forensics conference. We'll share the highlights of our trips before diving into the core content.What could possibly go wrong with a feature designed for user convenience? We'll scrutinize Microsoft's controversial "Recall" feature, exploring its significant privacy concerns and implications for digital forensics. From unencrypted data to automatic opt-ins, we speculate on the potential user backlash. We'll also dive into the latest tech updates, including CCL Solutions Group's enhancements to the Rabbit Hole tool and how these advancements can revolutionize data analysis processes.Discover the capabilities of VFC from MD5 and the latest tools for examining data from platforms like Snapchat and Facebook. We'll introduce new and updated blogs, innovative Python scripts, and the latest additions to the LEAPPS in this packed episode. Stick around for an insightful discussion and a sneak peek at what's coming in future episodes.Notes- Rabbit Hole Updates and SQLite Blog/Cheatsheethttps://vimeo.com/948752153https://www.cclsolutionsgroup.com/post/time-travelling-with-sqlite-journals-and-walhttps://vimeo.com/953570512https://cdn.prod.website-files.com/5f02f2c93eab87a6ea84e2f3/665ed5e6ec5ef877d9d74dd2_sqlite-journal-cheatsheet.pdfCopilot+ Recall disaster & Forensic Applications of Microsoft Recall https://doublepulsar.com/recall-stealing-everything-youve-ever-typed-or-viewed-on-your-own-windows-pc-is-now-possible-da3e12e9465ehttps://cybercx.com.au/blog/forensic-applications-of-microsoft-recall/Rising Star Jeremy McBroomhttps://yeahihaveaquestion.com/Analysis of Browser Artefacts from File Sharing Serviceshttps://us5.campaign-archive.com/?u=a5a2a1131e612711f02b96e2c&id=9555c3f865https://github.com/cclgroupltd/ccl_chromium_readerSQLite Freelist Page Checkerhttps://github.com/SpyderForensics/SQLite_ForensicsForensics StartMe Pagehttps://start.me/p/q6mw4Q/forensics?locale=en