We are not sure about your labs, but our receives more and more Macs for forensic examination every month. And, of course, some of the cases require us to find forensic artefacts of external USB drives connections and files copying. We know that you guys liked our last article regarding USB forensics on Windows systems, so we decided to write …

If you are a digital forensic examiner, you must know, that clients very often ask to find out, which sensitive files were copied to USB thumb drives by disgruntled employees before they left the company. There are a lot of articles and guides on USB forensics on the Web, but most of them dealing with the flash drives and not the computer …

For a long time one of the most common sources of ransomware and other malware have been spear phishing emails. Such emails are targeted towards a specific person or organization, and are used by attackers to steal data or install malicious software. If you are doing digital forensics, you must know that such attacks are quite common even in 2017. …

Nowadays more and more people use encryption to protect the backups of their iPhone, iPad, or iPod touch in iTunes. That’s why this is one of typical problems of modern digital forensics. As you know, iTunes backups can be found in the following locations: Mac OS X: /Users/(username)/Library/Application Support/MobileSync/Backup/ Windows 7, 8 or 10: \Users\(username)\AppData\Roaming\Apple Computer\MobileSync\Backup\ Of course, if the backup you found …

In this article, we are going to take a close look at the fundamentally new sources of digital evidences that are typical for the new version of the Windows 10 operating system, such as Notification center, new browser Microsoft Edge and digital personal assistant Cortana. Also, we will study some of the sources that were in the previous versions of …

SQLite is a popular database format that is used in programs of both mobiles devices and personal computers. Most of the popular browsers such as Google Chrome, Mozilla Firefox and Yandex Browser, and a great number of messengers, for example WhatsApp, Viber, WeChat etc. keep their data in this format. This fact makes such databases a valuable source of digital …

In this article, we are dealing with the main principles of the detection and analysis of the Android operating system malware, considering that this operating system is widely used in the smartphones and tablets. The main tools that are used by the experts for Android applications analysis are described. Introduction; General characterization of the Android malware; Android malware detection; Anti-forensic …

As you may already know, one of the most recent updates of Belkasoft Evidence Center is BelkaImager or Belkasoft Acquisition Tool.

Joe Sylve has announced his new article together with Vico Marziale and Golden Richard III entitled “Modern Windows Hibernation File Analysis”. 

Our digital forensics lab receives Mac computers for examination more and more often. There are some powerfull forensic suites for OS X analysis, but also there are a lot of very useful open source tools and scripts. One of such scripts is MacMRU-Parser.