We could take advantage of forensic tools to examine and analyze the evidence, but heavily reliance on forensic tools is risky. It's us that determine what clue is important or not, not forensic tools.  There is a scenario about malware and hacker. A…

What chances do you think to acquire suspect's data from his/her iDevice? If suspects also use iTunes or iCloud, I will say it's in the bag. What's inside a seized iPhone? Suspect refused to tell us and he was very confident that no one could unlock…

The Best Hacking Tools Hacking Tools : List of security tools specifically aimed toward security professionals for testing and demonstrating security weaknesses.     Passwords Cain & Abel Cain & Abel is a password recovery tool for Microsoft Opera…

10 best Linux distros for privacy fiends and security buffs in 2017 Introduction The awesome operating system Linux is free and open source. As such, there are thousands of different ‘flavours’ available – and some types of Linux such as Ubuntu are g…

The evidence is a VM as below. The flat vmdk is the real disk, and the vmdk only 1kb is just a descriptor. As you could see that there is no vmx. What will you do so as to find important clue inside this VM? Mount that flat vmdk and export disk image…

As we know that the Prefetch file is used for optimizing the loading time of the application in the next time that you run it. So we could know whether any suspicious application or not by examining those .pf files on the subject computers. We could…

Name                                             Disclosure Date  Rank    Description ----                                             ---------------  ----    -----------    aix/hashdump                                                      normal  A…

Belkasoft Evidence Center makes me very impressed that it supports lots of evidence type. I have to admit that it’s one of the most powerful forensic tools I’ve ever seen. Now I’d like to add an physical image acquired from an Android phone. Let’s ta…

The case scenario was about bank robery and the suspect threw his Samsung Note 3 into the river. Fortunately the Police found his phone and sent it to the Lab immediately. But guess what? This Samsung Note 3 was dead and those poor forensic guys trie…

Let me show you the WeChat version first. It is 6.3. What will happen to WeChat deleted chat messages? Take a look at "Blocks containing deleted data" and those deleted messages were wiped. What about WhatsApp? The version is 2.12.317. Fortunate…