Our latest artifact update for IEF includes support for native Android applications. As the mobile market continues to narrow-in on two primary operating systems – Android and iOS – it’s becoming increasingly important for investigators to recover data from these built-in system apps. In February, we added support for a similar set of native iOS … Continued
Recently, we released a new free tool that allows investigators to acquire the memory of a live PC. Customers using our IEF Triage module will already be familiar with this tool, as it’s used to acquire evidence from live systems. In realizing that others could benefit from our RAM capture tool, we decided to release … Continued
By: Jad Saliba, Founder & CTO of Magnet Forensics It’s not an issue many like to talk about, or perhaps even know about. But child sex slavery is one of the fastest growing criminal enterprises in the world. A perverse industry that preys on the poor, especially in economically disadvantaged countries, this kind of exploitation … Continued
This is the third blog post in a series of three about using IEF and Cellebrite to get more mobile evidence for your digital forensics investigations. In my previous blog post in this series, I explained how to find more mobile evidence on Android devices using IEF and Cellebrite. Today, we’ll walk through the same steps … Continued
This is the fifth and final blog post in a series about recovering Business Applications & OS Artifacts for your digital forensics investigations. What are Shellbags? While shellbags have been available since Windows XP, they have only recently become a popular artifact as examiners are beginning to realize their potential value to an investigation. Shellbags … Continued
This is the fourth blog post in a series of five about recovering Business Applications & OS Artifacts for your digital forensics investigations. What are prefetch files? Prefetch files are great artifacts for forensic investigators trying to analyze applications that have been run on a system. Windows creates a prefetch file when an application is … Continued
This is the third blog post in a series of five about recovering Business Applications & OS Artifacts for your digital forensics investigations. What are LNK files? LNK files are a relatively simple but valuable artifact for the forensics investigator. Shortcut files link to an application or file commonly found on a user’s desktop or … Continued
HERE’S OUR GUIDE TO FINDING IMPORTANT BUSINESS APPLICATIONS & OS ARTIFACTS FOR YOUR DIGITAL FORENSICS INVESTIGATIONS! Sometimes when conducting digital forensics examinations, investigators can lose sight of the fact that they’re investigating the actions of a person, not a computer. Almost every event or action on a system is the result of a user either … Continued
As of January 2013, Apple announced it had sold over 500 million iOS devices. While iOS seems to be the leading operating system for tablets worldwide, Android continues to be the leading operating system for mobile phones worldwide. Regardless of the statistics, if you are an active forensic examiner, chances are very high you will … Continued
I recently attended CEIC in Orlando, Florida and had the opportunity to meet David Cowen from G-C Partners, LLC. It was great to finally put a face to a name that I have known for a while through his blog and books. I have a huge interest in file system forensics, so I have been following his Tri-Force blog posts and … Continued
