Hello, I exported all registry (.reg) files from Windows server 2012, but when trying to load them in Registry Explorer v2.0, I failed. Can someone help me and advise me on how I can load this file for analysis? Regards   ..read more

This how-to guide looks at locations of forensic artifacts and how to create a forensic image and analyze some of the more popular dating applications using the Oxygen Forensic Detective. Watch the how-to guide at: https://www.forensicfocus.com/articles/analysing-dating-apps-using-oxygen-forensic-detective ..read more

I have a Samsung A22 4g phone on which the screen is broken. I ordered a new screen and replaced it, but the screen still doesn't work. The phone turns on otherwise. Unfortunately, I don't have USB Debugging enabled on my phone. I would like to know if there is a way to bypass USB Debugging in order to get to the data on the phone ..read more

Hi, I've Samsung Galaxy A32 with pattern lock. Is any way to unlock this model ..read more

In this episode of the Forensic Focus podcast, Si and Desi discuss programming languages, Flipper, gaming, and more. Watch the podcast at: https://www.forensicfocus.com/podcast/programming-languages-flipper-and-gaming ..read more

Do you know how to find out the history of the built-in camera on an IPhone that has been activated? Please let me know if you know. By the way, we used UFED advanced logical function to extract data from the subject smartphone.   ..read more

Amped Replay assists police officers and investigators with no prior technical background with the playback, correction, annotation and redaction of digital media evidence for media release and/or court presentation. Learn how to use Amped Replay here:https://www.forensicfocus.com/articles/amped-replay-video-evidence-made-easy-and-safe ..read more

Hello all, I'm new here. I'm working on a memory dump and I used volatility to dump a file processed by 7zFM.exe 2176 7zFM.exe "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\IEUser\Documents\backup_development.zip" So i used volatility too for dump it using windows.dumpfiles function python3 removed link -f .. removed link windows.dumpfiles --pid 2176 and the result is this one file backup_development.zip: Zip archive data, at least v1.0 to extract, compression method=store so i unzipped it and the result is the following Archive: backup_development.zip extracting: develo ..read more

Good Afternoon Everyone,   I am reviewing an email with an embedded image when the user clicks on it, it is supposed to take them to a website.  The issue I am having is, the URL contains asterisks. It looks something this: http://**P14.**C/pelotosyy.php?utm_campaign= and then a series of random letters, numbers, and other random characters. Anyone seen this before and if so, how did you decode it ..read more

Good Afternoon Everyone,   I am reviewing an email with an embedded image when the user clicks on it, it is supposed to take them to a website.  The issue I am having is, the URL contains asterisks. It looks something this: http://**P14.**C/pelotosyy.php?utm_campaign= and then a series of random letters, numbers, and other random characters. Anyone seen this before and if so, how did you decode it ..read more