Share

cover art for Episode 4

Chewing the FAT

Episode 4

Season 1, Ep. 4

In the forth episode of Chewing the FAT, Phil and Adam host special guest Josh Hickman l to discuss Images, Imaging, and Inevitable Investigation Issues plus we run through some of the recent Digital Forensics industry news.

 

For the forth Forensic Faux Pas segment to air, special guest Josh shares a great story of when he joined Kroll.

 

Links for some of the content we discussed during the show:

 

Forensics Start Me Page (DFIR Resource Links) by Kevin Pagano

 

https://start.me/p/q6mw4Q/forensics

 

Digital Forensic Research Workshop - CTF

 

https://dfrws.org/dfrws-2021-challenge/

 

Windows 365

 

https://windowsreport.com/windows-365-high-demand/

 

Apple to scan iPhones for child sex abuse images

 

https://www.bbc.co.uk/news/technology-58109748>

 

https://www.apple.com/child-safety/

 

Josh Hickman Blog

 

https://thebinaryhick.blog/


Kroll & KAPE


https://www.kroll.com/en/insights/publications/cyber/kroll-artifact-parser-extractor-kape


ForMobile


This project has received funding from the European Union's Horizon 2020 - Research and Innovation Framework Programme, H2020-SU-SEC-2018, under grant agreement no. 832800.


https://formobile-project.eu/

More episodes

View all episodes

  • 12. Episode 12

    45:22||Season 1, Ep. 12
    In the final episode of Chewing the FAT, Phil & Adam discuss bringing Chewing the FAT to a close, plus we run through some of the recent Digital Forensics industry news. Phil & Adam also introduce their new podcast Forensics Reformatted where you can continue to be conscious of time.SANS - Truth about USB and Disk Drive serial numbers https://www.sans.org/blog/the-truth-about-usb-device-serial-numbers/   Github - DFIR Community Book https://github.com/Digital-Forensics-Discord-Server/CrowdsourcedDFIRBook/   Github - Control-F - MIFT (newly open sourced tool) https://github.com/controlf/mift   New(ish) Command Line tools for Linux https://jvns.ca/blog/2022/04/12/a-list-of-new-ish--command-line-tools/ Examining A Malware-Infected Android Phone. This Android Is Not Alright. https://thebinaryhick.blog/2022/04/09/examining-a-malware-infected-android-phone-this-android-is-not-alright/   The Unified Cyber Ontology Transitions to Linux Foundation https://cyberdomainontology.org/2021/12/07/UCO-transitions-to-LF.html  Magnet Summit 2022 https://twitter.com/hashtag/MagnetSummit2022?src=hashtag_click   [Air]Tag You're It! - Chris Vance @cScottVance https://blog.d204n6.com/2022/04/airtag-youre-it.html   GalliumOS - A fast and lightweight Linux distro for ChromeOS devices https://galliumos.org   What's the Buzz - Bumble on iOS - Kevin Pagano https://www.stark4n6.com/2022/04/whats-buzz-bumble-on-ios.html CWA:Article link https://www.cencenelec.eu/news-and-events/news/2022/eninthespotlight/2022-04-12-for-mobile/  Download link https://www.cencenelec.eu/media/CEN-CENELEC/CWAs/RI/cwa17865_2022.pdf Forensics Reformatted - The new show:https://anchor.fm/4n6reformatted
  • 11. Episode 11

    01:25:40||Season 1, Ep. 11
    In episode number 11 of Chewing the FAT, Phil & Adam discuss Finding Flags and Pulling Pints with special guest Kevin Pagano! plus we run through some of the recent Digital Forensics industry news along with the Faux Pas.Due to the amount of news and links please view the description on our YouTube Page for full links:Chewing the FAT - YouTubeFormobile:https://formobile-project.eu/
  • 10. Episode 10

    01:18:48||Season 1, Ep. 10
    In episode number 10 of Chewing the FAT, Phil & Adam discuss Formobile & Forensic Freebies with special guest Phil Cobley! plus we run through some of the recent Digital Forensics industry news along with the Faux Pas. Due to the amount of news and links please view the description on our YouTube Page for full links:Chewing the FAT - YouTubeFormobile:https://formobile-project.eu/ 
  • 9. Episode 9

    01:13:22||Season 1, Ep. 9
    In episode number 9 of Chewing the FAT, Phil & Adam discuss ribbons, RabbitHoles and rock with special guest Alex Caithness plus we run through some of the recent Digital Forensics industry news along with the Faux Pas.Alex Caithness:Shouty Band Sailing Stones | LongFallBoots (bandcamp.com)RabbitHole:RabbitHole | CCL Solutions GroupCCL GitHub:https://github.com/cclgroupltdMusic:Oscillator Sink - YouTubeINDUSTRY NEWS:Microsoft Mitigate Record Breaking 3.47 Tbps DDoS on Azure Customers:https://thehackernews.com/2022/01/microsoft-mitigated-record-breaking-347.htmlUsing Graphics Card Fingerprints to Identify Web Users:https://thehackernews.com/2022/01/your-graphics-card-fingerprint-can-be.htmlDFIR Artifact Museum - Andrew Rathbun Github:https://github.com/AndrewRathbun/DFIRArtifactMuseumAndroid ABX - Binary XML - Alex Caithness (with Alexis Brignoni and Josh Hickman):https://www.cclsolutionsgroup.com/post/android-abx-binary-xmlAndroid 12 - Snooping on Android 12's Privacy Dashboard - Josh Hickman:https://thebinaryhick.blog/2022/01/22/snooping-on-android-12s-privacy-dashboard/Android Airtags - Josh Hickman:https://thebinaryhick.blog/2022/01/08/androids-airtags-oof/FireFox on Android - Kevin Pagano:https://www.stark4n6.com/2022/01/firefox-on-android-cookies-permissions.htmlIntro to Windows Registry Artifact Analysis - TryHackMe Walkthrough - TryHackMe (Joshua James - DFIR Science):https://tryhackme.com/room/windowsforensics1Decrypting Secret Calculator Vault - The Incidental Chew Toy:https://theincidentalchewtoy.wordpress.com/2022/01/27/decrypting-secret-calculator-photo-vault/Please see YouTube for all other links:
  • 8. Episode 8

    01:30:05||Season 1, Ep. 8
    In episode number 8 of Chewing the FAT, Phil & Adam discuss turning up and following through with special guest Andrew Rathbun plus we run through some of the recent Digital Forensics industry news along with the Faux Pas.Featured topics:Andrew Rathbun section:Connect with me:https://twitter.com/bunsofwrath12https://www.linkedin.com/in/andrewrathbun/Digital Forensics Discord Serverhttps://aboutdfir.com/a-beginners-guide-to-the-digital-forensics-discord-server/AboutDFIRhttps://aboutdfir.comAndrew’s Current GitHub Projects:https://github.com/AndrewRathbun/VanillaWindowsRegistryHiveshttps://github.com/AndrewRathbun/VanillaWindowsReferencehttps://github.com/nasbench/EVTX-ETW-Resourceshttps://github.com/AndrewRathbun/DFIRRegexhttps://github.com/AndrewRathbun/DFIRMindMapshttps://github.com/AndrewRathbun/DirectoryOpus-DFIRConfighttps://github.com/AndrewRathbun/EventTranscript.db-ResearchKAPE Related GitHub Repositories:https://github.com/AndrewRathbun/Awesome-KAPEhttps://github.com/AndrewRathbun/KAPE-EZToolsAncillaryUpdaterhttps://github.com/EricZimmerman/KapeFileshttps://github.com/EricZimmerman/SQLECmdhttps://github.com/EricZimmerman/evtxhttps://github.com/EricZimmerman/RECmdhttps://github.com/AndrewRathbun/ForensicImageKAPEOutputDigital Forensics Discord Server GitHub Repositories:https://github.com/Digital-Forensics-Discord-Server/GitHubLearningPlaygroundhttps://github.com/Digital-Forensics-Discord-Server/LawEnforcementResourceshttps://github.com/Digital-Forensics-Discord-Server/DFIRGlossary-----------------------------Open Source Digital Forensic Conference:https://www.osdfcon.org/Using ArtEx to conduct an extraction of a jailbroken iPhone - Ian Whiffin:https://doubleblak.com/blogPosts.php?id=26Log4j - Rob Berends:https://www.linkedin.com/feed/update/urn:li:activity:6876120706095058944Log4j:https://thehackernews.com/2021/12/extremely-critical-log4j-vulnerability.htmlSANS Cyber Threat Intelligence Conference:Join us for the FREE Virtual Cyber Threat Intelligence Summit 2022!Logo-ls A new GitHub repo that combines the Linux LS CMD with logos and icons:https://github.com/Yash-Handa/logo-ls?utm_source=tldrnewsletterJosh Hickman, The Binary Hick - Android 12 Image:https://thebinaryhick.blog/2021/12/17/android-12-image-now-available/Kevin Pagano - Stark4N6 - Forensic4Cast Nominations:https://www.stark4n6.com/2021/12/my-2022-forensic-4cast-awards.htmlForensic4Cast Nomination Page:https://docs.google.com/forms/d/e/1FAIpQLScX-pt0uo9_0GUv-AG-ty7Ya8bZzdRlW8-eP3oABHCsSCQrGQ/viewformFORMOBILE:https://formobile-project.eu/
  • 7. Episode 7

    01:02:43||Season 1, Ep. 7
    In the seventh episode of Chewing the FAT, Phil & Adam discuss Mental Health and Working within Digital Forensics plus we run through some of the recent Digital Forensics industry news along with the Faux Pas.Featured topics:Sarah Edwards - Apple Pay & Wallet:https://objectivebythesea.com/v4/talks/OBTS_v4_sEdwards.pdfJosh Hickman iOS 15 Powered off tracking and remote wipe & XML Binary findings:https://thebinaryhick.blog/2021/10/27/ios-15-powered-off-tracking-remote-bombs/https://twitter.com/josh_hickman1/status/1456730376030859265 Ian Whiffin - Geofences & Metadata Adjustment:https://www.doubleblak.com/m/blogPosts.php?id=22https://www.doubleblak.com/m/blogPosts.php?id=23Frida & Use case by Christine Fossaceca:https://objectivebythesea.com/v4/talks/OBTS_v4_cFossaceca.pdfhttps://frida.reDFIR Science - Joshua James:https://dfir.science/2021/11/WIN-100USD-and-PRIZES-Nov-DFIR-Dev.htmlhttps://www.youtube.com/watch?v=mM4rbFh4rqg&feature=youtu.behttps://swag.dfir.science/listing/DFIR-Stickers-IDFE?product=661iOS 15 Notes:https://support.apple.com/en-gb/guide/iphone/iphe4d04f674/iosAlex Caithness at CCL:https://github.com/cclgroupltdAlexis Brignoni - all the LEAPPshttps://abrignoni.blogspot.com/R:pple Suicide Prevention:https://www.ripplesuicideprevention.com/FORMOBILE:https://formobile-project.eu/
  • 6. Episode 6

    01:10:18||Season 1, Ep. 6
    In the sixth episode of Chewing the FAT, Phil & Adam host special guest Alexis Brignoni l to discuss Coding, Community, & Collaborations plus we run through some of the recent Digital Forensics industry news along with the Faux Pas.Digital Evidence & the Crime ScenePaper by Graeme Horsman, exploring the concept of devices being "Digital witnesses", & methodologies & theories regarding scene examination.https://reader.elsevier.com/reader/sd/pii/S1355030621001295?token=FC1BB7A6B9AD84CDC4B95A9700B00F080FB2220C608BA7EAFB46FA280387E70EC79D7B05C0F9C42CF5D0D370218EAFAC&originRegion=eu-west-1&originCreation=20211013063720 Microsoft releases Linux version of Sysadminhttps://www.bleepingcomputer.com/news/microsoft/microsoft-releases-linux-version-of-the-windows-sysmon-tool/amp/ Samsung Power Off Reset Logs & iOS TrackingKevin Pagano, who produces the Start.me! While doing the Cellebrite CTF there was a question on Samsung phone battery life, & Kevin created a parser for ALEAPP to parse the power off log files.https://www.stark4n6.com/2021/10/samsung-power-off-reset-logs.html?m=1https://www.stark4n6.com/2021/10/restore-log-tracking-ios-update-history.html Encouraging different perspectives in Digital Forensicshttps://www.forensicfocus.com/articles/encouraging-different-perspectives-in-digital-forensics-september-research/ AFF4 Evidential Containers - explained by Magnethttps://www.forensicfocus.com/webinars/the-aff4-evidence-container-why-and-whats-next/ Recognizing people in photos through private on-device machine learning - Applehttps://machinelearning.apple.com/research/recognizing-people-photos Brignoni on Teaching and Learning Python https://www.forensicfocus.com/podcast/alexis-brignoni-on-teaching-and-learning-python-why-its-important-and-whats-involved/ Brignoni Blog & YouTubehttps://abrignoni.blogspot.comhttps://www.youtube.com/c/AlexisBrignoni
  • 5. Episode 5

    01:02:11||Season 1, Ep. 5
    In the fifth episode of Chewing the FAT, Phil and Adam host special guest Tom Farrell QPM l to discuss Online child safety and available automated protection systems plus we run through some of the recent Digital Forensics industry news. For the fifth Forensic Faux Pas segment to air, special guest Tom shares a great story of ensuring your spoof address is actually spoofed! Links for some of the content we discussed during the show:The Binary Hick - Josh Hickman - Detecting Android Factory Resethttps://thebinaryhick.blog/2021/08/19/wipeout-detecting-android-factory-resets/ProtonMail - iOS application decryption - Matthew Regneryhttps://xperylab.medium.com/protonmail-forensic-decryption-of-ios-app-8e9ae9f50953Apple delays plays to scan your iCloud - BBChttps://www.bbc.co.uk/news/technology-58433647.ampTom's response to Apples delay - SafeToNet https://safetonet.com/en-gb/2021/08/24/apple-continue-to-raise-eyebrows/ForMobileThis project has received funding from the European Union's Horizon 2020 - Research and Innovation Framework Programme, H2020-SU-SEC-2018, under grant agreement no. 832800.https://formobile-project.eu/