Join us on the Digital Forensics Now podcast as we explore the details of the iOS 18 inactivity reboot issue with mobile forensics expert Christopher Vance from Magnet Forensics. Chris traces the origins of this challenge back to iOS 17 and explains how unified logs play a key role in diagnosing these system memory resets. This episode is packed with valuable insights for anyone interested in the inner workings of iOS devices and the unique considerations they present in digital forensics.
We also discuss device security and data preservation, focusing on iOS devices. Examining the balance between law enforcement’s need for data access and Apple’s privacy measures, we highlight the importance of extracting the data from devices quickly to prevent data loss. Our conversation covers the legal complexities, jurisdictional nuances, and the demand for data preservation tools to address these challenges effectively.
We explore recent developments in mobile technology, specifically Android 15's "Private Space" feature and how it will effect the digital forensic community workflow.
With insights from industry experts, this episode is full of essential updates tailored for digital forensics professionals looking to stay current.
Notes:
iOS Devices Rebooting
https://www.magnetforensics.com/blog/understanding-the-security-impacts-of-ios-18s-inactivity-reboot/
5 iOS forensics evidence sources to capture before they expire
https://www.magnetforensics.com/blog/ios-forensics-evidence-sources-to-capture-before-they-expire
Mac and iOS Forensic Analysis and Incident Response Poster
https://www.sans.org/posters/macos-ios-forensic-analysis/
Thursday, November 14, 2024
Thursday, October 17, 2024
AI in Court: Testimony or Tech-tastrophe?
Could AI in forensic analysis be more of a liability than an asset? Join us as we explore this pressing concern.
We kick off this episode with an important update for those dealing with Android extractions. Recent changes to the Android OS and Google Play Store might be causing the Keystore (secrets.json) file to either miss data or not be extracted at all. This brings attention to the vital role decryption keys play in accessing data from mobile devices.
Next, we dive into advancements in forensic tools like MSAB’s new RAM analyzer for XRY Pro users.
For iOS investigators, if you’re working with Cache.sqlite data, you’ll want to check out iCatch, a tool designed to map the data efficiently and streamline your workflow.
Shifting to the role of AI, we examine a recent legal case that highlights the dangers of relying on AI-generated results without proper verification. Accuracy and repeatability are key, and our discussion focuses on the ethical implications of using AI in forensic investigations. We emphasize the importance of thoroughly validating AI tools to maintain trust in the legal process.
Notes:
Updated Telegram Policy
https://www.linkedin.com/posts/luca-cadonici-41299b4b_policy-telegram-cybersecurity-activity-7244258209979334656-AxPl
https://telegram.org/privacy#8-3-law-enforcement-authorities
MSAB RAMalyzer
https://www.youtube.com/watch?v=1SEgSYSF03A
Expert witness used Copilot to make up fake damages, irking judge
https://arstechnica.com/tech-policy/2024/10/judge-confronts-expert-witness-who-used-copilot-to-fake-expertise/
https://law.justia.com/cases/new-york/other-courts/2024/2024-ny-slip-op-24258.html
iCATCH
https://github.com/AXYS-Cyber/iCATCH
We kick off this episode with an important update for those dealing with Android extractions. Recent changes to the Android OS and Google Play Store might be causing the Keystore (secrets.json) file to either miss data or not be extracted at all. This brings attention to the vital role decryption keys play in accessing data from mobile devices.
Next, we dive into advancements in forensic tools like MSAB’s new RAM analyzer for XRY Pro users.
For iOS investigators, if you’re working with Cache.sqlite data, you’ll want to check out iCatch, a tool designed to map the data efficiently and streamline your workflow.
Shifting to the role of AI, we examine a recent legal case that highlights the dangers of relying on AI-generated results without proper verification. Accuracy and repeatability are key, and our discussion focuses on the ethical implications of using AI in forensic investigations. We emphasize the importance of thoroughly validating AI tools to maintain trust in the legal process.
Notes:
Updated Telegram Policy
https://www.linkedin.com/posts/luca-cadonici-41299b4b_policy-telegram-cybersecurity-activity-7244258209979334656-AxPl
https://telegram.org/privacy#8-3-law-enforcement-authorities
MSAB RAMalyzer
https://www.youtube.com/watch?v=1SEgSYSF03A
Expert witness used Copilot to make up fake damages, irking judge
https://arstechnica.com/tech-policy/2024/10/judge-confronts-expert-witness-who-used-copilot-to-fake-expertise/
https://law.justia.com/cases/new-york/other-courts/2024/2024-ny-slip-op-24258.html
iCATCH
https://github.com/AXYS-Cyber/iCATCH
Thursday, October 3, 2024
Awareness Unlocks Discovery: Knowing It Exists is the First Step to Finding It
Join us as we discuss the latest blogs and training opportunities available to keep you at the forefront of digital forensics.
We’ll then dive into the release of iOS 18 and its impact on digital forensic investigations. Beyond tools and gadgets, we'll explore the shift towards cloud-based evidence storage, weighing its benefits and security challenges against traditional air-gapped networks.
Whether you're a seasoned professional or just beginning your journey, this episode offers a mix of education, entertainment, and a sense of community, all with a dash of geek culture fun.
Notes:
-Triple Trouble. iOS 16, Android 14, and iOS 17 Images Now Available!
https://thebinaryhick.blog/2024/09/14/triple-trouble-ios-16-android-14-and-ios-17-images-now-available/
-A First Look at iOS 18 Forensics
https://blog.digital-forensics.it/2024/09/a-first-look-at-ios-18.html https://www.magnetforensics.com/blog/a-look-into-ios-18s-changes/
-New iOS Feature - Brian Krebs Linkedin Post
https://support.apple.com/guide/iphone/request-give-remote-control-a-facetime-call-iph5d70f34a3/ios
-macOS 15 (Sequoia): What Forensic Examiners Need to Know
https://www.linkedin.com/pulse/macos-15-sequoia-what-forensic-examiners-need-know-sumuriforensics-ohbrc/
-25th Anniversary of Paraben
https://l.paraben.com/25-year-anniversary-3005
-Oxygen 2024 International User Summit
https://oxygenforensics.com/en/user-summit-2024/
-When is an app not an app? Investigating WebAPKs on Android
https://www.cclsolutionsgroup.com/post/when-is-an-app-not-an-app-investigating-webapks-on-android
-mr. eerie Blog
https://mreerie.com/2024/09/30/exploring-ufade-to-extract-data-from-ios-devices/
-Learn With Hexordia Launch
https://learn.hexordia.com
-Noel Lowdon-Vehicle Systems Forensics
https://www.linkedin.com/in/noel-lowdon-74685769/
-Not Scary Binary
https://us02web.zoom.us/webinar/register/WN_8G0VMawERVO-kpaDJbE2Ww#/registration
-Marco Neumann added Withings HealthMate on iOS (iLEAPP)
https://bebinary4n6.blogspot.com/2024/09/withings-healthmate-on-ios.html
We’ll then dive into the release of iOS 18 and its impact on digital forensic investigations. Beyond tools and gadgets, we'll explore the shift towards cloud-based evidence storage, weighing its benefits and security challenges against traditional air-gapped networks.
Whether you're a seasoned professional or just beginning your journey, this episode offers a mix of education, entertainment, and a sense of community, all with a dash of geek culture fun.
Notes:
-Triple Trouble. iOS 16, Android 14, and iOS 17 Images Now Available!
https://thebinaryhick.blog/2024/09/14/triple-trouble-ios-16-android-14-and-ios-17-images-now-available/
-A First Look at iOS 18 Forensics
https://blog.digital-forensics.it/2024/09/a-first-look-at-ios-18.html https://www.magnetforensics.com/blog/a-look-into-ios-18s-changes/
-New iOS Feature - Brian Krebs Linkedin Post
https://support.apple.com/guide/iphone/request-give-remote-control-a-facetime-call-iph5d70f34a3/ios
-macOS 15 (Sequoia): What Forensic Examiners Need to Know
https://www.linkedin.com/pulse/macos-15-sequoia-what-forensic-examiners-need-know-sumuriforensics-ohbrc/
-25th Anniversary of Paraben
https://l.paraben.com/25-year-anniversary-3005
-Oxygen 2024 International User Summit
https://oxygenforensics.com/en/user-summit-2024/
-When is an app not an app? Investigating WebAPKs on Android
https://www.cclsolutionsgroup.com/post/when-is-an-app-not-an-app-investigating-webapks-on-android
-mr. eerie Blog
https://mreerie.com/2024/09/30/exploring-ufade-to-extract-data-from-ios-devices/
-Learn With Hexordia Launch
https://learn.hexordia.com
-Noel Lowdon-Vehicle Systems Forensics
https://www.linkedin.com/in/noel-lowdon-74685769/
-Not Scary Binary
https://us02web.zoom.us/webinar/register/WN_8G0VMawERVO-kpaDJbE2Ww#/registration
-Marco Neumann added Withings HealthMate on iOS (iLEAPP)
https://bebinary4n6.blogspot.com/2024/09/withings-healthmate-on-ios.html
Thursday, September 12, 2024
Balancing Act: Trials, Training, and the Future of Digital Forensics
Recognizing excellence is key in our community, and we spotlight the SANS Difference Maker Awards and Celebrate Summit Digital Justice Awards. Discover why it’s crucial to nominate your peers and learn about the newly opened registration for IACIS 2025 training classes, featuring must-attend courses like Advanced Mobile Device Forensics.
While highlighting a recent article by Brett Shavers, we stress the significance of continuous education and community acknowledgment in helping digital forensics professionals grow and excel.
Our conversation delves into the technical challenges of iOS Telegram data analysis and the development of tools like Kathryn Hedley's Parse USBs script. We shed light on the importance of peer reviews and cognitive bias in forensics. This episode is a deep dive into the intricacies of digital forensics, education, and the community that drives it forward.
Notes:
SANS Difference Maker Awards
https://www.sans.org/about/awards/difference-makers/
Cellebrite Summit Digital Justice Awards
https://cellebrite.com/en/c2c-summit-digital-justice-awards/
IACIS 2025 Training
https://iacis.com/training/
Belkasoft - iOS Telegram Acquisition and Database Analysis
https://belkasoft.com/ios-telegram-forensics-acquisition-and-database-analysis
Kathryn Hedley parseusbs script
https://www.khyrenz.com/post/automated-usb-artefact-parsing-from-the-registry
https://github.com/khyrenz/parseusbs
Cracking OneDrives Personal Vault -Brian Maloney https://malwaremaloney.blogspot.com/2024/09/cracking-onedrives-personal-vault.html
https://github.com/Beercow/Personal-Vault-BEK
Brett Shavers New Article - Today, today I rant
https://www.linkedin.com/pulse/today-i-rant-dfir-training-brett-shavers--pij4c/
Lionel Notari Logs of the Week
https://www.ios-unifiedlogs.com/unifiedlogoftheweek
While highlighting a recent article by Brett Shavers, we stress the significance of continuous education and community acknowledgment in helping digital forensics professionals grow and excel.
Our conversation delves into the technical challenges of iOS Telegram data analysis and the development of tools like Kathryn Hedley's Parse USBs script. We shed light on the importance of peer reviews and cognitive bias in forensics. This episode is a deep dive into the intricacies of digital forensics, education, and the community that drives it forward.
Notes:
SANS Difference Maker Awards
https://www.sans.org/about/awards/difference-makers/
Cellebrite Summit Digital Justice Awards
https://cellebrite.com/en/c2c-summit-digital-justice-awards/
IACIS 2025 Training
https://iacis.com/training/
Belkasoft - iOS Telegram Acquisition and Database Analysis
https://belkasoft.com/ios-telegram-forensics-acquisition-and-database-analysis
Kathryn Hedley parseusbs script
https://www.khyrenz.com/post/automated-usb-artefact-parsing-from-the-registry
https://github.com/khyrenz/parseusbs
Cracking OneDrives Personal Vault -Brian Maloney https://malwaremaloney.blogspot.com/2024/09/cracking-onedrives-personal-vault.html
https://github.com/Beercow/Personal-Vault-BEK
Brett Shavers New Article - Today, today I rant
https://www.linkedin.com/pulse/today-i-rant-dfir-training-brett-shavers--pij4c/
Lionel Notari Logs of the Week
https://www.ios-unifiedlogs.com/unifiedlogoftheweek
Thursday, August 29, 2024
AI as a Report Writing Tool: Accuracy Enhancing or Recollection Poisoning?
What's the real impact of AI on law enforcement documentation? Can digital forensics tools truly revolutionize our investigative processes? These are just some of the provocative questions we tackle in our season two premiere of Digital Forensics Now! Join us as we celebrate our one-year anniversary with reflections on the past year, exciting updates, and plans for the future.
The episode takes a deep dive into the ethical and practical implications of AI in law enforcement, sparked by a recent AP News article on police officers using AI chatbots for writing crime reports. We express our skepticism about AI's accuracy and discuss the vital need for human oversight. Examining AI’s influence on officers' recollection of events, this episode scrutinizes the potential pitfalls and ethical concerns associated with AI in policing. We also humorously critique some AI-generated descriptions of our podcast, shedding light on AI's current limitations and biases.
Don't forget to vote for your favorite difference makers with the SANS Difference Maker Awards!
In the latter part of the show, we shine a spotlight on Recuperabit, a forensic file system reconstruction tool, and Lionel Notari's invaluable contributions on iOS log files. We tackle the challenges of modifying third-party tools and discuss the broader ethical concerns of reverse engineering. As we wrap up, we celebrate our anniversary by announcing the winners of our prize draw and featuring the "Meme of the Week," which humorously highlights the financial struggles in our field. Tune in for an informative and engaging episode!
Notes-
Local Storage and Session Storage in Mozilla FireFox Part 1
https://www.cclsolutionsgroup.com/post/local-storage-and-session-storage-in-mozilla-firefox-part-1
SANS Difference Maker Awards
https://www.sans.org/about/awards/difference-makers/
Police officers are starting to use AI chatbots to write crime reports. Will they hold up in court?
https://apnews.com/article/ai-writes-police-reports-axon-body-cameras-chatgpt-a24d1502b53faae4be0dac069243f418
Magnet Forensics acquires Medex Forensics
https://www.magnetforensics.com/news/magnet-forensics-acquires-medex-forensics-strengthening-video-evidence-integrity-with-detection-of-deepfakes-and-generative-ai/
RecuperaBit Forensic File System Reconstruction
https://www.forensicfocus.com/interviews/andrea-lazzarotto-digital-forensics-consultant-and-developer/ https://github.com/Lazza/RecuperaBit
The Logs of the Week
https://www.ios-unifiedlogs.com/unifiedlogoftheweek
The episode takes a deep dive into the ethical and practical implications of AI in law enforcement, sparked by a recent AP News article on police officers using AI chatbots for writing crime reports. We express our skepticism about AI's accuracy and discuss the vital need for human oversight. Examining AI’s influence on officers' recollection of events, this episode scrutinizes the potential pitfalls and ethical concerns associated with AI in policing. We also humorously critique some AI-generated descriptions of our podcast, shedding light on AI's current limitations and biases.
Don't forget to vote for your favorite difference makers with the SANS Difference Maker Awards!
In the latter part of the show, we shine a spotlight on Recuperabit, a forensic file system reconstruction tool, and Lionel Notari's invaluable contributions on iOS log files. We tackle the challenges of modifying third-party tools and discuss the broader ethical concerns of reverse engineering. As we wrap up, we celebrate our anniversary by announcing the winners of our prize draw and featuring the "Meme of the Week," which humorously highlights the financial struggles in our field. Tune in for an informative and engaging episode!
Notes-
Local Storage and Session Storage in Mozilla FireFox Part 1
https://www.cclsolutionsgroup.com/post/local-storage-and-session-storage-in-mozilla-firefox-part-1
SANS Difference Maker Awards
https://www.sans.org/about/awards/difference-makers/
Police officers are starting to use AI chatbots to write crime reports. Will they hold up in court?
https://apnews.com/article/ai-writes-police-reports-axon-body-cameras-chatgpt-a24d1502b53faae4be0dac069243f418
Magnet Forensics acquires Medex Forensics
https://www.magnetforensics.com/news/magnet-forensics-acquires-medex-forensics-strengthening-video-evidence-integrity-with-detection-of-deepfakes-and-generative-ai/
RecuperaBit Forensic File System Reconstruction
https://www.forensicfocus.com/interviews/andrea-lazzarotto-digital-forensics-consultant-and-developer/ https://github.com/Lazza/RecuperaBit
The Logs of the Week
https://www.ios-unifiedlogs.com/unifiedlogoftheweek
Thursday, August 8, 2024
Bird Cameras and Forensic Insights from New Zealand
(THIS IS WHAT AN AI GENERATED DESCRIPTION WITH NO HUMAN CORRECTIONS WILL PROVIDE FOR YOU! SO NATURALLY WE HAD TO KEEP IT HAHA!)
What happens when a digital forensics expert sets up a podcast studio in a cupboard under the stairs and a co-host becomes a modern-day Snow White with her Bird Buddy camera? You get a lively and engaging episode of the Digital Forensics Now podcast! Alexis Brignoni, aka Briggs, and Heather Charpentier kick off this special episode with humor and camaraderie, sharing personal anecdotes and giving shout outs to their devoted listeners like Adam and Kevin. Plus, we nod to fellow podcaster Justin Tolman for his enlightening episodes on forensic technology, including a riveting discussion on AI and legal standards with Brandon Epstein.
Ever wondered how driving on the opposite side of the road or discovering local flavors like Vegemite could become part of a professional journey? This episode takes you on an entertaining trip to New Zealand, where Alexis recounts his experiences teaching at a New Zealand Customs event alongside experts like Jung Son and Mario Merendon. From navigating tiny light switches to marveling at Auckland’s architectural wonders, this chapter is filled with both professional insights and delightful cultural encounters. The rooftop bar with waist-high glass bumps offering views into the train station below is a highlight not to be missed!
For our tech-savvy listeners, we dive deep into the world of digital forensics tools and training. We discuss the significance of volunteering for IACIS, troubleshoot Magnet Axiom software, and outline upcoming training events like the SANS Community Learning Day in Miami. We also explore the practicalities of running Python scripts, showcasing a new tool called Mister Skinnylegs, caution against over-reliance on AI, and stress the importance of fundamental knowledge in digital forensics. From iOS tool updates and Metadata Forensics to sourcing forensic-related blogs, this episode is packed with valuable insights to enhance your forensic expertise.
Notes:
DFIRCON xLEAPP
https://www.sans.org/mlp/dfircon-miami-agenda/
CCL Solutions Group - Mister Skinnylegs
https://github.com/cclgroupltd/mister-skinnylegs
iOS 17- The “Forever” Setting That Isn’t… Or Is It?
https://smarterforensics.com/2024/08/ios-17-the-forever-setting-that-isnt-or-is-it/
Identity Lookup Service
https://djangofaiola.blogspot.com/2024/08/identity-lookup-service.html
What happens when a digital forensics expert sets up a podcast studio in a cupboard under the stairs and a co-host becomes a modern-day Snow White with her Bird Buddy camera? You get a lively and engaging episode of the Digital Forensics Now podcast! Alexis Brignoni, aka Briggs, and Heather Charpentier kick off this special episode with humor and camaraderie, sharing personal anecdotes and giving shout outs to their devoted listeners like Adam and Kevin. Plus, we nod to fellow podcaster Justin Tolman for his enlightening episodes on forensic technology, including a riveting discussion on AI and legal standards with Brandon Epstein.
Ever wondered how driving on the opposite side of the road or discovering local flavors like Vegemite could become part of a professional journey? This episode takes you on an entertaining trip to New Zealand, where Alexis recounts his experiences teaching at a New Zealand Customs event alongside experts like Jung Son and Mario Merendon. From navigating tiny light switches to marveling at Auckland’s architectural wonders, this chapter is filled with both professional insights and delightful cultural encounters. The rooftop bar with waist-high glass bumps offering views into the train station below is a highlight not to be missed!
For our tech-savvy listeners, we dive deep into the world of digital forensics tools and training. We discuss the significance of volunteering for IACIS, troubleshoot Magnet Axiom software, and outline upcoming training events like the SANS Community Learning Day in Miami. We also explore the practicalities of running Python scripts, showcasing a new tool called Mister Skinnylegs, caution against over-reliance on AI, and stress the importance of fundamental knowledge in digital forensics. From iOS tool updates and Metadata Forensics to sourcing forensic-related blogs, this episode is packed with valuable insights to enhance your forensic expertise.
Notes:
DFIRCON xLEAPP
https://www.sans.org/mlp/dfircon-miami-agenda/
CCL Solutions Group - Mister Skinnylegs
https://github.com/cclgroupltd/mister-skinnylegs
iOS 17- The “Forever” Setting That Isn’t… Or Is It?
https://smarterforensics.com/2024/08/ios-17-the-forever-setting-that-isnt-or-is-it/
Identity Lookup Service
https://djangofaiola.blogspot.com/2024/08/identity-lookup-service.html
Thursday, July 11, 2024
Due Diligence, Password Cracking & New Tool Features
Welcome back to another episode of the Digital Forensics Now podcast! In this episode, we explore the critical need for continuous learning in the field, discuss fascinating forensic tools, showcase UFADE with its new chat capture feature, and engage in a spirited debate on the value of certifications. Get ready to expand your knowledge and stay at the forefront of this ever-evolving industry.
We begin by discussing the intricacies of unconscious and conscious incompetence as outlined in Brett Shavers new article. The episode continues with a detailed demonstration of UFADE, created by Christian Peter highlighting its user-friendly interface and the new chat capture feature. The hosts walk you through the tool's capabilities, showcasing its accessibility and usefulness in digital forensics investigations. From breaking Windows logon passwords using a Raspberry Pi Zero W to exploring the distinction between exploratory and explanatory data analysis, this segment offers a wealth of knowledge and practical insights. We also touch on the value of certifications, sparking a lively debate that challenges conventional wisdom and invites listeners to question the true measure of expertise in the tech industry. Get ready to be engaged in this thought-provoking episode.
Notes-
DFIR Competence: Are you Truly Skilled or Just Fooling Yourself?
https://www.dfir.training/blog/dfir-competence-are-you-truly-skilled-or-just-fooling-yourself
Oxygen Forensics Call for Speakers at the 2024 International User Summit
https://oxygenforensics.com/en/call-for-speakers-user-summit/
UFADE Updates
https://github.com/prosch88/UFADE
P4WNP1 Build
https://lush-seeder-8ab.notion.site/P4WNP1-Build-54ffcdbe7cdf4e74b47861e9bd80f857
SANS Webcast Series
https://www.sans.org/webcasts/demystifying-data-conversion-binary-hexadecimal-decimal-ascii/
Bitlocker on by Default Windows 11
https://www.tomshardware.com/software/windows/windows-11-24h2-will-enable-bitlocker-encryption-for-everyone-happens-on-both-clean-installs-and-reinstalls
ChatGPT
https://www.sciencedirect.com/science/article/pii/S2666281724001252?dgcid=author
We begin by discussing the intricacies of unconscious and conscious incompetence as outlined in Brett Shavers new article. The episode continues with a detailed demonstration of UFADE, created by Christian Peter highlighting its user-friendly interface and the new chat capture feature. The hosts walk you through the tool's capabilities, showcasing its accessibility and usefulness in digital forensics investigations. From breaking Windows logon passwords using a Raspberry Pi Zero W to exploring the distinction between exploratory and explanatory data analysis, this segment offers a wealth of knowledge and practical insights. We also touch on the value of certifications, sparking a lively debate that challenges conventional wisdom and invites listeners to question the true measure of expertise in the tech industry. Get ready to be engaged in this thought-provoking episode.
Notes-
DFIR Competence: Are you Truly Skilled or Just Fooling Yourself?
https://www.dfir.training/blog/dfir-competence-are-you-truly-skilled-or-just-fooling-yourself
Oxygen Forensics Call for Speakers at the 2024 International User Summit
https://oxygenforensics.com/en/call-for-speakers-user-summit/
UFADE Updates
https://github.com/prosch88/UFADE
P4WNP1 Build
https://lush-seeder-8ab.notion.site/P4WNP1-Build-54ffcdbe7cdf4e74b47861e9bd80f857
SANS Webcast Series
https://www.sans.org/webcasts/demystifying-data-conversion-binary-hexadecimal-decimal-ascii/
Bitlocker on by Default Windows 11
https://www.tomshardware.com/software/windows/windows-11-24h2-will-enable-bitlocker-encryption-for-everyone-happens-on-both-clean-installs-and-reinstalls
ChatGPT
https://www.sciencedirect.com/science/article/pii/S2666281724001252?dgcid=author
Subscribe to:
Posts (Atom)