Welcome. After reading other digital forensic blogs over the past couple of years I decided to start my own. I have gained a lot by reading research done by others, so I thought it would only be right to give back to the digital forensic community. I work in the private sector, so I will … Continue reading printf (“hello, world\n”)
Each time I have created an Android image I have found something new. Google Assistant and Android Auto were results of Nougat and Oreo, and the changes I found in Google Assistant were a result of Android Pie. Android 10 is no exception. While poking around the OS during the data generation period I found … Continue reading Walking the Android (time)line. Using Android’s Digital Wellbeing to timeline Android activity.
Continuing the series from last year, I am making publicly available an image of an Android 10 device, which was created using a rooted Pixel 3. For those who may not know, there have been some major changes in the partition layout in Android 10. These changes affect the Pixel 3 & 4 series and … Continue reading Android 10 Image Now Available!
‘Tis the season...for ransomware! Crooks, just like everyone else, are looking to make a little bit of extra money this holiday season so they can get their kids that GI Joe with the Kung-Fu grip (points for whoever gets the movie reference). Recently, I have been pushed to really pay attention to the Trojan/Ransomware landscape, … Continue reading Ryuk and GPOs and Powershell, Oh My!
I recently went on a trip which required hanging out in a couple of airport terminals. While waiting on my flights I saw the usual scene: a sea of people staring down at their phones. I am not going to delve into the obvious security concerns (whole different topic), but I was able to see … Continue reading Venmo. The App for Virtual Ballers.
Portions of this blog post appeared in the 6th issue of the INTERPOL Digital 4n6 Pulse newsletter. I would like to thank Heather Mahalik and Or Begam, both of Cellebrite, who helped make the Android database portion of this blog post possible, and Mike Williamson of Magnet Forensics for all the help with the underpinnings … Continue reading Wickr. Alright. We’ll Call It A Draw.
Last week I was at DFRWS USA in Portland, OR to soak up some DFIR research, participate in some workshops, and congregate with some of the DFIR tribe. I also happen to be there to give a 20 minute presentation on Android Auto & Google Assistant. Seeing how this was my first presentation I was … Continue reading Google Assistant Butt Dials (aka Accidental & Canceled Invocations)
When I initially started this blog I set a modest goal of making one post a month with the understanding that sometimes life will happen and take priority. Well, life is happening for me this month: an imminent house move, an upcoming presentation at DFRWS USA, the GCFE, and several cases at work have kept … Continue reading Me(n)tal Health in DFIR – It’s Kind of a Big Deal