Episodi

  • In the final episode of Chewing the FAT, Phil & Adam discuss bringing Chewing the FAT to a close, plus we run through some of the recent Digital Forensics industry news.


    Phil & Adam also introduce their new podcast Forensics Reformatted where you can continue to be conscious of time.


    SANS - Truth about USB and Disk Drive serial numbers 

    https://www.sans.org/blog/the-truth-about-usb-device-serial-numbers/ 

      

    Github - DFIR Community Book 

    https://github.com/Digital-Forensics-Discord-Server/CrowdsourcedDFIRBook/ 

      

    Github - Control-F - MIFT (newly open sourced tool) 

    https://github.com/controlf/mift 

      

    New(ish) Command Line tools for Linux 

    https://jvns.ca/blog/2022/04/12/a-list-of-new-ish--command-line-tools/ 

    Examining A Malware-Infected Android Phone. This Android Is Not Alright. 

    https://thebinaryhick.blog/2022/04/09/examining-a-malware-infected-android-phone-this-android-is-not-alright/ 

      

    The Unified Cyber Ontology Transitions to Linux Foundation 

    https://cyberdomainontology.org/2021/12/07/UCO-transitions-to-LF.html 

     

    Magnet Summit 2022 

    https://twitter.com/hashtag/MagnetSummit2022?src=hashtag_click 

      

    [Air]Tag You're It! - Chris Vance @cScottVance 

    https://blog.d204n6.com/2022/04/airtag-youre-it.html 

      

    GalliumOS - A fast and lightweight Linux distro for ChromeOS devices 

    https://galliumos.org 

      

    What's the Buzz - Bumble on iOS - Kevin Pagano 

    https://www.stark4n6.com/2022/04/whats-buzz-bumble-on-ios.html 


    CWA:


    Article link 

    https://www.cencenelec.eu/news-and-events/news/2022/eninthespotlight/2022-04-12-for-mobile/ 

     

    Download link 

    https://www.cencenelec.eu/media/CEN-CENELEC/CWAs/RI/cwa17865_2022.pdf 


    Forensics Reformatted - The new show:


    https://anchor.fm/4n6reformatted



    Hosted on Acast. See acast.com/privacy for more information.

  • In episode number 11 of Chewing the FAT, Phil & Adam discuss Finding Flags and Pulling Pints with special guest Kevin Pagano! plus we run through some of the recent Digital Forensics industry news along with the Faux Pas.


    Due to the amount of news and links please view the description on our YouTube Page for full links:


    Chewing the FAT - YouTube


    Formobile:

    https://formobile-project.eu/


    Hosted on Acast. See acast.com/privacy for more information.

  • Episodi mancanti?

    Fai clic qui per aggiornare il feed.

  • In episode number 10 of Chewing the FAT, Phil & Adam discuss Formobile & Forensic Freebies with special guest Phil Cobley! plus we run through some of the recent Digital Forensics industry news along with the Faux Pas.

     

    Due to the amount of news and links please view the description on our YouTube Page for full links:


    Chewing the FAT - YouTube


    Formobile:

    https://formobile-project.eu/

     


    Hosted on Acast. See acast.com/privacy for more information.

  • In episode number 9 of Chewing the FAT, Phil & Adam discuss ribbons, RabbitHoles and rock with special guest Alex Caithness plus we run through some of the recent Digital Forensics industry news along with the Faux Pas.


    Alex Caithness:


    Shouty Band 

    Sailing Stones | LongFallBoots (bandcamp.com)


    RabbitHole:

    RabbitHole | CCL Solutions Group


    CCL GitHub:

    https://github.com/cclgroupltd


    Music:


    Oscillator Sink - YouTube


    INDUSTRY NEWS:


    Microsoft Mitigate Record Breaking 3.47 Tbps DDoS on Azure Customers:

    https://thehackernews.com/2022/01/microsoft-mitigated-record-breaking-347.html


    Using Graphics Card Fingerprints to Identify Web Users:

    https://thehackernews.com/2022/01/your-graphics-card-fingerprint-can-be.html


    DFIR Artifact Museum - Andrew Rathbun Github:

    https://github.com/AndrewRathbun/DFIRArtifactMuseum


    Android ABX - Binary XML - Alex Caithness (with Alexis Brignoni and Josh Hickman):

    https://www.cclsolutionsgroup.com/post/android-abx-binary-xml


    Android 12 - Snooping on Android 12's Privacy Dashboard - Josh Hickman:

    https://thebinaryhick.blog/2022/01/22/snooping-on-android-12s-privacy-dashboard/


    Android Airtags - Josh Hickman:

    https://thebinaryhick.blog/2022/01/08/androids-airtags-oof/


    FireFox on Android - Kevin Pagano:

    https://www.stark4n6.com/2022/01/firefox-on-android-cookies-permissions.html


    Intro to Windows Registry Artifact Analysis - TryHackMe Walkthrough - TryHackMe (Joshua James - DFIR Science):

    https://tryhackme.com/room/windowsforensics1


    Decrypting Secret Calculator Vault - The Incidental Chew Toy:

    https://theincidentalchewtoy.wordpress.com/2022/01/27/decrypting-secret-calculator-photo-vault/


    Please see YouTube for all other links:


    Hosted on Acast. See acast.com/privacy for more information.

  • In episode number 8 of Chewing the FAT, Phil & Adam discuss turning up and following through with special guest Andrew Rathbun plus we run through some of the recent Digital Forensics industry news along with the Faux Pas.


    Featured topics:


    Andrew Rathbun section:


    Connect with me:

    https://twitter.com/bunsofwrath12

    https://www.linkedin.com/in/andrewrathbun/


    Digital Forensics Discord Server

    https://aboutdfir.com/a-beginners-guide-to-the-digital-forensics-discord-server/


    AboutDFIR

    https://aboutdfir.com


    Andrew’s Current GitHub Projects:

    https://github.com/AndrewRathbun/VanillaWindowsRegistryHives

    https://github.com/AndrewRathbun/VanillaWindowsReference

    https://github.com/nasbench/EVTX-ETW-Resources

    https://github.com/AndrewRathbun/DFIRRegex

    https://github.com/AndrewRathbun/DFIRMindMaps

    https://github.com/AndrewRathbun/DirectoryOpus-DFIRConfig

    https://github.com/AndrewRathbun/EventTranscript.db-Research


    KAPE Related GitHub Repositories:

    https://github.com/AndrewRathbun/Awesome-KAPE

    https://github.com/AndrewRathbun/KAPE-EZToolsAncillaryUpdater

    https://github.com/EricZimmerman/KapeFiles

    https://github.com/EricZimmerman/SQLECmd

    https://github.com/EricZimmerman/evtx

    https://github.com/EricZimmerman/RECmd

    https://github.com/AndrewRathbun/ForensicImageKAPEOutput


    Digital Forensics Discord Server GitHub Repositories:

    https://github.com/Digital-Forensics-Discord-Server/GitHubLearningPlayground

    https://github.com/Digital-Forensics-Discord-Server/LawEnforcementResources

    https://github.com/Digital-Forensics-Discord-Server/DFIRGlossary


    -----------------------------


    Open Source Digital Forensic Conference:

    https://www.osdfcon.org/


    Using ArtEx to conduct an extraction of a jailbroken iPhone - Ian Whiffin:

    https://doubleblak.com/blogPosts.php?id=26


    Log4j - Rob Berends:

    https://www.linkedin.com/feed/update/urn:li:activity:6876120706095058944


    Log4j:

    https://thehackernews.com/2021/12/extremely-critical-log4j-vulnerability.html


    SANS Cyber Threat Intelligence Conference:

    Join us for the FREE Virtual Cyber Threat Intelligence Summit 2022!


    Logo-ls A new GitHub repo that combines the Linux LS CMD with logos and icons:

    https://github.com/Yash-Handa/logo-ls?utm_source=tldrnewsletter


    Josh Hickman, The Binary Hick - Android 12 Image:

    https://thebinaryhick.blog/2021/12/17/android-12-image-now-available/


    Kevin Pagano - Stark4N6 - Forensic4Cast Nominations:

    https://www.stark4n6.com/2021/12/my-2022-forensic-4cast-awards.html


    Forensic4Cast Nomination Page:

    https://docs.google.com/forms/d/e/1FAIpQLScX-pt0uo9_0GUv-AG-ty7Ya8bZzdRlW8-eP3oABHCsSCQrGQ/viewform


    FORMOBILE:

    https://formobile-project.eu/


    Hosted on Acast. See acast.com/privacy for more information.

  • In the seventh episode of Chewing the FAT, Phil & Adam discuss Mental Health and Working within Digital Forensics plus we run through some of the recent Digital Forensics industry news along with the Faux Pas.


    Featured topics:


    Sarah Edwards - Apple Pay & Wallet:


    https://objectivebythesea.com/v4/talks/OBTS_v4_sEdwards.pdf


    Josh Hickman iOS 15 Powered off tracking and remote wipe & XML Binary findings:


    https://thebinaryhick.blog/2021/10/27/ios-15-powered-off-tracking-remote-bombs/

    https://twitter.com/josh_hickman1/status/1456730376030859265

    Ian Whiffin - Geofences & Metadata Adjustment:


    https://www.doubleblak.com/m/blogPosts.php?id=22

    https://www.doubleblak.com/m/blogPosts.php?id=23


    Frida & Use case by Christine Fossaceca:


    https://objectivebythesea.com/v4/talks/OBTS_v4_cFossaceca.pdf

    https://frida.re


    DFIR Science - Joshua James:


    https://dfir.science/2021/11/WIN-100USD-and-PRIZES-Nov-DFIR-Dev.html

    https://www.youtube.com/watch?v=mM4rbFh4rqg&feature=youtu.be

    https://swag.dfir.science/listing/DFIR-Stickers-IDFE?product=661


    iOS 15 Notes:


    https://support.apple.com/en-gb/guide/iphone/iphe4d04f674/ios


    Alex Caithness at CCL:


    https://github.com/cclgroupltd


    Alexis Brignoni - all the LEAPPs


    https://abrignoni.blogspot.com/


    R:pple Suicide Prevention:


    https://www.ripplesuicideprevention.com/


    FORMOBILE:

    

    https://formobile-project.eu/


    Hosted on Acast. See acast.com/privacy for more information.

  • In the sixth episode of Chewing the FAT, Phil & Adam host special guest Alexis Brignoni l to discuss Coding, Community, & Collaborations plus we run through some of the recent Digital Forensics industry news along with the Faux Pas.


    Digital Evidence & the Crime Scene

    Paper by Graeme Horsman, exploring the concept of devices being "Digital witnesses", & methodologies & theories regarding scene examination.

    https://reader.elsevier.com/reader/sd/pii/S1355030621001295?token=FC1BB7A6B9AD84CDC4B95A9700B00F080FB2220C608BA7EAFB46FA280387E70EC79D7B05C0F9C42CF5D0D370218EAFAC&originRegion=eu-west-1&originCreation=20211013063720

     

    Microsoft releases Linux version of Sysadmin

    https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-linux-version-of-the-windows-sysmon-tool/amp/

     

    Samsung Power Off Reset Logs & iOS Tracking

    Kevin Pagano, who produces the Start.me! While doing the Cellebrite CTF there was a question on Samsung phone battery life, & Kevin created a parser for ALEAPP to parse the power off log files.

    https://www.stark4n6.com/2021/10/samsung-power-off-reset-logs.html?m=1

    https://www.stark4n6.com/2021/10/restore-log-tracking-ios-update-history.html

     

    Encouraging different perspectives in Digital Forensics

    https://www.forensicfocus.com/articles/encouraging-different-perspectives-in-digital-forensics-september-research/

     

    AFF4 Evidential Containers - explained by Magnet

    https://www.forensicfocus.com/webinars/the-aff4-evidence-container-why-and-whats-next/

     

    Recognizing people in photos through private on-device machine learning - Apple

    https://machinelearning.apple.com/research/recognizing-people-photos

     

    Brignoni on Teaching and Learning Python

    https://www.forensicfocus.com/podcast/alexis-brignoni-on-teaching-and-learning-python-why-its-important-and-whats-involved/

     

    Brignoni Blog & YouTube

    https://abrignoni.blogspot.com

    https://www.youtube.com/c/AlexisBrignoni


    Hosted on Acast. See acast.com/privacy for more information.

  • In the fifth episode of Chewing the FAT, Phil and Adam host special guest Tom Farrell QPM l to discuss Online child safety and available automated protection systems plus we run through some of the recent Digital Forensics industry news.

     

    For the fifth Forensic Faux Pas segment to air, special guest Tom shares a great story of ensuring your spoof address is actually spoofed!

     

    Links for some of the content we discussed during the show:


    The Binary Hick - Josh Hickman - Detecting Android Factory Reset


    https://thebinaryhick.blog/2021/08/19/wipeout-detecting-android-factory-resets/


    ProtonMail - iOS application decryption - Matthew Regnery


    https://xperylab.medium.com/protonmail-forensic-decryption-of-ios-app-8e9ae9f50953


    Apple delays plays to scan your iCloud - BBC


    https://www.bbc.co.uk/news/technology-58433647.amp


    To

    m's response to Apples delay - SafeToNet

     

    https://safetonet.com/en-gb/2021/08/24/apple-continue-to-raise-eyebrows/


    ForMobile


    This project has received funding from the European Union's Horizon 2020 - Research and Innovation Framework Programme, H2020-SU-SEC-2018, under grant agreement no. 832800.


    https://formobile-project.eu/


    Hosted on Acast. See acast.com/privacy for more information.

  • In the forth episode of Chewing the FAT, Phil and Adam host special guest Josh Hickman l to discuss Images, Imaging, and Inevitable Investigation Issues plus we run through some of the recent Digital Forensics industry news.

     

    For the forth Forensic Faux Pas segment to air, special guest Josh shares a great story of when he joined Kroll.

     

    Links for some of the content we discussed during the show:

     

    Forensics Start Me Page (DFIR Resource Links) by Kevin Pagano

     

    https://start.me/p/q6mw4Q/forensics

     

    Digital Forensic Research Workshop - CTF

     

    https://dfrws.org/dfrws-2021-challenge/

     

    Windows 365

     

    https://windowsreport.com/windows-365-high-demand/

     

    Apple to scan iPhones for child sex abuse images

     

    https://www.bbc.co.uk/news/technology-58109748>

     

    https://www.apple.com/child-safety/

     

    Josh Hickman Blog

     

    https://thebinaryhick.blog/


    Kroll & KAPE


    https://www.kroll.com/en/insights/publications/cyber/kroll-artifact-parser-extractor-kape


    ForMobile


    This project has received funding from the European Union's Horizon 2020 - Research and Innovation Framework Programme, H2020-SU-SEC-2018, under grant agreement no. 832800.


    https://formobile-project.eu/


    Hosted on Acast. See acast.com/privacy for more information.

  • In the third episode of Chewing the FAT, Phil and Adam host special guest Kevin Mansell to discuss training, certification and competence plus we run through some of the recent Digital Forensics industry news.


    For the third Forensic Faux Pas segment to air, special guest Kevin shares a couple of their embarrassing stories of things that went wrong from their days training days.


    Links for some of the content we discussed during the show:


    ETW on Windows 11 - Initial thoughts


    https://blog.tofile.dev/2021/07/01/windows11.html


    Hansken - Digital Forensics as a Service?


    https://www.sciencedirect.com/science/article/pii/S2666281720300706


    https://www.forensicfocus.com/articles/automating-and-sharing-digital-forensics-knowledge-through-hansken/


    MSAB Raven


    https://www.msab.com/raven/


    Resetting Your IoT Device Before Reselling It Isn't Enough


    https://gizmodo.com/resetting-your-iot-device-before-reselling-it-isnt-enou-1847220178


    New blog from Josh - Find My & iCloud's Throne of Lies

    • iCloud location data lies!

    • Highlights importance of network isolation during seizure and possession of devices


    https://thebinaryhick.blog/2021/06/25/apples-find-my-iclouds-throne-of-lies/


    Android Apps with 5.8 Million Installs Caught Stealing User's Facebook Passwords


    https://thehackernews.com/2021/07/android-apps-with-58-million-installs.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Cyber+Security+Blog%29


    ControlF


    https://www.controlf.net/


    This project has received funding from the European Union's Horizon 2020 - Research and Innovation Framework Programme, H2020-SU-SEC-2018, under grant agreement no. 832800.


    Hosted on Acast. See acast.com/privacy for more information.

  • In the second episode of Chewing the FAT, Phil and Adam host special guest Heather Mahalik to discuss SANS coming together with the leading industry vendors to produce a validation guide plus we run through some of the recent Digital Forensics industry news.

    For the second Forensic Faux Pas segment to air, special guest Heather shares a couple of their embarrassing stories of things that went wrong from their early days plus some great stories from our listeners.

    Links for some of the content we discussed during the show:
    The State of Android Health Data (Part 1) – Garmin

     

    https://thebinaryhick.blog/2021/05/22/the-state-of-android-health-data-part-1-garmin/

     

     Rabbit Hole from CCL (Alex Caithness)

     

    https://uploads-ssl.webflow.com/5f02f2c93eab87a6ea84e2f3/60364c14ce5f0e240b78de9c_RabbitHole_DD_2021.pdf

     

     MSAB partner with Detego:

     

    https://www.forensicfocus.com/news/detego-joins-forces-with-msab-in-strategic-digital-forensics-partnership/#:~:text=Detego%C2%AE%20Joins%20Forces%20With%20MSAB%20In%20Strategic%20Digital%20Forensics%20Partnership,-17th%20May%202021&text=Detego%2C%20global%20leaders%20in%20rapid,in%20mobile%20device%20digital%20forensics.

     

     Should encryption be curbed to combat child abuse?

     

    https://www-bbc-co-uk.cdn.ampproject.org/c/s/www.bbc.co.uk/news/business-57050689.amp

     

     Impacts of COVID 19 on the risk of online child sexual exploitation:

     

    https://www.arts.unsw.edu.au/sites/default/files/documents/eSafety-OCSE-pandemic-report-salter-and-wong.pdf

     

     Microsoft and UK government make it easier for public sector to use Azure:

     

    https://news.microsoft.com/en-gb/2021/05/11/microsoft-and-uk-government-make-it-easier-for-public-sector-organisations-to-use-the-azure-cloud/

     

     Heather's link to DFIR Summit:

     

    https://www.sans.org/event/digital-forensics-summit-2021

    Six Steps to Mobile Validation – Working Together for the Common Good

     

    A joint effort with collaboration from across several major DF vendors resulted in a joint standards paper being released by SANS shortly afterwards, promoting good practice.

     

    https://www.sans.org/blog/six-steps-to-successful-mobile-validation-paper/

    Signal Story:

    Original claim and reply posted in Dec 2020, about "breaking signal encryption"

    https://signal.org/blog/cellebrite-and-clickbait/

     

    21st April 2021, posted new blog outlining vulnerabilities in Cellebrite software.

    https://signal.org/blog/cellebrite-vulnerabilities/

    Cellebrite response:

     

    https://www.cellebrite.com/en/our-mission-remains-clear/


    We would like to say a special thanks to the EU Formobile Project for supporting and helping fund this project. Without their support we would not have been able to get this off the ground.

    You can visit the Formobile website at: https://formobile-project.eu/


    This project has received funding from the European Union's Horizon 2020 - Research and Innovation Framework Programme, H2020-SU-SEC-2018, under grant agreement no. 832800.


    Hosted on Acast. See acast.com/privacy for more information.

  • In the first ever episode of Chewing the FAT, Phil and Adam introduce themselves, run through some of the recent Digital Forensics industry news, and share their thoughts on some recently published digital evidence guidance.

    For the first Forensic Faux Pas segment to air, Phil and Adam share a couple of their embarrassing stories of things that went wrong from their days in the lab.

    Links for some of the content we discussed during the show:

    ACPO - https://library.college.police.uk/docs/acpo/digital-evidence-2012.pdfISO 17025 - https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/912389/107_FSR-C-107_Digital_forensics_2.0.pdfForMobile - https://formobile-project.eu/COP Report - https://www.college.police.uk/article/consultation-extracting-data-electronic-devices-releasedCTF Twitter - https://twitter.com/ChewintheFATPodDFIR Twitter # - https://twitter.com/hashtag/dfirForensic Discord Server - https://discord.com/invite/JUqe9EkJosh Hickman - https://thebinaryhick.blog/Heather Mahalik - https://www.cellebrite.com/en/ios-location-artifacts-explained/Jessica Hyde, Magnet Forensics - https://www.magnetforensics.com/blog/ways-to-share-in-dfir/Oleg Afonin, Elcomsoft - https://blog.elcomsoft.com/2021/02/ios-recovery-mode-analysis-reading-ios-version-from-locked-and-disabled-iphones/MSAB - https://www.msab.com/2020/09/17/super-fast-iphone-extraction-times/Belkasoft - https://belkasoft.com/forensic_extraction_of_data_from_mobile_apple_devicesPhill Moore, ThisWeekin4n6 https://thisweekin4n6.com/Android Triage - https://www.andreafortuna.org/2021/04/10/android-triage-a-really-useful-forensic-tool-by-mattia-epifani/Autospy - https://www.cybertriage.com/2021/our-100-unbiased-4cast-awards-nominations/Alexis Brignoni, Realm - https://abrignoni.blogspot.com/search?q=realmMagnet Forensics, Chromebook Acquisition Assistant - https://www.magnetforensics.com/resources/magnet-chromebook-acquisition-assistant/

    We would like to say a special thanks to the EU Formobile Project for supporting and helping fund this project. Without their support we would not have been able to get this off the ground.

    You can visit the Formobile website at: https://formobile-project.eu/


    This project has received funding from the European Union's Horizon 2020 - Research and Innovation Framework Programme, H2020-SU-SEC-2018, under grant agreement no. 832800.


    Hosted on Acast. See acast.com/privacy for more information.