Pieces0310

2020年12月20日 #

摘要：有位同好先前有拜读过数年前我的一篇拙作,提及如何查找Mac上的USB存储设备使用痕迹,而由于操作系统已有所不同,他希望我再为各位谈一下. 没错, macOS的日志机制不再像过去是text-based仅是存放在日志文件之中可直接进行检视,而是基于一个所谓”Unified Logging System” 阅读全文

posted @ 2020-12-20 21:15 Pieces0310 阅读(1069) 评论(0) 推荐(0)

2020年9月8日 #

Beware of the encrypted VM

摘要： A friend of mine Megan told me that she got an error message as below screenshot when trying to open a virtual machine on suspect's laptop. She tried 阅读全文

posted @ 2020-09-08 23:11 Pieces0310 阅读(261) 评论(0) 推荐(0)

2020年6月2日 #

A barrier for Mobile Forensics - Samsung Secure Folder

摘要： Since I mentioned about "Second Space", let's take a look at Samsung "Secure Folder". This built-in feature for Samsung smartphones is a secret space 阅读全文

posted @ 2020-06-02 23:26 Pieces0310 阅读(616) 评论(0) 推荐(0)

2020年5月7日 #

Second Space could let suspect play two different roles easily

摘要： Have you guys heard about a pretty good feature called "Second Space"? Manufacturers like Xiaomi,Huawei... offer "Second Space" feature which allows u 阅读全文

posted @ 2020-05-07 14:02 Pieces0310 阅读(842) 评论(0) 推荐(0)

2019年12月19日 #

Take advantage of Checkra1n to Jailbreak iDevice for App analysis

摘要： An unpatchable bootrom exploit called "checkm8" works on all iDevices up until the iPhone X irrespective of whether they run iOS 12 or iOS 13 and make 阅读全文

posted @ 2019-12-19 23:16 Pieces0310 阅读(603) 评论(0) 推荐(0)

2019年8月2日 #

Find out "Who" and "Where"

摘要： Yesterday a friend of mine Kirby came to me with a smartphone and she wanted me to do her a favor. She showed me some contacts in an app called "LINE" 阅读全文

posted @ 2019-08-02 23:10 Pieces0310 阅读(500) 评论(0) 推荐(0)

2019年4月16日 #

Where is the clone one and how to extract it?

摘要： One cannot be in two places at once. Do you know what's "Dual Apps"? Manufactures like Xiaomi,Oppo,Huawei offer "Dual Apps" feature which allows users 阅读全文

posted @ 2019-04-16 23:23 Pieces0310 阅读(673) 评论(2) 推荐(0)

2019年3月17日 #

Downgrade extraction on phones running Android 7/8/9/10/11

摘要： Now it's more and more difficult for forensic tools to extract evidence from smartphone running Android 7 and above. Maybe you could acquire physical 阅读全文

posted @ 2019-03-17 22:26 Pieces0310 阅读(1354) 评论(0) 推荐(0)

2018年12月30日 #

高版本安卓手机的取证未来

摘要：近年来的安卓手机取证相较过往，可以施展的手法是愈来愈受限了，大体上可以安卓7.0做为一个分野，在安卓7.0以上的高版本明显有以下反取证的特性出现： 1. 降级(Downgrade)搭配ADB Backup的技法无法备份到App的数据，如此一来即便你知道嫌疑犯明明有用WeChat等IM，但却苦无方法可阅读全文

posted @ 2018-12-30 14:52 Pieces0310 阅读(1850) 评论(0) 推荐(0)

2018年12月19日 #

How to extract WeChat chat messages from a smartphone running Android 7.x or above

摘要： A friend of mine she was frustarted in extracting WeChat chat messages from suspect's smartphone running Android 7.x. The situation is that no pattern 阅读全文

posted @ 2018-12-19 23:26 Pieces0310 阅读(914) 评论(0) 推荐(0)

公告