Webcast: iPhone Forensics – Separating the Facts from Fiction

SANS will held a webcast on February 23, 2016 about iPhone Forensics. Time: Tuesday, February 23, 2016, 16:00 (UTC) Overview: There is much confusion surrounding what is possible and not possible technically when iPhone forensics is discussed. Focusing solely on the technical matters at hand with the industries top Smartphone experts, SANS aims to answer these key questions: What kind of…

Read More

Disk analysis with Sleuth Kit tools

The Sleuth Kit provides a few tools to automate the disk analysis process. This article gives a quick overview which commands can be used to analyze a physical disk image in Linux. fdisk fdisk is a partition table manipulator for Linux. It’s a menu driven program for creation and manipulation of partition tables. For digital…

Read More

Acquiring Data with dd, dcfldd, dc3dd

Acquiring Data with dd in Linux dd stands for “data dump” and is available on all UNIX and Linux distributions. dd can create a bit-by-bit copy of a physical drive without mounting the drive first. This RAW image ca be read by most of the forensics tools currently on the market. A few shortcomings of the dd…

Read More

Apple iOS Device Dashboard

If you conduct iPhone or iPad forensics, you might find this dashboard useful. It’s a compilation of a forensics investigators notes about various possibilities of iDevice acquisitions. You will find the reference chart here: http://goo.gl/UXt7Od  …

Read More