#Can data deleted from mobile phone be recovered using forensic cloning forensic cloning | Explore Tumblr Posts and Blogs

cyberexpertankur · 2 years

Text

ANKUR CHANDRAKANT ON IMPORTANT SKILLS REQUIRED FOR CYBER FORENSICS AND HOW DO CYBER FORENSICS EXPERTS WORK.

Ankur Chandrakant, a recognised Cyber Security and Forensic Expert with a deep understanding of Blockchain, NFT, Crypto, and Metaverse, explains how do Cyber Forensics experts work. He explained the seven steps. They are as follows.

1. Imaging or copying the hard drive of the under investigation system: Imaging or copying the hard drive involves producing a copy of the files and folders on the hard disc. By copying every item of data on the drive from the system under inquiry, a clone of the drive is made on another drive.

2. Verification of the duplicated data: After the data is copied from the hard drive of the investigation system to another hard drive, the forensic professionals verify that the copied data is identical to the original data.

3. Ensuring that the duplicated data is forensically sound: The data written to the hard drive is in a format that is compatible with the computer’s operating system. As a result, forensic professionals must ensure that data moved from the investigation system’s disc to another drive is not tampered with in any manner. The data is replicated in a forensically sound way, utilising a write-blocking device.

4. Recovering lost files: Forensic professionals can retrieve files that have been erased by the user on the computer. The data are not completely wiped by the computer, and forensic professionals understand how to recover them.

5. Finding data in free space: The operating system regards space on the hard drive as space available to store new files and folders, but temporary files and files that were deleted years ago are stored here until fresh data is placed into it. To rebuild such data, forensic professionals look through this vacant space.

6. Performing keyword searches: Forensic professionals employ software that can scan all the data for certain phrases and provide the results.

7. The technical report: The technical report should be a simple document that everyone can comprehend, regardless of their background. It should primarily focus on the offence, the perpetrator, and how he committed the crime, as well as on the details.

Ankur explained why computer forensics is important. Computer forensics is used in the civil and criminal judicial systems to ensure the integrity of digital evidence presented in court cases. Digital evidence — and the forensic method used to collect, preserve, and examine it — has grown more crucial in solving crimes and other legal concerns as computers and other data-gathering devices are utilised more often in every part of life. Much of the data collected by contemporary technologies is never seen by the average individual. For example, automobiles computers continuously gather data on whether a driver stops, switches, or changes speed without the driver’s knowledge. This information, on the other hand, might be crucial in resolving a legal situation or a crime, and computer forensics is frequently used to find and preserve it. Data theft, network breaches, and illegal internet transactions are just some of the crimes that may be solved with digital evidence. It’s also utilised to solve physical crimes including burglary, assault, hit-and-run accidents, and murder in the real world. To keep proprietary information safe, businesses frequently employ a multilayered data management, data governance, and network security approach. Having data that is well-managed and secure might speed up the forensic procedure if the data is ever investigated.

Ankur also discussed some of the most important abilities to master cyber forensics. They are.

1. Technical aptitude: This is a technology-based skill. As a result, familiarity with many technologies, such as computers, mobile phones, network hacking, and security breaches, is required.

2. Attention to detail: To review an enormous quantity of data and find proofs, a forensic investigator must pay close attention to every detail.

3. Legal and criminal investigation knowledge: A forensic investigator must be as knowledgeable about criminal laws, criminal investigations, white-collar crime, and other related topics as he is about technology.

4. Effective communication skills: As part of a case, a forensic investigator must be able to assess and communicate technical material to others in the business or in court.

5. Understanding the fundamentals of cyber security: Cyber security and cyber forensics are closely connected topics, and a firm foundation in cybersecurity may help you succeed in cyber forensics.

6. Analytical Skills: To assess proofs, discover patterns, interpret data, and solve crimes, forensic professionals must have strong analytical skills.

7. Desire to learn: The area of cyber forensics is always developing, and forensic hopefuls must be eager to keep up with recent developments.

8. Willingness to take on new challenges: Criminal investigations involving law and order can contain unsettling information and occurrences. Candidates for forensic science must be able to operate in such a demanding atmosphere.

Follow on Instagram https://www.instagram.com/ankurchandrakant/

0 notes

foxtrooth · 7 years

Text

Fox's Open Source Intelligence Index

This is an ongoing work in progress but hopefully as helpful list of resources that private investigators as well as general public can use in their investigation. For anyone that needs specialized experience or needs access to information not found in these sources, please do not hesitate to contact Fox Investigations by filling out a form on the home page or contacting us at [email protected]

This list is updated as of 20 Jan 2017. PLEASE LEAVE SUGGESTIONS IN COMMENTS SECTION!

THANK YOU!

General Search Engines

Ask

Bing

Cluuz

Deeperweb

Dogpile

DuckDuckGo (doesn’t track users)

Exalead

Google

Gigablast

Ixquick

Mozbot

Oscobo (UK-based, doesn’t track users)

Peeplo

Qwant (doesn’t track users)

Soovle

Sputtr

StartPage (Google search, doesn’t track users)

Yahoo

Yandex

Yippy

Searching People

Black Book Online (public records)

Canada411

Intellius

MarketVisual

Peekyou

Phonebook of the World

Pipl

Public Records

Rootsweb

Snitch.name (username search)

Spokeo

UserSearch

Webmii

Zaba Search

ZoomInfo

Searching Social Media and Dating Sites

AshleyMadison

Bebo

Blogspot

Classmates

Facebook

Flickr

Google Plus

Hi5

Instagram

Match.com

Meetup

MyLife-Reunion

MySpace

Ourtime

ReverbNation

Social Mention

Sportstats

Tagged

Trendsmap

Twitter

Wayn

Websta

WordPress

YikYak

YouNow

YouTube

Searching Images and Video

Flickr

Instagram

Photobucket

SmugMug

TinEye

Webshots

YouTube

What is TinEye?

Online Communities and Blogs

Angelfire

Blogdigger

Boardreader

Deviantart

Domain Tools

eWhois

Flixter

Google Groups

Icerocket

IMDB

Nexopia

Omgili

Tumbler

TypePad

Who.is

WordPress

Xanga

Yahoo Groups

Classified Listings

Amazon

Craigslist

Ebay

Hot Frog

Kijiji

Manta

PicClick

SaleSpider

Used.ca

Background Checks

Accurint

BRBPublications

CourtLink

LexisNexis

LittleSis

PACER

Tracers

US Tax Court

Business Search Sites

Better Business Bureau

BizNar

Bloomberg Businessweek

Central and Eastern European Business Directory

Corporate Information

Dun & Bradstreet

Guidestar

Hoovers

Industry Canada

Mint Business Information

Open Corporates

SEC

SEC Company Search

Specialized and Deep Web Searches

Airbnb

Athlinks

DomainTools

Earthcam

Fold3 (military records)

4chansearch (search at your own risk)

Global Terrorism Database

Human Trafficking

Internet Archive (same as Wayback Machine)

Ipaddresslocator

Snopes

Pageglimpse

Public Records

Wayback Machine

Whatismyipaddress

Webboar

Whoisology

GeoLocation Searches

Creepy

Echosec (Social Media search by location)

Google Maps APRS

IP Location

Digital Forensics

Digital Forensics Framework

Digital Forensics Framework is another popular platform dedicated to digital forensics. The tool is open source and comes under GPL License. It can be used either by professionals or non-experts without any trouble. It can be used for digital chain of custody, to access the remote or local devices, forensics of Windows or Linux OS, recovery hidden of deleted files, quick search for files’ meta data, and various other things.

Download: http://www.digital-forensic.org/

Open Computer Forensics Architecture

Open Computer Forensics Architecture (OCFA) is another popular distributed open-source computer forensics framework. This framework was built on Linux platform and uses postgreSQL database for storing data.

It was built by the Dutch National Police Agency for automating digital forensics process. It is available to download under GPL license.

Download: http://sourceforge.net/projects/ocfa/

CAINE

CAINE (Computer Aided Investigative Environment) is the Linux distro created for digital forensics. It offers an environment to integrate existing software tools as software modules in a user friendly manner. This tool is open source.

Read More about it: http://www.caine-live.net/

4. X-Ways Forensics

X-Ways Forensics is an advanced platform for digital forensics examiners. It runs on all available version of Windows. It claims to not be very resource hungry and to work efficiently. If we talk about the features, find the key features in the list below:

Disk imaging and cloning

Ability to read file system structures inside various image files

It supports most of the file systems including FAT12, FAT16, FAT32, exFAT, TFAT, NTFS, Ext2, Ext3, Ext4, Next3®, CDFS/ISO9660/Joliet, UDF

Automatic detection of deleted or lost hard disk partition

Various data recovery techniques and powerful file carving

Bulk hash calculation

Viewing and editing binary data structures using templates

Easy detection of and access NTFS ADS

Well maintained file header

Automated activity logging

Data authenticity

Complete case management

Memory and RAM analysis

Gallery view for pictures

Internal viewer for Windows registry file

Automated registry report

Extracts metadata from various file types

Ability to extract emails from various available email clients.

And many more..

You can read the full list here: http://www.x-ways.net/forensics/

SANS Investigative Forensics Toolkit – SIFT

SANS Investigative Forensics Toolkit or SIFT is a multi-purpose forensic operating system which comes with all the necessary tools used in the digital forensic process. It is built on Ubuntu with many tools related to digital forensics. Earlier this year, SIFT 3.0 was released. It comes for free or charge and contains free open-source forensic tools.

In a previous post at resource.infosecinstitute.com, we already covered SIFT in detail. You can read those posts about SIFT to know more about this digital forensics platform.

Download: http://digital-forensics.sans.org/community/downloads

EnCase

EnCase is another popular multi-purpose forensic platform with many nice tools for several areas of the digital forensic process. This tool can rapidly gather data from various devices and unearth potential evidence. It also produces a report based on the evidence.

This tool does not come for free. The license costs $995.

Read more about EnCase: https://www.guidancesoftware.com/products/Pages/encase-forensic/overview.aspx

Registry Recon

Registry Recon is a popular registry analysis tool. It extracts the registry information from the evidence and then rebuilds the registry representation. It can rebuild registries from both current and previous Windows installations.

It is not a free tool. It costs $399.

Read more about it: http://arsenalrecon.com/apps/recon/

The Sleuth Kit

The Sleuth Kit is a Unix and Windows based tool which helps in forensic analysis of computers. It comes with various tools which helps in digital forensics. These tools help in analyzing disk images, performing in-depth analysis of file systems, and various other things.

Read more about it here: http://www.sleuthkit.org/

\ Llibforensics

Libforensics is a library for developing digital forensics applications. It was developed in Python and comes with various demo tools to extract information from various types of evidence.

Read more here: http://code.google.com/p/libforensics/

Volatility

Volatility is the memory forensics framework. It used for incident response and malware analysis. With this tool, you can extract information from running processes, network sockets, network connection, DLLs and registry hives. It also has support for extracting information from Windows crash dump files and hibernation files. This tool is available for free under GPL license.

Read more about the tool: http://code.google.com/p/volatility/

WindowsSCOPE

WindowsSCOPE is another memory forensics and reverse engineering tool used for analyzing volatile memory. It is basically used for reverse engineering of malwares. It provides the capability of analyzing the Windows kernel, drivers, DLLs, virtual and physical memory.

Read more: http://www.windowsscope.com/index.php?page=shop.product_details&flypage=flypage.tpl&product_id=35&category_id=3&option=com_virtuemart

The Coroner’s Toolkit

The Coroner’s Toolkit or TCT is also a good digital forensic analysis tool. It runs under several Unix-related operating systems. It can be used to aid analysis of computer disasters and data recovery.

Read more: http://www.porcupine.org/forensics/tct.html

Oxygen Forensic Suite

Oxygen Forensic Suite is a nice software to gather evidence from a mobile phone to support your case. This tool helps in gathering device information (including manufacturer, OS, IMEI number, serial number), contacts, messages (emails, SMS, MMS), recover deleted messages, call logs and calendar information. It also lets you access and analyze mobile device data and documents. It generates easy to understand reports for better understanding.

More information here: http://www.oxygen-forensic.com/en/features

Bulk Extractor

Bulk Extractor is also an important and popular digital forensics tool. It scans the disk images, file or directory of files to extract useful information. In this process, it ignores the file system structure, so it is faster than other available similar kinds of tools. It is basically used by intelligence and law enforcement agencies in solving cyber crimes.

Download it here: http://digitalcorpora.org/downloads/bulk_extractor/ Xplico

Xplico is an open source network forensic analysis tool. It is basically used to extract useful data from applications which use Internet and network protocols. It supports most of the popular protocols including HTTP, IMAP, POP, SMTP, SIP, TCP, UDP, TCP and others. Output data of the tool is stored in SQLite database of MySQL database. It also supports IPv4 and IPv6 both.

Read more about this tool here: http://www.xplico.org/about

Mandiant RedLine

Mandiant RedLine is a popular tool for memory and file analysis. It collects information about running processes on a host, drivers from memory and gathers other data like meta data, registry data, tasks, services, network information and Internet history to build a proper report.

Read more here: https://www.mandiant.com/resources/download/redline

Computer Online Forensic Evidence Extractor (COFEE)

Computer Online Forensic Evidence Extractor or COFEE is a tool kit developed for computer forensic experts. This tool was developed by Microsoft to gather evidence from Windows systems. It can be installed on a USB pen drive or external hard disk. Just plug in the USB device in the target computer and it starts a live analysis. It comes with 150 different tools with a GUI based interface to command the tools. It is fast and can perform the whole analysis in as few as 20 minutes. To law enforcement agencies, Microsoft provides free technical support for the tool.

Official website: https://cofee.nw3c.org/

P2 eXplorer

P2 eXplorer is a forensic image mounting tool which aims to help investigating officers with examination of a case. With this image, you can mount forensic images as a read-only local and physical disc and then explore the contents of the image with file explorer. You can easily view deleted data and unallocated space of the image.

It can mount several images at a time. It supports most of the image formats including EnCasem, safeBack, PFR, FTK DD, WinImage, Raw images from Linux DD, and VMWare images. It supports both logical and physical image types.

This tool comes for $199, but you can grab the limited feature version of the tool for free.

Read more here: https://www.paraben.com/p2-explorer.html

PlainSight

PlainSight is another useful digital forensics tool. It is a CD based Knoppix which is a Linux distribution. Some of its uses include viewing Internet histories, data carving, checking USB device usage, memory dumps extracting password hashes, information gathering, examining Windows firewall configuration, seeing recent documents, and other useful tasks. For using this too, you only need to boot from the CD and the follow the instructions.

This tool is available for free.

Read more here: http://www.plainsight.info/index.html

XRY

XRY is the mobile forensics tool developed by Micro Systemation. It is used to analyze and recover crucial information from mobile devices. This tool comes with a hardware device and software. Hardware connects mobile phones to PC and software performs the analysis of the device and extract data. It is designed to recover data for forensic analysis.

The latest version of the tool can recover data from all kind of smartphones including Android, iPhone and BlackBerry. It gathers deleted data like call records, images, SMS and text messages.

Read more about it: http://www.msab.com/xry/what-is-xry

HELIX3

HELIX3 is a live CD-based digital forensic suite created to be used in incident response. It comes with many open source digital forensics tools including hex editors, data carving and password cracking tools. If you want the free version, you can go for Helix3 2009R1. After this release, this project was overtaken by a commercial vendor. So, you need to pay for most recent version of the tool.

This tool can collect data from physical memory, network connections, user accounts, executing processes and services, scheduled jobs, Windows Fegistry, chat logs, screen captures, SAM files, applications, drivers, environment variables and Internet history. Then it analyzes and reviews the data to generate the complied results based on reports.

Helix3 2008R1 can be downloaded here: https://e-fenseinc.sharefile.com/d/sda4309a624d48b88

The enterprise version is available here: http://www.e-fense.com/h3-enterprise.php

Cellebrite UFED

Cellebrite’s UFED solutions present a unified workflow to allow examiners, investigators and first responders to collect, protect and act decisively on mobile data with the speed and accuracy a situation demands – without ever compromising one for the other. The UFED Pro Series is designed for forensic examiners and investigators who require the most comprehensive, up-to-date mobile data extraction and decoding support available to handle the influx of new data sources. Platform agnostic, the UFED Field Series is designed to unify workflows between the field and lab, making it possible to view, access and share mobile data via in-car workstations, laptops, tablets or a secure, self-service kiosk located at a station.

More information here:

Financial and Government Regulatory

Investment Adviser Search: Information about current and certain former Investment Adviser Representatives, Investment Adviser firms registered with the SEC and/or state securities regulators.

FINRA Broker Check: Provides information on the background of registered investment professionals.

FINRA Arbitration & Mediation: Records on arbitration and mediation awards for FINRA Cases.

North American Securities Administrators Association: Links to all 50 state securities regulators

National Futures Association: Self-regulatory body for the U.S. Futures Industry

U.S. Securities and Exchange Commission: Regulatory body for investment industry protecting individuals interests

Governmentattic: Provides electronic copies of thousands of interesting Federal Government documents obtained under the Freedom of Information Act.

U.S. Department of Treasury: Specially Designated Nationals and Blocked Persons List

Bureau of Industry and Security – U.S. Department of Commerce: Denied persons list

System for Award Management: Access to information for federal government awarded contracts and contractors, among other things.

US Department of Labor Whistleblower Search: Search for a whistleblower complaint

New York Specific Links

New York City Department of Finance – Office of the City Register: Property records for the five boroughs of New York City.

New York City Property: Provides up to date tax information for properties in the five boroughs of New York City.

New York State – Department of State Division of Corporations, State Records and UCC: Search for New York State business and not-for-profit corporations, limited partnerships, limited liability companies and limited liability partnerships, as well as other miscellaneous businesses.

New York State Campaign Financial Disclosure: New York State political contribution records.

The New York City Campaign Finance Board: New York City campaign contribution records.

The New York Unified Court System (UCS): Access to eCourts, which provides access to information on future court appearances in New York and limited historical cases.

New York State Supreme Court and the County Clerk of New York: Online access to County of New York Supreme Court cases.

Westchester County Clerk ($): Access to legal records and land records for the Westchester County, New York.

New York Attorney Search: Verify the license of a New York attorney

New York Professional License Search: Search for professional licenses in the State of New York, like doctors, accountants and architects.

New York Department of State, Division of Licensing Services: Search for other professional licenses including notary public, security guard and private investigator.

New York Real Estate License Search: New York real estate licenses

New York Inmate Locator: Searches New York State Department of Correction records.

State Criminal Record Checks

Colorado Bureau of Investigation (CBI), Computerized Criminal History (CCH) ($)

Connecticut Department of Public Safety ($)

Florida Department of Law Enforcement (FDLE) Criminal History ($)

Georgia Felon Search ($)

Hawaii Criminal Justice Data Center ($)

Idaho State Police Bureau of Criminal Identification (BCI) ($)

Illinois State Police ($)

Indiana State Police Limited Criminal History Search ($)

Kansas Bureau of Investigation, Criminal History Record Check ($)

Kentucky Court of Justice, Administrative Office of the courts ($)

Maine Criminal History Record ($)

Massachusetts Department of Criminal Justice Information Services (DCJIS), Criminal 73. Offender Record Information (iCori) ($)

Michigan State Police Internet Criminal History Access Tool (ICHAT) ($)

Missouri Automated Criminal History Site (MACHS) ($)

Montana Department of Justice Division of Criminal Investigation ($)

Nebraska State Patrol Criminal Identification Division (CID) ($)

New York State Office of Court Administration criminal record search ($)

Oklahoma State Bureau of Investigation ($)

Oregon Open Records ($)

South Carolina Law Enforcement Division (SLED), Citizens Access to Criminal Histories (CATCH) ($)

Tennessee Bureau of Investigation Open Records Information Services (TORIS) ($)

Texas Department of Public Safety Computerized Criminal History System (CCH) ($)

Vermont Criminal Information Center Department of Public Safety Division of Criminal Justice Services ($)

Washington Access To Criminal History ($)

0 notes