What To Expect When You Are Expecting in a Digital Forensics Class, Two Hardware Solutions, One Neat Tool Capability For Windows, and a Partridge in a Pear Tree.

Get ready to journey into the world of digital forensics as we share our insights on the crucial art of utilizing a diverse range of tools. A single tool just won't cut it, and reliance on just one could cause you to miss out on important finds. We also give our listeners the floor, inviting you to voice your thoughts on the IACIS Advanced Mobile Device Forensics class, and the topics you'd love to see covered.

How do you feel about forensic extraction tools? We dissect unique features of tools like duplicators, TX1, and Atrio, and dive into latest updates from OpenText and ArcPoint Forensics. These updates have made it possible to create Android and iOS backups using duplicators, a game changer in the field. With Atrio, we open up an intriguing discussion about their forensic triaging and AI capabilities. We discuss the role of AI in identifying CSAM and brainstorm ways to enhance the tooling.

We share our own learning experiences from various classes, highlighting the absolute necessity of continual learning and outside research in this ever-evolving field. We also explore the features and potential of Arsenal, a digital forensics tool which aids in mounting and virtualizing E01 images. The unique capabilities provided by Arsenal to bypass the password to a Windows logon screen and access DPAPI-protected data is a must try! Whether you're a seasoned expert or just dipping your toes in the water, this episode is sure to pique your interest in the vast world of digital forensics.

Notes-

IACIS Advanced Mobile Device Forensics (AMDF)

https://iacis.com/training/amdf-advanced-mobile-device-forensics/

OpenText Duplicator Update

https://www.youtube.com/watch?v=L3qGa7H6NBs

ArcPoint Forensics

https://www.arcpointforensics.com/

DFIR Diva-

https://dfirdiva.com/

Arsenal Recon-

https://arsenalrecon.com/

Hexordia Mobile Data Structure-Virtual Live Training-

https://academy.cyber5w.com/courses/hexordia-mobile-data-structures-dec-2023

Vendor Transparency, Mobile Device Extractions, & Brigs Learns the Difference Between Validation and Verification

We are back with a mind-boggling conversation about our experiences, and the ever-evolving face of digital forensics. We're going to share some personal anecdotes, enlighten you about the changing UNIX epoch timestamp, and even discuss how we cope with the advancing age in this fast-paced world.

In the digital world, knowledge is power. We will reveal an amazing cheat sheet from Cellebrite that will simplify your understanding of extractions and the data that they yield. We’ll also delve into the concept of tool transparency, highlighting the pros and cons that come with it. We’ll help you understand why it's crucial to be informed about known bugs in a tool, and navigate the complex process of bug reporting. We’re going to discuss why it's essential to have multiple tools in your arsenal for data validation, and how manual validation is a must when it relates to key evidence.

As we wrap up, we'll talk about the implementation of ALEAPP and iLEAPP in Paraben and its capabilities to choose artifacts to report on. To add some levity, we'll also share a humorous meme that perfectly captures the essence of the repercussions of failing to validate your digital data. So, prepare to embark on a journey that’s bound to make you rethink everything you know about data extraction and tooling analysis.

Notes-

Scholarship Reminders

-https://www.iacis.com/will-docken-scholarship/

-https://www.iacis.com/womens-scholarship/

-https://www.magnetforensics.com/blog/2023-magnet-forensics-scholarship-program-apply-today/

Cellebrite Data Extraction CheatSheet

-https://www.linkedin.com/posts/heather-mahalik-cellebrite_data-extraction-cheatsheet-activity-7125138491805462528-l5-5/

-https://cellebrite.com/en/episode-23-i-beg-to-dfir-data-extractions-explained-ffs-afu-bfu-advanced-logical-digital-forensics-webinar/

Paraben

-https://paraben.com

Digital Forensics, Moot Court, and New Tool. Come Down the RabbitHole ™ with Us!

Curious about how digital forensics can unlock the secrets held by your tech devices? Join us as we shine a light on RabbitHole, an ingenious tool devised by Alex Caithness of CCL Solutions Group. This episode is sure to be a revelation, as we delve into this unique amalgamation of data format viewers. The plot thickens as we, act as your guides, to dissect the complexities of the RabbitHole - reparse feature, the free form report builder, and the remarkable ability to extract data from various sources.

We step away from the tech talk for a moment to underline the crucial role of Moot Court in nurturing digital forensics examiners. We debate the need for a supportive environment that allows mistakes, honing professionals in the field. We discuss the highlights of what qualities are needed to shape a great witness and throw light on two free cybersecurity courses related to expert witness testimony.

Don't miss our discussion on the new additions to iLEAPP! Media events from the knowledgeC database and connecting Discord attachments to message threads.

Finally we discuss changes to Shellbag artifacts that were implemented in Windows 11 updates as outlined by 13Cubed, and the meme of the week!

So, are you ready to tumble down this fascinating digital RabbitHole with us?

Notes:

CCL Solutions-RabbitHole-

https://www.cclsolutionsgroup.com/forensic-products/rabbithole

Courtroom Testimony Trainings-

CYBRARY.IT-https://cybrary.it/course/dfir-investigations-and-witness-testimony

NW3C-DF501 Expert Witness Testimony - Digital Forensic Examiners- https://www.nw3c.org/UI/CourseCatalog.html

Connecting Discord Attachments to Message Threads-

https://bluecrewforensics.com/2023/10/30/connecting-discord-attachments-threads-sdwebimage-library/

13 Cubed: An Important Change to ShellBags - Windows 11 2023 Update!

https://www.youtube.com/watch?v=M1nyMIu1Y18&t=4s

Shellbags Explorer by Eric Zimmerman

https://ericzimmerman.github.io/#!index.md