For a long time one of the most common sources of ransomware and other malware have been spear phishing emails. Such emails are targeted towards a specific person or organization, and are used by attackers to steal data or install malicious software. If you are doing digital forensics, you must know that such attacks are quite common even in 2017. …

Nowadays more and more people use encryption to protect the backups of their iPhone, iPad, or iPod touch in iTunes. That’s why this is one of typical problems of modern digital forensics. As you know, iTunes backups can be found in the following locations: Mac OS X: /Users/(username)/Library/Application Support/MobileSync/Backup/ Windows 7, 8 or 10: \Users\(username)\AppData\Roaming\Apple Computer\MobileSync\Backup\ Of course, if the backup you found …

In this article, we are going to take a close look at the fundamentally new sources of digital evidences that are typical for the new version of the Windows 10 operating system, such as Notification center, new browser Microsoft Edge and digital personal assistant Cortana. Also, we will study some of the sources that were in the previous versions of …

SQLite is a popular database format that is used in programs of both mobiles devices and personal computers. Most of the popular browsers such as Google Chrome, Mozilla Firefox and Yandex Browser, and a great number of messengers, for example WhatsApp, Viber, WeChat etc. keep their data in this format. This fact makes such databases a valuable source of digital …

In this article, we are dealing with the main principles of the detection and analysis of the Android operating system malware, considering that this operating system is widely used in the smartphones and tablets. The main tools that are used by the experts for Android applications analysis are described. Introduction; General characterization of the Android malware; Android malware detection; Anti-forensic …

As you may already know, one of the most recent updates of Belkasoft Evidence Center is BelkaImager or Belkasoft Acquisition Tool.

Joe Sylve has announced his new article together with Vico Marziale and Golden Richard III entitled “Modern Windows Hibernation File Analysis”. 

Our digital forensics lab receives Mac computers for examination more and more often. There are some powerfull forensic suites for OS X analysis, but also there are a lot of very useful open source tools and scripts. One of such scripts is MacMRU-Parser.

Have you ever dug for deleted shadow copies during your Windows forensic examination?

In this post we want to show you how to create Mac OS X memory image with Rekall’s OSXPMem tool.