Andrea Fortuna
Just some random thoughts about the Meaning of Life, The Universe, and Everything

NTFS filesystem is a gold mine for forensic analysis on Microsoft Windows systems.

iLEAPP is a good iOS forensic tool developed by Alexis Brignoni. It’s composed by a set of python script previously developed by Alexis, collected in a single, useful, tool.

On iOS devices, due the well-known os restrictions, logical acquisition is the most common type of data extraction during digital forensic investigations. There are a lot of commercial forensic tools able to perform this step, but this type of acquisition can be also perfomed using an open source tool.

I recently happened to read a research, presented during the ACM WINTECH 2020 conference, related to IMSI Catchers and their exploitation for tracking users of mobile devices.

During a forensic analysis, but also during other simple tasks (like helping a friend to recover deleted files), is useful to have a trusted tool to perform file-carving and data recovery.

Most of forensic acquisition activities on an Android device can be accomplished using the ADB (Android Debug Bridge) tool.
However, a lot of commands are required: luckily, the forensic expert Mattia Epifani created a bash script that automatize a lot of operations needed to collect device informations.

An academic research, conducted by Professor Douglas J. Leith from Trinity College at the University of Dublin, analyzed traffic originating from iOS and Android devices heading to Apple and Google servers at various stages of a phone’s operation, such as data shared, founding that Google collects around 20 times more telemetry data from Android devices than Apple from iOS.

An interesting article and video lesson by security reserarcher Didier Stevens.

There is no 100% anonymity on the internet.

Your Digital Footprint is everywhere on the web: it is in all the actions you do on keyboard and mouse, on every tap and swipe on our mobile phone.

Currently, there are a lot of good forensics commercial tools, can be used to perform a whole dfir workflow. However, several analyst anche companies cannot afford the purchase of those (awesome) tools.