SANS Digital Forensics and Incident Response Blog: Category - Mobile Device Forensics

Digital Forensic Case Leads: Anon Strikes Again, and Again. Groupon Litigation Threats. DarkMarket Motivations Revealed. The Tutu Has Been Donned

This week's Digital Forensic Case Leads is chock full of forensics nuggets. Links to great forensics tools for encryption detection and memory extraction, plus a how-to for breaking/auditing the OS X Keychain. You will also find an analysis of the Samsung v. Apple patent case from a digital forensics perspective, with IP Attorney Ben Langlotz. … Continue reading Digital Forensic Case Leads: Anon Strikes Again, and Again. Groupon Litigation Threats. DarkMarket Motivations Revealed. The Tutu Has Been Donned


Digital Forensic Case Leads: Is the Chinese Government Backdooring Networks Globally? Large Breach at Yahoo Impacts Gmail, MSN and More. Anonymous Sends Warning To Central Bank?

This week's Digital Forensic Case Leads takes us around the world. From a possible Anonymous waring in Latin America, to the report that the Chinese Government may be building in backdoors to networks across the globe. In the last few weeks there have been many announcements about the use of Near Field Communications (NFC) in … Continue reading Digital Forensic Case Leads: Is the Chinese Government Backdooring Networks Globally? Large Breach at Yahoo Impacts Gmail, MSN and More. Anonymous Sends Warning To Central Bank?


Big Brother Forensics: Device Tracking Using Browser-Based Artifacts (Part 3)

Application Specific Geo-location Web applications can often leave their own geo-location clues similar to those found via the mapping services. While mapping artifacts are largely consistent, geo-artifacts created by applications are more haphazard. Thus the number of available artifacts can be as numerous as the applications using geo-location services. To illustrate this, we will analyze … Continue reading Big Brother Forensics: Device Tracking Using Browser-Based Artifacts (Part 3)


Big Brother Forensics: Device Tracking Using Browser-Based Artifacts (Part 2)

Understanding Browser Artifacts Geo-location artifacts demonstrate an interesting concept with regard to browser-based evidence. Among the various browser artifacts, Internet history is a fan favorite because it provides such rich information. There is no easier place to look to identify sites visited by a specific user at a specific time.Browser history is so useful, a … Continue reading Big Brother Forensics: Device Tracking Using Browser-Based Artifacts (Part 2)


Big Brother Forensics: Device Tracking Using Browser-Based Artifacts (Part 1)

[Author's Note: Geo-location artifacts have been a frequent focus of my research, and I am amazed at how quickly they are permeating operating systems, applications and file formats.In the fall of 2011 I had the pleasure of writing an article for Digital Forensics Magazine focused on browser-based geo artifacts, where much of this series was … Continue reading Big Brother Forensics: Device Tracking Using Browser-Based Artifacts (Part 1)