Backdating a

11 Nov

Read More Recently we received a good question from one of our DFIR mates: “How can one detect backdating of the system clock forensicating mac OS? This is a really good question, at least for us, so we decided to research it.

If we are talking about Windows system clock backdating there are a lot of information to help, for example, this SANS white paper by Xiaoxi Fan, but there is nothing about mac OS.

My title at Nuix is “Director, Intelligence Integration”.

What this means is that my role is to help our own team, as well as clients, look for ways to incorporate intelligence, in its various forms and from various sources into our products, and by extension, workflows using our products.

dmanh shares tips on recovering data with Autopsy and Bit Locker images.

Can everything in digital forensics be factually established? Forum members discuss the latest news from the UK Forensic Regulator.

Can you help spg93 to verify whether a hard drive is blank?

What would you do with a USB stick that was misreporting its capacity?

backdating a-76

As the Manager of the Software Quality Group, I work on 3 major projects including digital forensics, software assurance and software metrology.

As in other storage devices, volatile memory also has several formats. According to (Ligh et al, 2018) these raw file formatted memory dumps do not contain headers, metadata, or magic values.

According to the acquisition method that is in use, the captured file format can be vary. Read More The Magnet User Summit Series is back, and it’s coming to more cities this year!

Read More Black Bag Technologies have released the latest version of Mac Quisition: 2018 R1.

Oxygen Forensics have teamed up with Project VIC to help fight child exploitation.