Mobile Forensics:free mobile training course

Mobile Forensics: free mobile training course

หลักสูตรอบรมการตรวจพิสูจน์อุปกรณ์สื่อสารเคลื่อนที่

Belkasoft offers a free self-paced course Mobile Forensics with Belkasoft X.

We know how expensive your time is and how difficult it is to plan things now. This is why we prepared a course you get to study in a safe, comfortable environment and at times that are convenient for you. This course can be accessed online anytime until March 31, 2022.

free mobile training course

To participate in the training, please do the following:
1) If you do not have a Belkasoft Evidence Center X license yet, request a trial at https://belkasoft.com/trial
Put “Mobile Self-Paced Course” in the Comment field
2) Download and install Belkasoft Evidence Center X
3) Complete the training using the form at https://belkasoft.com/

Watch a short tutorial video on how to work with found artifacts

Add a data source (iPhone backup) Download an archive file at https://1drv.ms/u/s!AjgdL3UhWro9iDaYf4j9ba1thYPf?e=c9LjlD

When did the device owner receive the last call from +133040(UTC)?

What email is linked to the device owner account (Apple ID)?

What is the birth date of Wargrave?

You suppose that “cebastianmoran” sent some materials to “profeccor”in Vipole app, pointing at a car, and you need to find more details. What isthe color of the car?

You need to learn more about any conversations iPhone ownerparticipated in in the period from December 13, 2019 to December 15, 2019.What kind of conversation could you see?

Webinar on locked iPhones acquisition

CERTIFICATE ACHIEVEMENT OF  BELKASOFT X MOBILE TRAINING COURSE

ที่มา: belkasoft.com

หมายเหตุ:เนื้อหาในเว็บไซต์นี้มีขึ้นเพื่อวัตถุประสงค์ในการให้ข้อมูลและเพื่อการศึกษาเท่านั้น

* หากมีข้อมูลข้อผิดพลาดประการใด ขออภัยมา ณ ที่นี้ด้วย  รบกวนแจ้ง Admin เพื่อแก้ไขต่อไป
ขอบคุณครับ

#WindowsForensic #ComputerForensics #dfir #forensics #digitalforensics #computerforensic #investigation #cybercrime #fraud 

Digital Forensics:Using FTK Imager on CLI with Mac OS, Macbook

Digital Forensics:Using FTK Imager on CLI with Mac OS, Macbook

การทำสำเนาพยานหลักฐานดิจิทัลโดยใช้โปรแกรม FTK Imager ผ่านคำสั่ง command line บนเครื่อง Macbook

Step 1: Source 

First things first, We can use Mac’s built-in diskutil list command to display disks and partitions. 

My hard drive is mapped as /dev/disk0 — this is fairly typical. Note we’ve got 4 “partitions”; right now we care about one:

Step 2: Tools

 First thing, download AccessData FTK Imager CLI   for Mac(https://accessdata.com/product-download/mac-os-10-5-and-10-6x-version-3-1-1, looking for “Command Line Versions of FTK”. 

Ok, We know that /dev/disk0 is my full disk,    Here’s my command:

Image 11. Full command to run FTK Imager

1.       /dev/disk0 – Is the source, the disk to acquire the image.

2.       /Volumes/TABLEAU/CF_MAC/CF001 – The destination of forensic image files, CF_MAC Folder is where the files will be storage, CF001 is the name of the file.

3.       --e01 – The format of the image, this kind is for Encase image file format.

4.       --frag 1500MB, each file will have a maximum of 1500 Megabytes, ftkimager split the entire image in the necessary files with this size.

5.       --compress 9, level of compression for the disk image.

6.       --case-number, the number of the case.

7.       --evidence-number, the evidence number.

8.       --description, any comment for your case.

9.       --examiner, your full name or acronym of your name.

10.   --notes, any additional comment you want.

 

--verify   Hash/verify the destination image, or the source image if no destination is specified

Running the command and options above, the following will show even with the ongoing process

* The Mac version of Command Line Imager supports OS 10.5 and 10.6 The print-info command on Mac and Linux images (in E01 and S01 formats), under “Acquired on OS:” gives the kernel version number, not the OS version. For example, an image acquired on Mac OS 10.6.3, displays version 10.3.0 (which is the Darwin kernel version).

Step 3:Running FTK Imager acquiring

Step 4:Create complete.

Step 5:The information it has acquired.

When the process of acquiring the image is done, FTK creates a (CF001.E01.txt) file with the summary    in the folder where is stored the image’s files, including features of the disk like the image’s hash values. 

Download  Summary    CF001.E01.txt file of FTK Imager on CLI,

This file lists the evidence information, details of the drive, check sums, and times the image acquisition started and finished:

Also, you can create a forensic image from a running or dead machine. It is a literal snapshot in time that has integrity checking.

Referent:   Imager Command Line Help

                Forensics 101: Acquiring an Image with FTK Imager

                Acquiring an Image with FTK Imager

สรุป  การทดสอบตามสถานการณ์จำลองเพื่อทำลองคำสั่ง  และให้ทำตาม Steps of Digital Forensics  การทำสำเนาพยานหลักฐานดิจิทัลโดยใช้โปรแกรม FTK Imager ผ่านคำสั่ง command line  

     - พบว่าคำสั่ง --compress  สามารถบีบอัด (Image File )ไฟล์ให้เล็กลง

     - ให้เพิ่มคำสั่ง --verify   Hash/verify the destination image, or the source image if no destination is specified

       

 

#WINDOWSFORENSIC #COMPUTERFORENSICS #DFIR #FORENSICS #DIGITALFORENSICS #COMPUTERFORENSIC #INVESTIGATION #CYBERCRIME #FRAUD #MOBILEFORENSICS

หมายเหตุ:เนื้อหาในเว็บไซต์นี้มีขึ้นเพื่อวัตถุประสงค์ในการให้ข้อมูลและเพื่อการศึกษาเท่านั้น
* หากมีข้อมูลข้อผิดพลาดประการใด ขออภัยมา ณ ที่นี้ด้วย  รบกวนแจ้ง Admin เพื่อแก้ไขต่อไป
ขอบคุณครับ

Digital Forensics:CAPTURE THE FLAG: KIDNAPPER CASE

Digital Forensics:CAPTURE THE FLAG: KIDNAPPER CASE

วันนี้มาแนะนำการแข่งขัน Belkasoft CTF  ซึ่งจัดโดยบริษัท  Belkasoft  เป็นโซลูชันด้านนิติวิทยาศาสตร์และ incident response ที่ใช้งานง่ายและมีประสิทธิภาพซึ่งช่วยลดความซับซ้อนและเร่งขั้นตอนการสืบสวนทางดิจิทัล และมีหัวข้อสืบสวนด้าน  cryptocurrency  โดยกิจกรรมจะเปิดและปิดเป็นช่วง   March 2022  #BelkaCTF 

THE IMAGE

You can download the CTF image (6.39 GB) using one of these links:

Google Drive: Click here to download from Google Drive

Mega: Click here to download from Mega

Yandex: Click here to download from Yandex

Mirror: Click here to download from Mirror

Archive password: MJSWY23BONXWM5DDORTEAMRQGIZA====

Passware Kit Forensic

Passware was very kind to provide a license for all attendees: 

• CHALLENGES
• 
  

1. List all users of the laptop.

Flag;

2.What web application was used by the boy to earn his pocket money?

—What the hell is with these young people... chickens do not peck at their dad's money, but e is still doing it! 

I raised my eyebrows in surprise. 

—Chief, have you never been a teenager before? 

—Okay, you're right, —Chief grimaced. He obviously did not like to remember his youth. 

I pushed away the spontaneous smirk from my face, and the Chief continued: 

—So, was he doing that from his secondary account?

Flag:

3.Which BTC wallet did the boy use to sell drugs?

—So, the boy uses one account for studying, and the other for selling drugs? 

—Yes, Sir.

—Any evidence?

—Of course, Chief. Look, here is his bitcoin wallet…

Flag:

4. On which date does the kid’s database show the most sales for “Acapulco Gold”?

Flag:

5. What was the other BTC wallet of the victim, which he used to hide his “under the counter” sales from his superior?

— They called me again. Twice, — It looked like the Chief was angry at me because of that.

— Are you saying I work too slow? Or should I take these calls on your behalf?

The Chief missed my words, he seemed to be looking for his cigarettes.

— Look, Chief, I found something interesting. The boy was selling their goods under the counter.

The Chief stopped the search.

— You said what? And did his supervisor…

The Chief did not complete the sentence. We looked at each other knowingly.

This is where malice rises in the case, our victim decided to start selling the common “goods” between him and Tux, his friend, under the counter to profit from it.

Flag:

CAPTURE THE FLAG: KIDNAPPER CASE  a certificate of participation.

Refer:  belkasoft 

             CTF

             The official write-up on #BelkaCTF #4 is ready! Please read how the tasks were supposed to be solved at https://bit.ly/3tYp2DQ

หมายเหตุ:เนื้อหาในเว็บไซต์นี้มีขึ้นเพื่อวัตถุประสงค์ในการให้ข้อมูลและเพื่อการศึกษาเท่านั้น

* หากมีข้อมูลข้อผิดพลาดประการใด ขออภัยมา ณ ที่นี้ด้วย  รบกวนแจ้ง Admin เพื่อแก้ไขต่อไป
ขอบคุณครับ

#WindowsForensic #ComputerForensics #dfir #forensics #digitalforensics #computerforensic #investigation #cybercrime #fraud #CTF #DFIR