Pining for Data - PinePhone forensic analysis May 2021
The PinePhone is one of the first true Linux-based smartphone projects that has released mobile devices, available to the general public, with a smartphone-specific variant of Linux pre-flashed onto the device. These devices can be used out of the box, or can be re-flashed with other Linux variants. Available devices are still very much in the development phase, which brings the added fun of the occasional device or application crash, and some hardware not being supported at all by some Linux variants. However, there is the prospect of such devices becoming more common in the future, and it's fun to see what data may be stored on a device, where, and how we can acquire it, to work out how it may be useful to a digital forensic investigation if one of these devices was seized.
We rely on many tools to do our day jobs and tell us what's going on in our systems and networks, but are they giving us the right information and how would we know whether they were or not? Validation of tools is often one of those tasks that ends up being forgotten or omitted due to lack of time or resources. Is it really important? Spoiler alert... yes! SANS_atnight_feb2019_importance_of_valid[...] Adobe Acrobat document [5.1 MB]
System Profiler - Automating the Routine Stuff October 2018
This presentation outlines a number of shortcomings in existing tools used to parse information from a disk, and demonstrates a script that uses a combination of existing tools and manual parsing to automatically produce some routinely required sections of a forensic report. DFIR_prague_2018_sysprofiler_presentatio[...] Adobe Acrobat document [2.8 MB]