Pieces0310

取证须让证物说话,莫妄以自我心证来给案情下定论.切忌画靶射箭,为找而找. 取证的根基仰赖经验与判断,在IT各领域的经验愈丰富,愈能看出端倪. 取证须善用工具,但不过度依赖工具.工具只能帮你缩小可能范围,但无法告诉你答案,仍需靠人进行分析判断.
首页 新随笔 联系 订阅 管理
上一页 1 2 3 4 5 6 7 8 9 10 ··· 16 下一页

2017年7月24日 #

Something wrong with EnCase v8 index search results
摘要: My friend told me that she installed EnCase v8.05 on her workstation which OS version is Win 10. She conducted an index search but no any hits found i 阅读全文
posted @ 2017-07-24 21:07 Pieces0310 阅读(344) 评论(2) 推荐(0)

2017年7月4日 #

Is it a full physical image???
摘要: My friend asked me why she could not find some important files in a physical image acquired from an Android phone. She took the evidence tree of an An 阅读全文
posted @ 2017-07-04 23:11 Pieces0310 阅读(693) 评论(3) 推荐(0)

2017年6月25日 #

FB的新专利竟要监看使用者的脸
摘要: 大家应该会很好奇Facebook又在搞什么新花招,这个专利的名称是"Techniques for emotion detection and content delivery",其用意是要以手机或笔电的前镜头(front-facing camera)侦测使用者对观看内容的反应,捕捉其表情,藉以察觉情 阅读全文
posted @ 2017-06-25 22:17 Pieces0310 阅读(295) 评论(0) 推荐(0)

2017年5月8日 #

How to image a CD/DVD ROM and generate hash value
摘要: Someone ask me how to image a CD/DVD ROM and generate hash value in the same time. A small tool called "dcfldd" could achieve this goal. Compared to d 阅读全文
posted @ 2017-05-08 21:40 Pieces0310 阅读(579) 评论(2) 推荐(0)

2017年4月28日 #

Mobile game forensics
摘要: My friend Carrie'd like to know "Garena 传说对决" violates any mobile risks such as insecure data storage or sensitive data disclosure . Let's take a look 阅读全文
posted @ 2017-04-28 11:11 Pieces0310 阅读(346) 评论(0) 推荐(0)

2017年4月26日 #

物理提取大绝招”Advanced ADB”???
摘要: 近来手机取证有个极为重大的突破,是由手机取证大厂Cellebrite所率先发表的”Advanced ADB” 物理提取方法,此功能已纳入其取证设备产品UFED 6.1之中。 这个所谓”Advanced ADB”的物理提取方法,可以对付的安卓手机范围之广,听了会令人咋舌。举凡Android 4.3~7 阅读全文
posted @ 2017-04-26 22:50 Pieces0310 阅读(766) 评论(0) 推荐(0)

2017年4月17日 #

How to trace the Geolocation of network traffic
摘要: A case about suspicious malware App. A forensic examiner capatured some pcap files and he'd to know where the desitnation is. Let me show you how to s 阅读全文
posted @ 2017-04-17 22:40 Pieces0310 阅读(400) 评论(0) 推荐(0)

2017年4月8日 #

App forensics
摘要: A friend of mine claimed that someone stole her personal data via hacking certain App. She installed that App several months ago and registered an acc 阅读全文
posted @ 2017-04-08 23:17 Pieces0310 阅读(618) 评论(0) 推荐(2)

2017年2月8日 #

专做手机取证的大厂被人给黑了
摘要: 天有不测风云,前不久美国FBI局长还信誓旦旦地说着,FBI及协助破解法鲁克的iPhone 5c的厂商,均会妥善保管那些手机破解工具. 没想到在过年前就传出那家专做手机取证的大厂被人给黑了.共取走了900多GB的数据,包含了破解工具及客户的数据等等. 后来更传出有相关资料被流出,如下图所示,相关人士从 阅读全文
posted @ 2017-02-08 17:56 Pieces0310 阅读(475) 评论(2) 推荐(1)

2017年1月12日 #

How to check all timestamps of a file
摘要: A friend of mine she asked me how to check all timestamps of a file on an NTFS volume. She did not have EnCase or FTK in hand. So I gave her FTK Image 阅读全文
posted @ 2017-01-12 22:27 Pieces0310 阅读(756) 评论(0) 推荐(0)

上一页 1 2 3 4 5 6 7 8 9 10 ··· 16 下一页