Many of you may be familiar with Yogesh Khatri's revolutionary digital forensics tool, mac_apt. His tool does wonders by parsing macOS image files and outputting valuable artifact data. However, it is very easy for your forensic answers to be lost in the vast amount of information mac_apt provides. A small team, comprised of Zach Burnham... Continue Reading →
We are all aware that Digital Forensics, like most other fields, has many misconceptions ingrained in its daily work. The immense separation between the technical knowledge and the general public creates an overwhelming disconnect that I believe should be worked on. With the hopes of closing this separation, here is quick answer to a common... Continue Reading →
Digital forensic investigators are typically hired to uncover what happened on a digital device. Regardless of what the device is (mobile phone, laptop, server, etc), they will do their best to produce a narrative of past system events. This narrative is often nothing more than an explained timeline of the system. To achieve this, investigators... Continue Reading →
Unabridged and vastly underestimated, often is the potentially dense quality of indirect digital forensic data. Sometimes the most prime sources of information lays not within an event's data, but the data that is produced --about-- the data. What is Metadata and why is it important? The shorthand answer: Metadata is informational data/statistics/descriptors of other pieces of... Continue Reading →
While working on a recent Mac project, I wrote this script that parses the contents of an HFS+ 'system.log' file. The script will take in the provided log file and output an organized database file. Although the newer APFS file system now utilizes unified logging, I figured I would publish this very simple script in... Continue Reading →
We live in a digital world where almost everything we do is being monitored by technology. Our locations are being tracked by our mobile devices, CCTV security cameras are on almost every building, and even our banking is mostly done online. Most people, including myself, are concerned with how much of our personal lives is out... Continue Reading →
Is it alright if my company's IT employees perform initial forensic work so I can save money? Review what the best practice is.
There is an unusually thin line between the safety of our digital lives and the rest of the world. A correct username and password are all that separate the ownership of an online identity or device. So how can digital forensic evidence be admissible in court if anyone can be behind the keyboard? Can their... Continue Reading →