There are millions of applications that can be used on a smartphone. This mini webcast with Terrance Maguire outlines an approach to examining these applications:

The purpose of this webinar is to delve into one of the most challenging aspects of working with a Cloud Service Provider (CSP), the conduct of Incident Response and Forensic Investigations. This challenge exists because far too many CSP customers believe that placement of data and applications into the cloud makes these functions the responsibility of the CSP. Most if …

This webcast explores the following topics: 1) Choosing the best test device 2) Rooting your Android 3) Utilizing File Browsers for quick file/folder access 4) Examining application directories of interest, all using utilities that exist on your SIFT workstation or that can be downloaded for free from the Internet

In April 2018 Microsoft updated Windows 10 with a new feature called “Timeline”. The Timeline is similar to your browser history but works for your entire computer. Apart from websites that you visited, the Timeline shows the documents you worked with, the games you played, the images you viewed or created and so on. The webinar be held together with …

The new Apple File System (APFS) was developed to replace HFS+ and became the default file system in September 2017. Like many Apple technologies, APFS is significantly different from other mainstream file-systems; it presents special challenges, but also some exciting data recovery opportunities. OpenText™ EnCase™ Forensic 8.07 now includes fundamental support for APFS, enabling targeted collection of forensic data from …

Cyber Threat Intelligence (CTI) analysts must have ways of clustering adversary intrusions to find patterns and make meaningful recommendations to defenders. Incident responders and security personnel must be able to simply interpret those recommendations for actionable results. And yet the ways the community clusters activity and assigns names to it can be extremely confusing and seems inconsistent. Is APT A …

During this webinar BlackBag Technologies representatives will show you how to acquire, decrypt and analyze APFS volumes:

You have used all of the utilities in your expensive forensic suite, and other programs to carve files from unallocated file space. Do you think you have found everything? If you answered yes, guess again. The typical way that carving utilities are able to recover deleted data automatically is through file header and footer identification, and this recovers an intact …

This webinar covers Registry Explorer version 1.0 including features such as searching multiple hives, transaction log replay, plugins, and more. Attendees of the webinar will understand how to use the many features available in Registry Explorer not only for investigative purposes but also how to use it to further one’s knowledge of the Windows Registry and how it is structured.

Many analysts rely on Windows Event Logs to help gain context of attacker activity on a system, with log entries serving as the correlative glue between additional artifacts, but what happens when the attackers find ways to remove the logs, or worse, stop the logs from writing? We must find a way to adapt. In part 2 of this series, …