摘要:Cryptolocker是臭名昭著的勒索程序,使用AES加密后密钥回传,用户除了缴纳赎金之外基本无法解密数据。近日,知名安全公司Fire-Eye与Fox IT联合推出了针对该勒索程序的解锁网站https://www.decryptcryptolocker.com/©
阅读全文
posted @ 2014-08-07 17:13
随笔分类 - Forensic News
摘要:有加密狗的可以注册接收邮件下载暂时只有英文版前几天讲课还说到,EnCase的Template倒是好,但是稍微改一下Case Template自带的Bookmark结构,那么Report就看不到了,还是要手工在Report Template中添加才可以,在7.10中这一点做了完善,了了我一桩烦心事。。...
阅读全文
posted @ 2014-08-06 23:50
摘要:在被爆出“后门”事件后,苹果似乎已经开始了自己的行动,在最新发布的iOS 8 Beta5版本中,iOS取证专家Zdziarski提及的众多后台服务中的packet sniffer服务已经被禁用,体现出苹果公司在安全和用户隐私方面的重视。我们甚至可以猜测,在今秋即将推出的iOS 8中,苹果很可能会封堵...
阅读全文
posted @ 2014-08-06 23:20
摘要:Jonathan Zdziarski 近日在其推特上公布了此“后门”的研究及POC视频,并表示全球媒体“夸大”了此事,自己“从未表示过认为此后门与NSA的监控行为有关”。视频http://pan.baidu.com/s/1dDGgYIl早在去年底,Zdziarski就向“Digital Invest...
阅读全文
posted @ 2014-08-06 21:02
摘要:10月15日,Cellebrite公司对旗下产品进行了更新,包括UFED Classic、UFED Touch、Physical Analyzer、Logical Analyzer、Phone Detective、 UFED Reader以及Link Analysis。Release Note下载
阅读全文
posted @ 2013-10-17 11:24
摘要:Maintenance ReleaseCellebrite has released a maintenance version of UFED Physical / Logical Analyzer 3.8.1.UFED Physical / Logical Analyzer 3.8.1Resolving issues related to:Extracting a large amount of data from the UFED Touch / UFED Classic to a PC Previously after lengthy extractions, the UFED...
阅读全文
posted @ 2013-08-29 09:05
摘要:New in MacQuisition 2013 R2:Improved FileVault 2 Detection - Automatically detect the presence of a FileVault 2-encrypted volume, and enter a known password or recovery key directly within MacQuisition to unlock it.Multi-Destination Forensic Image Acquisition - Drag and drop volumes and/or folders t
阅读全文
posted @ 2013-08-29 08:58
摘要:Cellebrite 两周前正式发布了UFED设备所附带的Physical Analyzer和Logical Analyzer软件,更新后版本为3.8下载地址已更新至置顶资源下载页面。主要更新如下:支持针对iOS设备的文件系统转储,可以提取电子邮件内容内置了在线地图,所有地理位置可以直接展示支持对iOS尝试验证复杂密码UFED Physical Analyzer and UFED Logical Analyzer 3.8 bring a host of new decoding and decryption support, along with new functionality. New
阅读全文
posted @ 2013-08-27 09:14
摘要:EnCase v7.08 近日正式发布,7.08增加了Evidence Processor Manager以及Evidence Processor,不仅可以在本地实现证据处理队列,也支持了通过网络进行分布式证据处理的方式。以下是Release Note,更新软件下载地址集中于置顶帖中。What’s New in Version 7.08Evidence Processor ManagerEvidence Processor EnhancementsAugmented File Carving for ImagesNew Evidence Processor Lock/Unlock Flexib
阅读全文
posted @ 2013-08-23 09:22
摘要:Elcomsoft Phone Password Breaker 是俄罗斯Elcomsoft公司推出的手机取证工具,能够针对黑莓、苹果等手机的备份文件进行多种方式破解,支持远程获取iCloud数据。此次更新的EPPB 2.00修复了针对iCloud的支持,同时增加了筛选功能,用户不必全部下载整个iCloud备份,而是可以先选择需要下载的数据类型,再进行数据下载。新版本的EPPB也增加了对数据恢复的支持。点击下载完整Release Note
阅读全文
posted @ 2013-08-23 09:06
摘要:论版本变化速度,AD绝对首屈一指,从FTK 4到现在的FTK 5也不过两年多时间,EnCase近期(初步预计8月初)将推出V7的新版本7.08,下面是一些新功能:Evidence Processor ManagerEvidence Processor Manager allows for distribution and control of evidence processing for one or more EnCase Examiners or EnCase Processors. Every license of EnCase Forensic comes with an addit
阅读全文
posted @ 2013-07-30 15:21
摘要:从事计算机取证的应该都听说过MIP(Mount Image Pro)、VFC仿真和Recover My Files,上述三个应用比较广泛的软件都是GetData公司的产品。GetData现在也推出了自己的计算机取证软件Forensic Explorer。详细信息可以参考:http://www.forensicexplorer.com/从价格来看,的确不贵,一套Forensic Explorer(含MIP v5)带一年SMS收费$949,增加一年SMS $299,价格堪称良心,具体功能还有待测试。
阅读全文
posted @ 2013-07-30 11:33
摘要:原文跳转:http://arstechnica.com/security/2013/07/disabling-a-cars-brakes-and-speed-by-hacking-its-computers-a-new-how-to/Tampering with a car’s brakes and speed by hacking its computers: A new how-toThe "Internet of automobiles" may hold promise, but it comes with risks, too.byDan Goodin-July
阅读全文
posted @ 2013-07-30 11:18
摘要:俄罗斯厂商Elcomsoft近日更新了其旗下的iOS取证软件Elcomesoft iOS Forensic Toolkit,更新后的1.2版本支持针对iOS 4-6的iPhone 4s、iPhone5进行简单密码破解、物理镜像转储以及keychain解锁等。详情请见 :http://elcomsoft.com/eift.html
阅读全文
posted @ 2013-07-18 10:47
摘要:近日,以色列手机取证设备制造商CelleBrite对旗下UFED手机取证产品进行升级:UFED Classic 及 UFED Touch固件更新至1.9.0.0UFED Logical Analyzer 及 Physical Analyzer 更新至3.7.2详细Release Note请下载: 点我下载
阅读全文
posted @ 2013-06-07 10:35
摘要:根据来自美国GuidanceSoftware的消息,在电子取证行业具有一定影响力的EnCase认证调查员(EnCase Certified Examiner,EnCE)近期将进行变化:自2013年5月31日起,GSI官方及授权培训伙伴停止提供EnCE v6 prep课程,EnCE v7 Prep不受影响。自2013年5月31日起,GSI不再接受EnCE v6的考试认证申请,仅提供EnCE v7版本考试。在接下来的EnCE考试中,Phase II部分的案例动手练习将不再采用从美国寄送加密狗及证据文件的方式,考试版EnCase的授权将采用证书文件方式,同时证据文件将采用下载。
阅读全文
posted @ 2013-05-23 22:24
摘要:What's New in Version 7.07Evidence Processor performance scalingBookmarking Case Analyzer dataMac OS X email message supportMac OS X Artifact ParserLinEn support featuresSorting tags within a columnPII Credit Card Pattern enhancementApple iOS 6 supportEvidence Processor Performance ScalingThe Ev
阅读全文
posted @ 2013-05-06 17:50
摘要:EDEC Digital Forensics has released a beta of its latest version of the company’s Tarantula Chinese Cell Phone Analysis Tool. Tarantula 2.0 beta is a significant advance.“In an industry where technology advances at the speed of light, it is our responsibility to provide investigators with the most a
阅读全文
posted @ 2013-05-05 17:41
摘要:详情跳转:http://www.cellebrite.com/mobile-forensic-products/ufed-applications/ufed-link-analysis.html
阅读全文
posted @ 2013-04-18 14:40
摘要:Apple's iMessage encryption trips up feds' surveillanceInternal document from the Drug Enforcement Administration complains that messages sent with Apple's encrypted chat service are "impossible to intercept," even with a warrant.The DEA is not happy about Apple's iMessage
阅读全文
posted @ 2013-04-08 09:39