Welcome. After reading other digital forensic blogs over the past couple of years I decided to start my own. I have gained a lot by reading research done by others, so I thought it would only be right to give back to the digital forensic community. I work in the private sector, so I will … Continue reading printf (“hello, world\n”)
Walking the Android (time)line Part 2 – Using Android’s Device Personalization Services to timeline user activity
There was a purpose behind the above Tweet. When I was looking in my Android 10 image I actually found two features that were tracking my activity (there may be more - I haven’t finished looking yet). The first, Digital Wellbeing, had a UI and was fairly straight forward to test, so I decided to … Continue reading Walking the Android (time)line Part 2 – Using Android’s Device Personalization Services to timeline user activity
iOS 13 Images….ImageS…Now Available!
****UPDATE. PLEASE READ**** It was discovered there was an issue with the original .tar files containing both images. After a little additional testing, I was able to confirm the .tar files were not behaving correctly, which prevented them from being completely parsed. But, they do contain the data. They have now been fixed and can … Continue reading iOS 13 Images….ImageS…Now Available!
Walking the Android (time)line. Using Android’s Digital Wellbeing to timeline Android activity.
Each time I have created an Android image I have found something new. Google Assistant and Android Auto were results of Nougat and Oreo, and the changes I found in Google Assistant were a result of Android Pie. Android 10 is no exception. While poking around the OS during the data generation period I found … Continue reading Walking the Android (time)line. Using Android’s Digital Wellbeing to timeline Android activity.
Android 10 Image Now Available!
Continuing the series from last year, I am making publicly available an image of an Android 10 device, which was created using a rooted Pixel 3. For those who may not know, there have been some major changes in the partition layout in Android 10. These changes affect the Pixel 3 & 4 series and … Continue reading Android 10 Image Now Available!
Ryuk and GPOs and Powershell, Oh My!
‘Tis the season...for ransomware! Crooks, just like everyone else, are looking to make a little bit of extra money this holiday season so they can get their kids that GI Joe with the Kung-Fu grip (points for whoever gets the movie reference). Recently, I have been pushed to really pay attention to the Trojan/Ransomware landscape, … Continue reading Ryuk and GPOs and Powershell, Oh My!
Venmo. The App for Virtual Ballers.
I recently went on a trip which required hanging out in a couple of airport terminals. While waiting on my flights I saw the usual scene: a sea of people staring down at their phones. I am not going to delve into the obvious security concerns (whole different topic), but I was able to see … Continue reading Venmo. The App for Virtual Ballers.
Wickr. Alright. We’ll Call It A Draw.
Portions of this blog post appeared in the 6th issue of the INTERPOL Digital 4n6 Pulse newsletter. I would like to thank Heather Mahalik and Or Begam, both of Cellebrite, who helped make the Android database portion of this blog post possible, and Mike Williamson of Magnet Forensics for all the help with the underpinnings … Continue reading Wickr. Alright. We’ll Call It A Draw.
