摘要:好久不写了,不管是忙还是闲,归结起来还是懒。 无人机在国内销售火热,成了新的时尚玩具,但是目前针对民用无人机的监管,尚未出台相关的管理规定,近期和一个LE的朋友聊,谈到了无人机的取证,今天写一写这方面的想法和近期的研究。 一、为什么取无人机,能不能做? 电子数据取证涵盖的介质极为广泛,可以说凡是带存
阅读全文
posted @ 2016-07-29 00:43
随笔分类 - 计算机取证技术
摘要:原文跳转:http://dig4n6.blogspot.tw/2013/07/vdi-in-box-analysis-results.html*文中引用图片如无法浏览,请*****VDI-in-a-Box Analysis ResultsbyEthan FleisherDespite the fact that my capstone thesis was complete over three months ago, it’s been a struggle to make this post. That being said, hopefully this blog post doesn&
阅读全文
posted @ 2013-07-30 11:27
摘要:原文跳转:http://www.hexacorn.com/blog/2013/04/30/jumplists-file-names-and-appid-calculator/JumpList files are an interesting forensic artifact and as such they have been thoroughly explored by many researchers over last 2-3 years. There is really a lot of material out there and there are also many tools
阅读全文
posted @ 2013-05-05 17:44
摘要:作者:Arthur Gingrande原文跳转:http://www.documentmedia.com/ME2/dirmod.asp?sid=&nm=&type=Publishing&mod=Publications%3A%3AArticle&mid=8F3A7027421841978F18BE895F87F791&tier=4&id=6D44870EEFAC4C6DBD2BC6DE21DAE9DFThe Long-term Preservation of Digital EvidenceBy Arthur GingrandeAs the em
阅读全文
posted @ 2013-04-09 16:22
摘要:原文自:Solidot 安全研究人员发现了新的隐私威胁,3G网络中的每一部手机都能遭跟踪,利用现成的廉价商业技术就能发现这些3G设备的地理位置。全球通信行业组织3GPP正在调查该项研究。领导这项研究的伯明翰大学研究人员将在本月举行的ACM Conference on Computer and Communications Security会议上公布漏洞细节。研究人员在德国T-Mobile、Vod...
阅读全文
posted @ 2012-10-11 00:11
摘要:Forensic Computer Examiner Quick Reference Guide 是一款在iOS平台使用的计算机取证调查员快速参考手册,包含了计算机取证常用的表格和参考资料。 今日,Forensic Computer Examiner Quick Reference Guide在苹果App Store发布更新,新版本号为2.0 跳转至App Store: htt...
阅读全文
posted @ 2012-05-23 14:49
摘要:俄罗斯著名密码破解产品厂商Passware 近日发布Passware Kit最新版11.7主要更新:支持对Microsoft Office 2007-2010文档密码的快速破解 (内存分析)PGP WDE(全盘加密)的快速破解(内存分析)支持对于Apple DMG磁盘镜像的密码恢复与EnCase软件集成原文跳转:http://www.lostpassword.com/news/pnl63.htm
阅读全文
posted @ 2012-05-22 17:50
摘要:WhatsApp ForensicsThose who follow this blog may have noticed few months ago a post that introduced WhatsApp Xtract: this script was able to display in an HTML document all the WhatsApp messages extracted from an iPhone. And those who follow the xda developers forum may have recently noticed a threa
阅读全文
posted @ 2012-05-16 19:18
摘要:本文原作者Jason Hale,所有权利归原作者所有。Windows 8 TypedURLsTimeAmanda Thomson posted a Windows 8 Forensic Guide last month that covers a variety of topics examiners can expect to encounter with this new operating system on the horizon. One of the new items in Windows 8 - existing at least in the Consumer Preview
阅读全文
posted @ 2012-05-16 19:15
摘要:Paraben's Project-A-PhoneTM ICD-8000 is the latest version of its cell phone screen capture device that allows you to take pictures or videos of the screen of almost any cell phone and display it right on your computer. This model replaces the IDC-5200, the most popular image capturing device am
阅读全文
posted @ 2012-05-16 18:03
摘要:AIS, Inc. announces the availability of their newest software product, MacResponse LE™. MacResponse LE is designed to provide law enforcement with critical capabilities needed to reliably collect and analyze data from live computer systems running various versions of Mac OS X.MacResponse LE was deve
阅读全文
posted @ 2012-05-16 17:43
摘要:在接下来的一段时间,我将在博客上陆续摘录连载《智能手机取证》一书的部分章节,该书由我与中国刑警学院计算机犯罪侦查系主任秦玉海教授共同编写,将于年内出版面世。
阅读全文
posted @ 2012-05-07 15:09
摘要:原文自http://www.cnbeta.com/articles/185511.htm所有权利归原作者所有如有侵犯权利,请联系博主删除。译自Ars Technica当一名基地组织嫌犯在去年五月在柏林被捕的时候, 警方发现他随身携带着一张存储卡, 而其中的文件是隐藏的. 不过据德国 Zeit 杂志报道, 德国联邦刑警的计算机刑侦专家后来成功的解开了存储卡上的隐藏内容: 表面上来看, 卡上似乎只存有一个文件名为 "牛逼" (KickAss) 的色情视频. 但警方随后在该视频中发现了 141 个文本文档, 据官方发言人表示这些文档中包括大量基地组织的行动报告和未来行动规划.那么
阅读全文
posted @ 2012-05-04 00:35
摘要:原文自http://network.pconline.com.cn/netsafe/1204/2749924_all.html所有权利归原作者所有如有侵犯权利,请联系博主删除。——————————————————————————————————————————————————————————————————————最近炒的沸沸扬扬的深圳某达等诸多品牌无线路由器PIN码算法被破译事件,可谓影响深远。网友只需要简单的通过一些WIFI无线信号嗅探软件就可以轻松的破译开启了WPS功能的无线路由器密码。通过PIN码连接进入别人的无线网络中蹭网。具体操作我们稍作演示扫瞄附近的无线信号 我们随便扫瞄了办公.
阅读全文
posted @ 2012-05-02 10:03
摘要:本文原作者John J. Barbara,所有权利归原作者所有。 作者简介: John J. Barbara owns Digital Forensics Consulting, LLC, providing consulting services for companies and laboratories seeking digital forensics accreditation. An ASCLD/LAB inspector since 1993, John has conducted inspections in several forensic disciplines i...
阅读全文
posted @ 2012-04-07 22:51
摘要:Q:在EnCase v7中,当用户使用了Conditions之后,过滤的结果是独立显示在Result里的,而不是像v6一样附加于Entries界面,在Result中,是不具备Copy Files或Copy Folder的功能的;而Go To File仅能够实现单一文件的跳转。那么,如何才能批量导出Conditions和Filters过滤后的结果中的批量文件呢? A:调查员可以首先进行Condition或者Filter操作,之后在Result中,对过滤结果进行全部勾选,并使用Tag功能为所有选中项目加Tag用以标记,之后,切换至Entries标签,对Tag列进行排序,选中所有标记Tag的文...
阅读全文
posted @ 2012-03-26 16:45
摘要:Virtual Disk ConversionVirtualBox uses VDI files for primary hdd image. After you export the VM it will become a VMDK. I f you want to convert it back to VDI, or just want to convert image type you can do it with the following command:Syntax:#VBoxManage.exe internalcommands converthd -srcformat FOR.
阅读全文
posted @ 2011-10-11 01:12
摘要:由于目前大部分智能手机数据存储都采用SQLite数据库,所以SQlite数据库的恢复成了是否能够恢复被删除数据的关键。 目前针对SQLite数据库,国内尚无成熟的解决方案,更没有专用的取证工具;而国外目前有两款专门用于SQLite数据库取证的工具: Epilog 和 SQLite Forensic Reporter Epilog 这款软件从界面上看很强大,据其官方演示(有兴趣的可以Youtube搜关键词epilog),该软件可进行SQLite结构解析、日志恢复和完整数据结构恢复。 SQLite Forensic Reporter 该软件号称目前最专业的SQLite取证软件,主...
阅读全文
posted @ 2011-09-01 17:46
摘要:GSI近日在一篇KB中对于新的EX01证据文件结构进行了解释: What New Features are Offered by the EX01 Evidence File Format?Affected Products:EnCase Forensic 7.xSummary:EnCase V7 allows for the creation of EX01 files. This evidence file format retains many of the features of E01 files and adds several new features.Explanation/R
阅读全文
posted @ 2011-08-13 15:42
浙公网安备 33010602011771号