iOS forensic is quite complex: in many cases, jailbreaking is the only way to gather all most information available in iOS devices.

In an interesting article, editors by Privacy International examines some aspects of digital forensics on mobile phones, from the acquisition process to the data analysis phase.

Researchers by cybersecurity firm Nyotron has discovered a new way that lets windows malware to modify files in a unique style that current anti-ransomware solutions are unable to identify.

Some weeks ago I’ve already written about information gathering on OSX systems, related to the forensic investigation process.

Today i’ll talk you briefly about the Windows 10 “Timeline“: a feature that can come in handy during a forensic analysis.
How to access it and how to analyze it?

Researchers from Cisco Talos recently discovered a new malware loader being used to deliver and infect systems using NodeJS as well as the legitimate open-source utility WinDivert.

The Windows Recycle Bin contains files that have been deleted by the user, but not yet purged from the system: a valuable source of evidence for an examiner.

A useful tool: fast and easy to use.

When you start analyzing a Linux memory dump using volatility, the first problem you may need to face is choosing the correct memory profile.

OS X is, in effect, a *nix based system.
Therefore the forensic image acquisition processes are very similar to those used on Linux systems.
Today I’d like to share my personal acquisition workflow for Apple Mac systems, suitable for OSX before 10.11 (El Capitan) or any OSX version with SIP disabled.