This is the third blog post in a series of three about using IEF and Cellebrite to get more mobile evidence for your digital forensics investigations. In my previous blog post in this series, I explained how to find more mobile evidence on Android devices using IEF and Cellebrite. Today, we’ll walk through the same steps … Continued
This is the fifth and final blog post in a series about recovering Business Applications & OS Artifacts for your digital forensics investigations. What are Shellbags? While shellbags have been available since Windows XP, they have only recently become a popular artifact as examiners are beginning to realize their potential value to an investigation. In … Continued
This is the fourth blog post in a series of five about recovering Business Applications & OS Artifacts for your digital forensics investigations. What are Prefetch Files? Prefetch files are great artifacts for forensic investigators trying to analyze applications that have been run on a system. Windows creates a prefetch file when an application is … Continued
This is the third blog post in a series of five about recovering Business Applications & OS Artifacts for your digital forensics investigations. What are LNK Files? LNK files are a relatively simple but valuable artifact for the forensics investigator. They are shortcut files that link to an application or file commonly found on a … Continued
HERE’S OUR GUIDE TO FINDING IMPORTANT BUSINESS APPLICATIONS & OS ARTIFACTS FOR YOUR DIGITAL FORENSICS INVESTIGATIONS! Sometimes when conducting digital forensics examinations, investigators can lose sight of the fact that they’re investigating the actions of a person, not a computer. Almost every event or action on a system is the result of a user either … Continued
As of January 2013, Apple announced it had sold over 500 million iOS devices. While iOS seems to be the leading operating system for tablets worldwide, Android continues to be the leading operating system for mobile phones worldwide. Regardless of the statistics, if you are an active forensic examiner, chances are very high you will … Continued
I recently attended CEIC in Orlando, Florida and had the opportunity to meet David Cowen from G-C Partners, LLC. It was great to finally put a face to a name that I have known for a while through his blog and books. I have a huge interest in file system forensics, so I have been following his Tri-Force blog posts and … Continued
INTERNET EVIDENCE FINDER (IEF) has been recommended in a report published by the NIJ Electronic Crime Technology Center of Excellence. The report provides a review of the software, walking through IEF’s special features, and includes detailed results of product testing that was conducted as a part of the evaluation. Report Findings The report finds that … Continued
