Pieces0310

取证须让证物说话,莫妄以自我心证来给案情下定论.切忌画靶射箭,为找而找. 取证的根基仰赖经验与判断,在IT各领域的经验愈丰富,愈能看出端倪. 取证须善用工具,但不过度依赖工具.工具只能帮你缩小可能范围,但无法告诉你答案,仍需靠人进行分析判断.
首页 新随笔 联系 订阅 管理
上一页 1 ··· 3 4 5 6 7 8 9 10 11 ··· 16 下一页

2016年12月20日 #

Find out files transfered via Bluetooth
摘要: The case was about business secret and forensic guy did a physical acquisition from a smart phone. He'd like to find out files relates to sensitive da 阅读全文
posted @ 2016-12-20 22:23 Pieces0310 阅读(540) 评论(0) 推荐(0)

2016年12月3日 #

Take advantage of “Integrated Calling” to know whom suspect talked to
摘要: A new feature in iOS 10 is “Integrated Calling”. An integrated call from Chat App like Naver LINE or Skype or FB Messenger can be answered directly fr 阅读全文
posted @ 2016-12-03 16:20 Pieces0310 阅读(363) 评论(0) 推荐(0)

2016年12月1日 #

Thoughtful function is also good for investigation
摘要: Did you know how many friends in your IM? Some of them you are not familiar with, but your friends close to you are their friends..So your get acquain 阅读全文
posted @ 2016-12-01 23:17 Pieces0310 阅读(271) 评论(0) 推荐(0)

2016年10月31日 #

How secure FB Messenger is?
摘要: It's reported that FB Messenge is the most secure App for instant messaging service. Let's see if FB messenger is secure enough or not. I'll evaluate 阅读全文
posted @ 2016-10-31 15:30 Pieces0310 阅读(455) 评论(0) 推荐(0)

What's going on in background?
摘要: Did you know that mobile phone manufacturer collect your info without notifying you? Did you know your mobile phone may check in to manufacturer's ser 阅读全文
posted @ 2016-10-31 10:06 Pieces0310 阅读(243) 评论(0) 推荐(0)

2016年10月22日 #

好用的內存鏡像工具Belkasoft RAM Capture
摘要: 来自俄罗斯的取证大厂Belkasoft,旗下的主力产品Belkasoft Evidence Center有不错的评价,除了BEC之外,咱们Yuri老兄也是佛心来着的,提供了一个免费内存镜像工具RamCapture给同好们享用. 它有32bit及64bit版本,无须安装,直接运行即可.但须以系统管理者 阅读全文
posted @ 2016-10-22 09:40 Pieces0310 阅读(2074) 评论(0) 推荐(0)

2016年10月4日 #

How to acquire an Android phone with locked bootloader?
摘要: As we know that some devices come with locked bootloaders like Sony, HUAWEI, hTC...If you try to unlock bootloader, the data would disappear!!! Take h 阅读全文
posted @ 2016-10-04 22:35 Pieces0310 阅读(449) 评论(0) 推荐(0)

2016年10月2日 #

Electronic Payment App analysis
摘要: Electronic Payment App is getting more and more popular now. People don't have to bring credit cards any more. All they need to do is using their smar 阅读全文
posted @ 2016-10-02 10:35 Pieces0310 阅读(372) 评论(0) 推荐(0)

2016年9月27日 #

"System Protection" is disabled in Win10 default settings
摘要: We could find some important clue in Restore Point because "System Protection" of volume C is enabled in Windows default settings. Lots of data in "My 阅读全文
posted @ 2016-09-27 22:13 Pieces0310 阅读(731) 评论(2) 推荐(0)

2016年9月26日 #

Life cycle of plist in Lockdown changes dramatically in iOS 10
摘要: We could take advantage of plist to bypass Trust Relationship so as to extract data from a iDevice. Now it becomes an impossible mission in iOS 10. As 阅读全文
posted @ 2016-09-26 15:08 Pieces0310 阅读(420) 评论(2) 推荐(0)

上一页 1 ··· 3 4 5 6 7 8 9 10 11 ··· 16 下一页