SANS Digital Forensics and Incident Response Blog

Digital Forensics Case Leads: Androids, Breaches, & Clouds All Around

Welcome to this week's edition of Case Leads! Data breaches continue this week and Apple announces the iCloud while others speculate on the impact of the Cloud to Digital Forensics. We have a data recovery USB "stick" for Android phones, a book on Android forensics, and a fragmented photo carving utility. As this week's edition goes to the digital press, it happens to be pouring rain in my part of the country so in keeping with the cloudy theme, we have information on Dropbox artifacts, why it shouldn't matter where our data lives in the Cloud, and a Cloud that's ready for Grandma.

If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to caseleads@sans.org.

Tools:

  • Paraben has released the Phone Recovery Stick for Android based phones. Plug the recovery stick into the computer then attach the Android phone. Launch the recovery program and it does the rest.
  • We all have our favorite carving tools, each often employing a unique approach to recovery. If you have not tried Adroit it may be worth a look as it uses a carving method that is able to recover fragmented photographs.

Good Reads:

News:

Levity:

  • For the RPG crowd, Roll a D6. (Great even if RPGs aren't your thing.)

 

Coming Events:

Call For Papers:

Digital Forensics Case Leads is a (mostly) weekly publication of the week's news and events relating to digital forensics. If you have an item you'd like to share, please send it to caseleads@sans.org.

Digital Forensics Case Leads for 20110616 was compiled by Ray Strubinger. Ray regularly leads digital forensics and incident response efforts and when the incidents permit, he is involved in various aspects of information security including Data Loss Prevention, Full Disk Encryption, and Education Awareness.

2 Comments

Posted June 20, 2011 at 7:20 AM | Permalink | Reply

ryan

I think the fragmented JPEG carver definitely deserves its own in-depth review. They have a number of research papers linked in their "rocket scientist answer" section on their page. If their tool is really as good as they say it is, this is certainly something I would hope gets licensed to become a part of our main forensic tools.

Posted June 22, 2011 at 12:08 PM | Permalink | Reply

Ray

Ryan,
Thank you for the suggestion. I have been using and testing the application for several months and could turn that information into an article that compares Adroit to several popular file carvers.