0%

Blog

Jun 03, 2016

epyxpete

Blog

0

This practical was conducted on a Samsung Galaxy Exhibit T599n MetroPCS phone. Although this method works on this particular Android phone, it is not guaranteed to work on all Android phones.   Ensure the following are downloaded and saved to the computer where the phone will be acquired:   ·         Android SDK Platform Tools ·         […]

Jun 17, 2013

epyxpete

Blog

0

You have just received an image of a dual-boot.  You add the image to your preferred forensic  suite only to discover that the linux partition of the image is not being recognized.  You immediately wonder.. “I know so and so can read extended 4! The other volume is not encrypted! What’s going on?” That became […]

Apr 14, 2013

epyxpete

Blog

0

I was recently given the opportunity to attend an advanced mobile forensics course taught by Joe Church from Digital Shield.  As part of the rite of passage certification process, Joe handed us an image of an infected Android device and challenged us to find the malware. By the third day of great instruction and working with […]

Feb 03, 2013

epyxpete

Blog

0

While examining an image of a Windows 7 computer, I struggled to find specific files that I knew at one point resided on the computer.  After hours of searching through both the allocated and unallocated area, I found the files in question on the shadow volumes. The shadow volumes, also known as the Volume Snapshot […]

Jan 11, 2013

epyxpete

Blog

0

Recently while examining an image of a computer, I came across the need to determine if the image contained a set of specific files.  For me those specific files were a series of pictures.  I was faced with two options, I can either manually go through all of the folders to search for the pictures, […]

Dec 02, 2012

epyxpete

Blog

0

Whether you need to make a forensic copy of an evidence drive for analysis, or restore a drive to look at the computer in a live manner, at one point or another you are probably going to find yourself needing to clone a drive.  Cloning a drive differs from imaging, in which cloning uses a […]

Nov 02, 2012

epyxpete

Blog

0

The master file table (MFT) is a database that contains information about all files on an NTFS file system.  Among other things, the MFT tracks times, size, name, and location of every file including itself.  It stores this information in entries, appropriately named MFT entries.  Each MFT entry gets assigned its own record number. AnalyzeMFT […]

Sep 26, 2012

epyxpete

Blog

0

The Windows registry is used by the operating system to store information about its configuration, users, applications and much more.  It is an excellent source of evidence for the forensic examiner. While looking for an open source solution to examine the registry, a colleague of mine recommended the Forensic Registry EDitor (FRED).  FRED is a GUI […]

Aug 22, 2012

epyxpete

Blog

0

The E01 image format, also known as the Expert Witness Format or the EnCase Image Format is perhaps the de facto standard for forensic analysis. Is it a format owned by Guidance Software containing a bitstream of an acquired disk, case information, checksums for every block of 64 sectors, and a footer with an MD5 […]

image
http://epyxforensics.com/wp-content/themes/yunik-installable/
http://epyxforensics.com/
#d81e2d
style2
default
Loading posts...
#c4c4c4
on
none
loading
#c4c4c4
Sort Gallery
http://epyxforensics.com/wp-content/themes/yunik-installable
on
no
yes
off
off
Enter your email:
off
off