by CIRT Team
WhatsApp in Plain Sight: Forensic Artifacts [group-ib]
If you are keen to know what kinds of forensic WhatsApp artifacts exist in different operating systems and where exactly they can be found, you have come to the right place. This post is focused on WhatsApp forensics and what data can be obtained from a device during forensic analysis. We should note at the outset that operating systems differ in the types of artifacts...
Read More
by CIRT Team
WHAT IS FACIAL RECOGNITION [oxygen-forensic]
Facial recognition systems are bio-metric technologies capable of identifying or verifying a person from a digital image or a video frame from a video source. Facial recognition can identify a person by analyzing patterns based on the person’s facial textures and shape. Facial recognition is said to be started in the 60s when Woodrow Wilson Bledsoe, one of the founders of artificial intelligence, manually classified faces...
Read More
by CIRT Team
Extracting And Analyzing Messenger Data With Oxygen Forensic [forensicfocus]
It‘s a great pleasure to share my experience of working with Oxygen Forensic Detective, which was a crucial tool in solving one of my cases. A father of a minor girl contacted me, worried his daughter was in suspicious society and probably had been consuming marijuana. His wife accidentally found traces of a substance which looked and smelled like marijuana in his daughter‘s clothes and...
Read More
by CIRT Team
Copying v Dragging a file to an OS X Disk Image [source: ThinkDFIR]
Had a need to do some quick testing on different operations on OS X 10.10.5 (Yosemite) and thought I’d share. Created a new disk image, and then copied an existing file into it. Then created a new file, and dragged that into the disk image. Here is what we may found! Action Plan Copy Existing File I had a file which had some text in...
Read More
by CIRT Team
Apple iPhone “Significant Locations” [source: prodigital4n6]
Where & What Are “Significant Locations” The first step is to identify where and what “Significant Locations” are. The artifact is available to view on the device at Settings>Privacy>Location Services>System Services>Significant Locations. If location services are turned OFF, the significant locations data will not be logged and therefore unavailable. Interestingly, to access Significant Locations on the device, the passcode or Touch ID must be...
Read More
by CIRT Team
DATA RECOVERY AFTER RANSOMWARE THAT ENCRYPTS FILES [source: digitalforensics]
The problem of data recovery after ransomware that encrypts files has increased, with more and more cases recently. Help in these cases is not a trivial task. Let’s consider some sides of this problem. Ransomware usually encrypts the most-used data such as photos, videos, office files, databases, etс. Ransomwares can give different extensions to encrypted data; they are considered as a same mechanism that uses...
Read More
