Thursday, March 24, 2022

Mobile Forensics:free mobile training course

Mobile Forensics: free mobile training course

หลักสูตรอบรมการตรวจพิสูจน์อุปกรณ์สื่อสารเคลื่อนที่

free mobile training course

Belkasoft offers a free self-paced course Mobile Forensics with Belkasoft X.

We know how expensive your time is and how difficult it is to plan things now. This is why we prepared a course you get to study in a safe, comfortable environment and at times that are convenient for you. This course can be accessed online anytime until March 31, 2022.

free mobile training course

free mobile training course

To participate in the training, please do the following:1) If you do not have a Belkasoft Evidence Center X license yet, request a trial at https://belkasoft.com/trialPut “Mobile Self-Paced Course” in the Comment field2) Download and install Belkasoft Evidence Center X3) Complete the training using the form at https://belkasoft.com/

Watch a short tutorial video on how to work with found artifacts


Add a data source (iPhone backup) Download an archive file at https://1drv.ms/u/s!AjgdL3UhWro9iDaYf4j9ba1thYPf?e=c9LjlD

free mobile training course


free mobile training course
When did the device owner receive the last call from +133040(UTC)?
free mobile training course
What email is linked to the device owner account (Apple ID)?
free mobile training course
What is the birth date of Wargrave?
free mobile training course
You suppose that “cebastianmoran” sent some materials to “profeccor”in Vipole app, pointing at a car, and you need to find more details. What isthe color of the car?
free mobile training course
You need to learn more about any conversations iPhone ownerparticipated in in the period from December 13, 2019 to December 15, 2019.What kind of conversation could you see?
free mobile training course

Webinar on locked iPhones acquisition

CERTIFICATE ACHIEVEMENT OF  BELKASOFT X MOBILE TRAINING COURSE

free mobile training course


ที่มา: belkasoft.com


หมายเหตุ:เนื้อหาในเว็บไซต์นี้มีขึ้นเพื่อวัตถุประสงค์ในการให้ข้อมูลและเพื่อการศึกษาเท่านั้น

* หากมีข้อมูลข้อผิดพลาดประการใด ขออภัยมา ณ ที่นี้ด้วย  รบกวนแจ้ง Admin เพื่อแก้ไขต่อไป
ขอบคุณครับ

#WindowsForensic #ComputerForensics #dfir #forensics #digitalforensics #computerforensic #investigation #cybercrime #fraud 


Thursday, March 17, 2022

Digital Forensics:Using FTK Imager on CLI with Mac OS, Macbook

Digital Forensics:Using FTK Imager on CLI with Mac OS, Macbook

การทำสำเนาพยานหลักฐานดิจิทัลโดยใช้โปรแกรม FTK Imager ผ่านคำสั่ง command line บนเครื่อง Macbook

FTK Imager on CLI with Mac OS


Step 1: Source 

First things first, We can use Mac’s built-in diskutil list command to display disks and partitions. 

FTK Imager on CLI with Mac OS

My hard drive is mapped as /dev/disk0 — this is fairly typical. Note we’ve got 4 “partitions”; right now we care about one:

Step 2: Tools

 First thing, download AccessData FTK Imager CLI   for Mac(https://accessdata.com/product-download/mac-os-10-5-and-10-6x-version-3-1-1, looking for “Command Line Versions of FTK”. 

FTK Imager on CLI with Mac OS


Ok, We know that /dev/disk0 is my full disk,    Here’s my command:

FTK Imager on CLI with Mac OS

Image 11. Full command to run FTK Imager

1.       /dev/disk0 – Is the source, the disk to acquire the image.

2.       /Volumes/TABLEAU/CF_MAC/CF001 – The destination of forensic image files, CF_MAC Folder is where the files will be storage, CF001 is the name of the file.

3.       --e01 – The format of the image, this kind is for Encase image file format.

4.       --frag 1500MB, each file will have a maximum of 1500 Megabytes, ftkimager split the entire image in the necessary files with this size.

5.       --compress 9, level of compression for the disk image.

6.       --case-number, the number of the case.

7.       --evidence-number, the evidence number.

8.       --description, any comment for your case.

9.       --examiner, your full name or acronym of your name.

10.   --notes, any additional comment you want.

 

--verify   Hash/verify the destination image, or the source image if no destination is specified


Running the command and options above, the following will show even with the ongoing process


* The Mac version of Command Line Imager supports OS 10.5 and 10.6 The print-info command on Mac and Linux images (in E01 and S01 formats), under “Acquired on OS:” gives the kernel version number, not the OS version. For example, an image acquired on Mac OS 10.6.3, displays version 10.3.0 (which is the Darwin kernel version).
Step
 3:Running FTK Imager acquiring

FTK Imager on CLI with Mac OS

Step 4:Create complete.

FTK Imager on CLI with Mac OS

Step 5:The information it has acquired.

When the process of acquiring the image is done, FTK creates a (CF001.E01.txt) file with the summary    in the folder where is stored the image’s files, including features of the disk like the image’s hash values. 
FTK Imager on CLI with Mac OS
Download  Summary    CF001.E01.txt file of FTK Imager on CLI,
This file lists the evidence information, details of the drive, check sums, and times the image acquisition started and finished:

FTK Imager on CLI with Mac OS

FTK Imager on CLI with Mac OS

Also, you can create a forensic image from a running or dead machine. It is a literal snapshot in time that has integrity checking.

Referent:   Imager Command Line Help

                Acquiring an Image with FTK Imager

สรุป  การทดสอบตามสถานการณ์จำลองเพื่อทำลองคำสั่ง  และให้ทำตาม Steps of Digital Forensics  การทำสำเนาพยานหลักฐานดิจิทัลโดยใช้โปรแกรม FTK Imager ผ่านคำสั่ง command line  
     - พบว่าคำสั่ง --compress  สามารถบีบอัด (Image File )ไฟล์ให้เล็กลง
     - ให้เพิ่มคำสั่ง --verify   Hash/verify the destination image, or the source image if no destination is specified
       
 

#WINDOWSFORENSIC #COMPUTERFORENSICS #DFIR #FORENSICS #DIGITALFORENSICS #COMPUTERFORENSIC #INVESTIGATION #CYBERCRIME #FRAUD #MOBILEFORENSICS


หมายเหตุ:เนื้อหาในเว็บไซต์นี้มีขึ้นเพื่อวัตถุประสงค์ในการให้ข้อมูลและเพื่อการศึกษาเท่านั้น
* หากมีข้อมูลข้อผิดพลาดประการใด ขออภัยมา ณ ที่นี้ด้วย  รบกวนแจ้ง Admin เพื่อแก้ไขต่อไป
ขอบคุณครับ

Sunday, March 13, 2022

Digital Forensics:CAPTURE THE FLAG: KIDNAPPER CASE

Digital Forensics:CAPTURE THE FLAG: KIDNAPPER CASE

วันนี้มาแนะนำการแข่งขัน Belkasoft CTF  ซึ่งจัดโดยบริษัท  Belkasoft  เป็นโซลูชันด้านนิติวิทยาศาสตร์และ incident response ที่ใช้งานง่ายและมีประสิทธิภาพซึ่งช่วยลดความซับซ้อนและเร่งขั้นตอนการสืบสวนทางดิจิทัล และมีหัวข้อสืบสวนด้าน  cryptocurrency  โดยกิจกรรมจะเปิดและปิดเป็นช่วง   March 2022  #BelkaCTF 

THE IMAGE

  • You can download the CTF image (6.39 GB) using one of these links:

  • Passware Kit Forensic

    Passware was very kind to provide a license for all attendees: 


    1. List all users of the laptop.


    Flag;



    2.What web application was used by the boy to earn his pocket money?


    —What the hell is with these young people... chickens do not peck at their dad's money, but e is still doing it! 

    I raised my eyebrows in surprise. 

    —Chief, have you never been a teenager before? 

    —Okay, you're right, —Chief grimaced. He obviously did not like to remember his youth. 

    I pushed away the spontaneous smirk from my face, and the Chief continued: 

    —So, was he doing that from his secondary account?


    Flag:



    3.Which BTC wallet did the boy use to sell drugs?


    —So, the boy uses one account for studying, and the other for selling drugs? 

    —Yes, Sir.

    —Any evidence?

    —Of course, Chief. Look, here is his bitcoin wallet…

    Flag:


    4. On which date does the kid’s database show the most sales for “Acapulco Gold”?


    Flag:





    5. What was the other BTC wallet of the victim, which he used to hide his “under the counter” sales from his superior?

    — They called me again. Twice, — It looked like the Chief was angry at me because of that.
    — Are you saying I work too slow? Or should I take these calls on your behalf?
    The Chief missed my words, he seemed to be looking for his cigarettes.
    — Look, Chief, I found something interesting. The boy was selling their goods under the counter.
    The Chief stopped the search.
    — You said what? And did his supervisor…
    The Chief did not complete the sentence. We looked at each other knowingly.
    This is where malice rises in the case, our victim decided to start selling the common “goods” between him and Tux, his friend, under the counter to profit from it.




    Flag:



    CAPTURE THE FLAG: KIDNAPPER CASE  a certificate of participation.



    Refer:  belkasoft 
                 CTF
                 The official write-up on #BelkaCTF #4 is ready! Please read how the tasks were supposed to be solved at bit.ly/3tYp2DQ

    หมายเหตุ:เนื้อหาในเว็บไซต์นี้มีขึ้นเพื่อวัตถุประสงค์ในการให้ข้อมูลและเพื่อการศึกษาเท่านั้น

    * หากมีข้อมูลข้อผิดพลาดประการใด ขออภัยมา ณ ที่นี้ด้วย  รบกวนแจ้ง Admin เพื่อแก้ไขต่อไป
    ขอบคุณครับ

    #WindowsForensic #ComputerForensics #dfir #forensics #digitalforensics #computerforensic #investigation #cybercrime #fraud #CTF #DFIR

    Digital Forensics:WhatsMyName (OSINT)

    Digital Forensics:WhatsMyName (OSINT) Welcome to WhatsMyName This tool allows you to enumerate usernames across many websites How to use: 1....