Images, Imaging, and Inevitable Investigation Issues

In the forth episode of Chewing the FAT, Phil and Adam host special guest Josh Hickman l to discuss Images, Imaging, and Inevitable Investigation Issues plus we run through some of the recent Digital Forensics industry news.&nbsp;For the forth Forensic Faux Pas segment to air, special guest Josh shares a great story of when he joined Kroll.&nbsp;Links for some of the content we discussed during the show:&nbsp;Forensics Start Me Page (DFIR Resource Links) by Kevin Pagano&nbsp;<a href="https://start.me/p/q6mw4Q/forensics" rel="noopener noreferrer" target="_blank">https://start.me/p/q6mw4Q/forensics</a>&nbsp;Digital Forensic Research Workshop - CTF&nbsp;<a href="https://dfrws.org/dfrws-2021-challenge/" rel="noopener noreferrer" target="_blank">https://dfrws.org/dfrws-2021-challenge/</a>&nbsp;Windows 365&nbsp;<a href="https://windowsreport.com/windows-365-high-demand/" rel="noopener noreferrer" target="_blank">https://windowsreport.com/windows-365-high-demand/</a>&nbsp;Apple to scan iPhones for child sex abuse images&nbsp;<a href="https://www.bbc.co.uk/news/technology-58109748" rel="noopener noreferrer" target="_blank">https://www.bbc.co.uk/news/technology-58109748</a>&gt;&nbsp;<a href="https://www.apple.com/child-safety/" rel="noopener noreferrer" target="_blank">https://www.apple.com/child-safety/</a>&nbsp;Josh Hickman Blog&nbsp;<a href="https://thebinaryhick.blog/" rel="noopener noreferrer" target="_blank">https://thebinaryhick.blog/</a> Kroll &amp; KAPE https://www.kroll.com/en/insights/publications/cyber/kroll-artifact-parser-extractor-kape ForMobile This project has received funding from the European Union's Horizon 2020 - Research and Innovation Framework Programme, H2020-SU-SEC-2018, under grant agreement no. 832800. https://formobile-project.eu/

Episode 4

So long, and thanks for all the fish!

In the final episode of Chewing the FAT, Phil &amp; Adam discuss bringing Chewing the FAT to a close, plus we run through some of the recent Digital Forensics industry news. Phil &amp; Adam also introduce their new podcast Forensics Reformatted where you can continue to be conscious of time. SANS - Truth about USB and Disk Drive serial numbers&nbsp;<a href="https://www.sans.org/blog/the-truth-about-usb-device-serial-numbers/" rel="noopener noreferrer" target="_blank">https://www.sans.org/blog/the-truth-about-usb-device-serial-numbers/</a>&nbsp;&nbsp;&nbsp;Github&nbsp;- DFIR Community Book&nbsp;<a href="https://github.com/Digital-Forensics-Discord-Server/CrowdsourcedDFIRBook/" rel="noopener noreferrer" target="_blank">https://github.com/Digital-Forensics-Discord-Server/CrowdsourcedDFIRBook/</a>&nbsp;&nbsp;&nbsp;Github&nbsp;- Control-F - MIFT (newly open sourced tool)&nbsp;<a href="https://github.com/controlf/mift" rel="noopener noreferrer" target="_blank">https://github.com/controlf/mift</a>&nbsp;&nbsp;&nbsp;New(ish) Command Line tools for Linux&nbsp;<a href="https://jvns.ca/blog/2022/04/12/a-list-of-new-ish--command-line-tools/" rel="noopener noreferrer" target="_blank">https://jvns.ca/blog/2022/04/12/a-list-of-new-ish--command-line-tools/</a>&nbsp;Examining A Malware-Infected Android Phone. This Android Is Not Alright.&nbsp;<a href="https://thebinaryhick.blog/2022/04/09/examining-a-malware-infected-android-phone-this-android-is-not-alright/" rel="noopener noreferrer" target="_blank">https://thebinaryhick.blog/2022/04/09/examining-a-malware-infected-android-phone-this-android-is-not-alright/</a>&nbsp;&nbsp;&nbsp;The Unified Cyber Ontology Transitions to Linux Foundation&nbsp;<a href="https://cyberdomainontology.org/2021/12/07/UCO-transitions-to-LF.html" rel="noopener noreferrer" target="_blank">https://cyberdomainontology.org/2021/12/07/UCO-transitions-to-LF.html</a>&nbsp;&nbsp;Magnet Summit 2022&nbsp;<a href="https://twitter.com/hashtag/MagnetSummit2022?src=hashtag_click" rel="noopener noreferrer" target="_blank">https://twitter.com/hashtag/MagnetSummit2022?src=hashtag_click</a>&nbsp;&nbsp;&nbsp;[Air]Tag You're It! - Chris Vance @cScottVance&nbsp;<a href="https://blog.d204n6.com/2022/04/airtag-youre-it.html" rel="noopener noreferrer" target="_blank">https://blog.d204n6.com/2022/04/airtag-youre-it.html</a>&nbsp;&nbsp;&nbsp;GalliumOS&nbsp;- A fast and lightweight Linux distro for&nbsp;ChromeOS&nbsp;devices&nbsp;<a href="https://galliumos.org/" rel="noopener noreferrer" target="_blank">https://galliumos.org</a>&nbsp;&nbsp;&nbsp;What's the Buzz - Bumble on iOS - Kevin Pagano&nbsp;<a href="https://www.stark4n6.com/2022/04/whats-buzz-bumble-on-ios.html" rel="noopener noreferrer" target="_blank">https://www.stark4n6.com/2022/04/whats-buzz-bumble-on-ios.html</a>&nbsp; CWA: Article link&nbsp;<a href="https://www.cencenelec.eu/news-and-events/news/2022/eninthespotlight/2022-04-12-for-mobile/" rel="noopener noreferrer" target="_blank">https://www.cencenelec.eu/news-and-events/news/2022/eninthespotlight/2022-04-12-for-mobile/</a>&nbsp;&nbsp;Download link&nbsp;<a href="https://www.cencenelec.eu/media/CEN-CENELEC/CWAs/RI/cwa17865_2022.pdf" rel="noopener noreferrer" target="_blank">https://www.cencenelec.eu/media/CEN-CENELEC/CWAs/RI/cwa17865_2022.pdf</a>&nbsp; Forensics Reformatted - The new show: https://anchor.fm/4n6reformatted

Episode 12

Finding Flags and Pulling Pints!

In episode number 11 of Chewing the FAT, Phil &amp; Adam discuss Finding Flags and Pulling Pints with special guest Kevin Pagano! plus we run through some of the recent Digital Forensics industry news along with the Faux Pas. Due to the amount of news and links please view the description on our YouTube Page for full links: <a href="https://www.youtube.com/channel/UCygQ6XBfBdqI8UZUAmWSXTA" rel="noopener noreferrer" target="_blank">Chewing the FAT - YouTube</a> Formobile:<a href="https://formobile-project.eu/" rel="noopener noreferrer" target="_blank">https://formobile-project.eu/</a>

Episode 11

Formobile and Forensic Freebies!

In episode number 10 of Chewing the FAT, Phil &amp; Adam discuss Formobile &amp; Forensic Freebies with special guest Phil Cobley! plus we run through some of the recent Digital Forensics industry news along with the Faux Pas.&nbsp;Due to the amount of news and links please view the description on our YouTube Page for full links: <a href="https://www.youtube.com/channel/UCygQ6XBfBdqI8UZUAmWSXTA" rel="noopener noreferrer" target="_blank">Chewing the FAT - YouTube</a> Formobile:<a href="https://formobile-project.eu/" rel="noopener noreferrer" target="_blank">https://formobile-project.eu/</a>&nbsp;

Episode 10

Ribbons, RabbitHoles and Rock!

In episode number 9 of Chewing the FAT, Phil &amp; Adam discuss ribbons, RabbitHoles and rock with special guest Alex Caithness plus we run through some of the recent Digital Forensics industry news along with the Faux Pas. Alex Caithness: Shouty Band&nbsp;<a href="https://longfallboots.bandcamp.com/track/sailing-stones-2" rel="noopener noreferrer" target="_blank">Sailing Stones | LongFallBoots (bandcamp.com)</a> RabbitHole:<a href="https://www.cclsolutionsgroup.com/products/rabbithole#:~:text=RabbitHole%20Developed%20by%20CCL%E2%80%99s%20R%26D%20Centre%20of%20Excellence%2C,of%20data%20format%20viewers%20into%20a%20single%20interface." rel="noopener noreferrer" target="_blank">RabbitHole | CCL Solutions Group</a> CCL GitHub:https://github.com/cclgroupltd Music: <a href="https://www.youtube.com/c/OscillatorSink/about" rel="noopener noreferrer" target="_blank">Oscillator Sink - YouTube</a> INDUSTRY NEWS: Microsoft Mitigate Record Breaking 3.47 Tbps DDoS on Azure Customers:<a href="https://thehackernews.com/2022/01/microsoft-mitigated-record-breaking-347.html" rel="noopener noreferrer" target="_blank">https://thehackernews.com/2022/01/microsoft-mitigated-record-breaking-347.html</a> Using Graphics Card Fingerprints to Identify Web Users:<a href="https://thehackernews.com/2022/01/your-graphics-card-fingerprint-can-be.html" rel="noopener noreferrer" target="_blank">https://thehackernews.com/2022/01/your-graphics-card-fingerprint-can-be.html</a> DFIR Artifact Museum - Andrew Rathbun Github:<a href="https://github.com/AndrewRathbun/DFIRArtifactMuseum" rel="noopener noreferrer" target="_blank">https://github.com/AndrewRathbun/DFIRArtifactMuseum</a> Android ABX - Binary XML - Alex Caithness (with Alexis Brignoni and Josh Hickman):<a href="https://www.cclsolutionsgroup.com/post/android-abx-binary-xml" rel="noopener noreferrer" target="_blank">https://www.cclsolutionsgroup.com/post/android-abx-binary-xml</a> Android 12 - Snooping on Android 12's Privacy Dashboard - Josh Hickman:<a href="https://thebinaryhick.blog/2022/01/22/snooping-on-android-12s-privacy-dashboard/" rel="noopener noreferrer" target="_blank">https://thebinaryhick.blog/2022/01/22/snooping-on-android-12s-privacy-dashboard/</a> Android Airtags - Josh Hickman:<a href="https://thebinaryhick.blog/2022/01/08/androids-airtags-oof/" rel="noopener noreferrer" target="_blank">https://thebinaryhick.blog/2022/01/08/androids-airtags-oof/</a> FireFox on Android - Kevin Pagano:<a href="https://www.stark4n6.com/2022/01/firefox-on-android-cookies-permissions.html" rel="noopener noreferrer" target="_blank">https://www.stark4n6.com/2022/01/firefox-on-android-cookies-permissions.html</a> Intro to Windows Registry Artifact Analysis - TryHackMe Walkthrough - TryHackMe (Joshua James - DFIR Science):<a href="https://tryhackme.com/room/windowsforensics1" rel="noopener noreferrer" target="_blank">https://tryhackme.com/room/windowsforensics1</a> Decrypting Secret Calculator Vault - The Incidental Chew Toy:<a href="https://theincidentalchewtoy.wordpress.com/2022/01/27/decrypting-secret-calculator-photo-vault/" rel="noopener noreferrer" target="_blank">https://theincidentalchewtoy.wordpress.com/2022/01/27/decrypting-secret-calculator-photo-vault/</a> Please see YouTube for all other links:

Episode 9

Turn Up and Follow Through

In episode number 8 of Chewing the FAT, Phil &amp; Adam discuss turning up and following through with special guest Andrew Rathbun plus we run through some of the recent Digital Forensics industry news along with the Faux Pas. Featured topics: Andrew Rathbun section: Connect with me:https://twitter.com/bunsofwrath12https://www.linkedin.com/in/andrewrathbun/ Digital Forensics Discord Serverhttps://aboutdfir.com/a-beginners-guide-to-the-digital-forensics-discord-server/ AboutDFIRhttps://aboutdfir.com Andrew’s Current GitHub Projects:https://github.com/AndrewRathbun/VanillaWindowsRegistryHiveshttps://github.com/AndrewRathbun/VanillaWindowsReferencehttps://github.com/nasbench/EVTX-ETW-Resourceshttps://github.com/AndrewRathbun/DFIRRegexhttps://github.com/AndrewRathbun/DFIRMindMapshttps://github.com/AndrewRathbun/DirectoryOpus-DFIRConfighttps://github.com/AndrewRathbun/EventTranscript.db-Research KAPE Related GitHub Repositories:https://github.com/AndrewRathbun/Awesome-KAPEhttps://github.com/AndrewRathbun/KAPE-EZToolsAncillaryUpdaterhttps://github.com/EricZimmerman/KapeFileshttps://github.com/EricZimmerman/SQLECmdhttps://github.com/EricZimmerman/evtxhttps://github.com/EricZimmerman/RECmdhttps://github.com/AndrewRathbun/ForensicImageKAPEOutput Digital Forensics Discord Server GitHub Repositories:https://github.com/Digital-Forensics-Discord-Server/GitHubLearningPlaygroundhttps://github.com/Digital-Forensics-Discord-Server/LawEnforcementResourceshttps://github.com/Digital-Forensics-Discord-Server/DFIRGlossary ----------------------------- Open Source Digital Forensic Conference:<a href="https://www.osdfcon.org/" rel="noopener noreferrer" target="_blank">https://www.osdfcon.org/</a> Using ArtEx to conduct an extraction of a jailbroken iPhone - Ian Whiffin:<a href="https://doubleblak.com/blogPosts.php?id=26" rel="noopener noreferrer" target="_blank">https://doubleblak.com/blogPosts.php?id=26</a> Log4j - Rob Berends:https://www.linkedin.com/feed/update/urn:li:activity:6876120706095058944 Log4j:<a href="https://thehackernews.com/2021/12/extremely-critical-log4j-vulnerability.html" rel="noopener noreferrer" target="_blank">https://thehackernews.com/2021/12/extremely-critical-log4j-vulnerability.html</a> SANS Cyber Threat Intelligence Conference:<a href="https://www.youtube.com/watch?v=xL-1wrSAdK4" rel="noopener noreferrer" target="_blank">Join us for the FREE Virtual Cyber Threat Intelligence Summit 2022!</a> Logo-ls A new GitHub repo that combines the Linux LS CMD with logos and icons:<a href="https://github.com/Yash-Handa/logo-ls?utm_source=tldrnewsletter" rel="noopener noreferrer" target="_blank">https://github.com/Yash-Handa/logo-ls?utm_source=tldrnewsletter</a> Josh Hickman, The Binary Hick - Android 12 Image:https://thebinaryhick.blog/2021/12/17/android-12-image-now-available/ Kevin Pagano - Stark4N6 - Forensic4Cast Nominations:https://www.stark4n6.com/2021/12/my-2022-forensic-4cast-awards.html Forensic4Cast Nomination Page:https://docs.google.com/forms/d/e/1FAIpQLScX-pt0uo9_0GUv-AG-ty7Ya8bZzdRlW8-eP3oABHCsSCQrGQ/viewform FORMOBILE:https://formobile-project.eu/

Episode 8

Mental Health and Working within Digital Forensics

In the seventh episode of Chewing the FAT, Phil &amp; Adam discuss Mental Health and Working within Digital Forensics plus we run through some of the recent Digital Forensics industry news along with the Faux Pas. Featured topics: Sarah Edwards - Apple Pay &amp; Wallet: https://objectivebythesea.com/v4/talks/OBTS_v4_sEdwards.pdf Josh Hickman iOS 15 Powered off tracking and remote wipe &amp; XML Binary findings: https://thebinaryhick.blog/2021/10/27/ios-15-powered-off-tracking-remote-bombs/https://twitter.com/josh_hickman1/status/1456730376030859265	 Ian Whiffin - Geofences &amp; Metadata Adjustment: https://www.doubleblak.com/m/blogPosts.php?id=22https://www.doubleblak.com/m/blogPosts.php?id=23 Frida &amp; Use case by Christine Fossaceca: https://objectivebythesea.com/v4/talks/OBTS_v4_cFossaceca.pdfhttps://frida.re DFIR Science - Joshua James: https://dfir.science/2021/11/WIN-100USD-and-PRIZES-Nov-DFIR-Dev.htmlhttps://www.youtube.com/watch?v=mM4rbFh4rqg&amp;feature=youtu.behttps://swag.dfir.science/listing/DFIR-Stickers-IDFE?product=661 iOS 15 Notes: https://support.apple.com/en-gb/guide/iphone/iphe4d04f674/ios Alex Caithness at CCL: https://github.com/cclgroupltd Alexis Brignoni - all the LEAPPs https://abrignoni.blogspot.com/ R:pple Suicide Prevention: https://www.ripplesuicideprevention.com/ FORMOBILE:﻿https://formobile-project.eu/

Episode 7

Coding, Community, and Collaborations 

In the sixth episode of Chewing the FAT, Phil &amp; Adam host special guest Alexis Brignoni l to discuss Coding, Community, &amp; Collaborations plus we run through some of the recent Digital Forensics industry news along with the Faux Pas. Digital Evidence &amp; the Crime ScenePaper by Graeme Horsman, exploring the concept of devices being "Digital witnesses", &amp; methodologies &amp; theories regarding scene examination.<a href="https://reader.elsevier.com/reader/sd/pii/S1355030621001295?token=FC1BB7A6B9AD84CDC4B95A9700B00F080FB2220C608BA7EAFB46FA280387E70EC79D7B05C0F9C42CF5D0D370218EAFAC&amp;originRegion=eu-west-1&amp;originCreation=20211013063720" rel="noopener noreferrer" target="_blank">https://reader.elsevier.com/reader/sd/pii/S1355030621001295?token=FC1BB7A6B9AD84CDC4B95A9700B00F080FB2220C608BA7EAFB46FA280387E70EC79D7B05C0F9C42CF5D0D370218EAFAC&amp;originRegion=eu-west-1&amp;originCreation=20211013063720</a>&nbsp;Microsoft releases Linux version of Sysadmin<a href="https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-linux-version-of-the-windows-sysmon-tool/amp/" rel="noopener noreferrer" target="_blank">https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-linux-version-of-the-windows-sysmon-tool/amp/</a>&nbsp;Samsung Power Off Reset Logs &amp; iOS TrackingKevin Pagano, who produces the Start.me!&nbsp;While doing the Cellebrite CTF there was a question on Samsung phone battery life, &amp; Kevin created a parser for ALEAPP to parse the power off log files.<a href="https://www.stark4n6.com/2021/10/samsung-power-off-reset-logs.html?m=1" rel="noopener noreferrer" target="_blank">https://www.stark4n6.com/2021/10/samsung-power-off-reset-logs.html?m=1</a><a href="https://www.stark4n6.com/2021/10/restore-log-tracking-ios-update-history.html" rel="noopener noreferrer" target="_blank">https://www.stark4n6.com/2021/10/restore-log-tracking-ios-update-history.html</a>&nbsp;Encouraging different perspectives in Digital Forensics<a href="https://www.forensicfocus.com/articles/encouraging-different-perspectives-in-digital-forensics-september-research/" rel="noopener noreferrer" target="_blank">https://www.forensicfocus.com/articles/encouraging-different-perspectives-in-digital-forensics-september-research/</a>&nbsp;AFF4 Evidential Containers - explained by Magnet<a href="https://www.forensicfocus.com/webinars/the-aff4-evidence-container-why-and-whats-next/" rel="noopener noreferrer" target="_blank">https://www.forensicfocus.com/webinars/the-aff4-evidence-container-why-and-whats-next/</a>&nbsp;Recognizing people in photos through private on-device machine learning - Apple<a href="https://machinelearning.apple.com/research/recognizing-people-photos" rel="noopener noreferrer" target="_blank">https://machinelearning.apple.com/research/recognizing-people-photos</a>&nbsp;Brignoni on Teaching and Learning Python <a href="https://www.forensicfocus.com/podcast/alexis-brignoni-on-teaching-and-learning-python-why-its-important-and-whats-involved/" rel="noopener noreferrer" target="_blank">https://www.forensicfocus.com/podcast/alexis-brignoni-on-teaching-and-learning-python-why-its-important-and-whats-involved/</a>&nbsp;Brignoni Blog &amp; YouTube<a href="https://abrignoni.blogspot.com/" rel="noopener noreferrer" target="_blank">https://abrignoni.blogspot.com</a><a href="https://www.youtube.com/c/AlexisBrignoni" rel="noopener noreferrer" target="_blank">https://www.youtube.com/c/AlexisBrignoni</a>

Episode 6

Online Child Safety and Automated Protections

In the fifth episode of Chewing the FAT, Phil and Adam host special guest Tom Farrell QPM l to discuss Online child safety and available automated protection systems plus we run through some of the recent Digital Forensics industry news.&nbsp;For the fifth Forensic Faux Pas segment to air, special guest Tom shares a great story of ensuring your spoof address is actually spoofed!&nbsp;Links for some of the content we discussed during the show: The Binary Hick - Josh Hickman - Detecting Android Factory Reset <a href="https://thebinaryhick.blog/2021/08/19/wipeout-detecting-android-factory-resets/" rel="noopener noreferrer" target="_blank">https://thebinaryhick.blog/2021/08/19/wipeout-detecting-android-factory-resets/</a> ProtonMail - iOS application decryption - Matthew Regnery <a href="https://xperylab.medium.com/protonmail-forensic-decryption-of-ios-app-8e9ae9f50953" rel="noopener noreferrer" target="_blank">https://xperylab.medium.com/protonmail-forensic-decryption-of-ios-app-8e9ae9f50953</a> Apple delays plays to scan your iCloud - BBC <a href="https://www.bbc.co.uk/news/technology-58433647.amp" rel="noopener noreferrer" target="_blank">https://www.bbc.co.uk/news/technology-58433647.amp</a> Tom's response to Apples delay - SafeToNet&nbsp;<a href="https://safetonet.com/en-gb/2021/08/24/apple-continue-to-raise-eyebrows/" rel="noopener noreferrer" target="_blank">https://safetonet.com/en-gb/2021/08/24/apple-continue-to-raise-eyebrows/</a> ForMobile This project has received funding from the European Union's Horizon 2020 - Research and Innovation Framework Programme, H2020-SU-SEC-2018, under grant agreement no. 832800. https://formobile-project.eu/

Episode 5

Decrypting the world of Digital Forensics for the enjoyment of all

Chewing the FAT is a Digital Forensics and Cyber Investigations video podcast written and presented by Firmsky (Adam Firman) and Cobbers (Phil Cobley) where they discuss and explore past or future developments impacting on the industry.&nbsp;With recent industry news bulletins, special guest interviews from the field, and a casual, fun approach to all things DFIR, this podcast will help keep practitioners and enthusiasts engaged and up-to-speed on this fast paced and ever changing discipline.

Chewing the FAT

Share

Episode 4

More Episodes

View all

Episode 11

Episode 10

Episode 9