Let’s starting a series of article related to digital forensic focused on mobile devices. In this first post i’d like to share some thoughts about image acquisition on android devices.
There are commercial tools that provides access to the Volume Shadow Copies within a forensic image, but how can access this source of data using only free tools?
The Netflix Security Intelligence and Response Team (SIRT) has released (under Apache 2.0 license) a triage tool to help digital forensics and incident response teams quickly identify compromised hosts on which to focus their response. The tool, written in python 3 and named “Diffy”, is strictly focused on security incidents on cloud architectures.
Spoiler: shame on DumpIT!