Pieces0310

取证须让证物说话,莫妄以自我心证来给案情下定论.切忌画靶射箭,为找而找. 取证的根基仰赖经验与判断,在IT各领域的经验愈丰富,愈能看出端倪. 取证须善用工具,但不过度依赖工具.工具只能帮你缩小可能范围,但无法告诉你答案,仍需靠人进行分析判断.
首页 新随笔 联系 订阅 管理
上一页 1 ··· 8 9 10 11 12 13 14 15 16 下一页

2015年12月24日 #

Use EnCase to acquire data from a smartphone
摘要: Yesterday someone asked me a question can EnCase acquire data from a smartphone, and my reply was "yes". Let me show you how to use Use EnCase to acqu... 阅读全文
posted @ 2015-12-24 22:06 Pieces0310 阅读(537) 评论(0) 推荐(0)

Android手机与计算机间的”信任关系”
摘要: 在iDevices(如iPhone、iPad等等)的取证方面,那个代表”信任关系”的plist无疑是最为关键的迹证,只要有了它,哪怕是最新机型的iDevice及最新版的iOS,且有着指纹保护或passcode保护,取证人员都能利用这plist在取证工作站上建立与犯嫌的iDevices间的”信任关系”... 阅读全文
posted @ 2015-12-24 21:07 Pieces0310 阅读(681) 评论(0) 推荐(0)

2015年12月11日 #

iPhone 6 (iOS 9.2) extractiion failed by XRY
摘要: My colleague extracted an iPhone 6 with XRY and it is iOS 9.2 . Unfortunately the Wizard crashed and take some screenshot as below. Please let us know... 阅读全文
posted @ 2015-12-11 10:25 Pieces0310 阅读(311) 评论(0) 推荐(0)

2015年12月10日 #

No deleted LINE chat messages recovered on iOS 9.1 after UFED extraction
摘要: The evidence is iPhone 5s with iOS 9.1 and not jail breaked. I use UFED to do advanced logical extraction just now. All I know is that suspect did use... 阅读全文
posted @ 2015-12-10 16:59 Pieces0310 阅读(467) 评论(2) 推荐(0)

2015年11月22日 #

Find out who the “mole” is?
摘要: Blueheat Company’s production server was out of order again. The CEO was very upset and want their CIO Leo to figure out what happened. Leo asked thos... 阅读全文
posted @ 2015-11-22 16:51 Pieces0310 阅读(299) 评论(0) 推荐(0)

2015年11月20日 #

Recover deleted pictures in iOS 9
摘要: A case about business secret. The suspect is an engineer in Hitec company, and compeitiors pay lots of money want him to take picutres about layout an... 阅读全文
posted @ 2015-11-20 13:11 Pieces0310 阅读(492) 评论(6) 推荐(0)

2015年11月16日 #

Windows USN Journal Parsing
摘要: What is "USN Journal"? It is "Update Sequence Number Journal". It records changes in the NTFS volume. The scenario is about Bomb threat. I use X-Ways ... 阅读全文
posted @ 2015-11-16 22:16 Pieces0310 阅读(876) 评论(0) 推荐(0)

2015年11月7日 #

iTunes - Forensic guys' best friend
摘要: What chances do you think to acquire suspect's data from his/her iDevice? If suspects also use iTunes or iCloud, I will say it's in the bag.What's ins... 阅读全文
posted @ 2015-11-07 16:10 Pieces0310 阅读(599) 评论(3) 推荐(0)

2015年10月31日 #

Track files and folders manipulation in Windows
摘要: The scenario is about Business Secret and our client do worry about data leakage. They want to know whether Suspect copy those data to external hard d... 阅读全文
posted @ 2015-10-31 16:56 Pieces0310 阅读(425) 评论(0) 推荐(0)

2015年10月23日 #

Bypass pattern lock on Sony Xperia Z2 and backup all data
摘要: Yesterday she came to me with a Sony Xperia Z2 D6503. Guess what? She forgot the pattern so she could not unlock her phone.You guys could take a look ... 阅读全文
posted @ 2015-10-23 23:11 Pieces0310 阅读(1175) 评论(0) 推荐(0)

上一页 1 ··· 8 9 10 11 12 13 14 15 16 下一页