Hello,   I would like to request your help on this matter, I really new in the digital forensic analysis but i think i discovered a topic really intresting to study for me.   I was making some tests on a Windows server device with FTK Imager and I obtained its dump memory file .mem, and after loading it on the application, appeared this kind of messages that make me feel worried:   " \.b c i l.p.uRansom:MSIL/BlackWorld.DA!MTB......S..¬..±xm...µæYd..È"1.>GÈaÞ|ç¹Black World Ransomware.exeB.l.a.c.k. .W.o.r.l.d. .R.a.n.s.o.m.w.a.r.e...e.x.e.Black_World_Ransomware.PropertiesB.l.a ..read more

I want to remove the contents that say WFS 4.0 from the file with .E01 extension. How can I do that ..read more

Im trying to extrat the ntuser.dat file from an ad1 disk image however for some reason ftk imager is returning an empty file    https://prnt.sc/_y1WFGUl1GdC   https://prnt.sc/lR3bCBIOjQEF ..read more

Si and Desi discuss the implications of relying on computer systems and algorithms to make important decisions. Watch the podcast here: https://www.forensicfocus.com/podcast/cyber-scandals-and-when-not-to-trust-computers ..read more

Si and Desi discuss the implications of relying on computer systems and algorithms to make important decisions. Watch the podcast here: https://www.forensicfocus.com/podcast/cyber-scandals-and-when-not-to-trust-computers ..read more

Hi Need some help I have unlocked S21 on Android 14, but secure folder is locked, is there any forensic tools that can access the data in secure folder..I believe magnet graykey can do upto Android 13, but I am not able to confirm if supports Android 14 and for Qualcomm. Most other tools seems to support Exynos only prior to March 2002 SPL, not sure about cellebrite premium, oxygen or xry. Thanks  ..read more

hello everybody! What is the best tool for processing data collected from cell phones? Today I use the reveal and nuix platforms, but it's not so good for data visualization, the data isn't structured in chats. Apart from the delay in processing the data using reveal to map the fields Does anyone have any other way to structure this data ..read more

Hi!  :) OK.  I've mounted an E01 file using OSF Mount and am trying to analyse it using the Autoruns feature of Sysinternals.  I type in the root (the drive is labelled D), which is D:\Windows in this case.  For the user profile I enter D:\Users\Default.  I have checked the checksums of the file and and yet Autoruns  kicks back an "error scanning offline system" message every time.  I am using the program with admin privileges. Can anyone shed some light on this one?  I would be most grateful.  Cheers and kind regards Feenix ..read more

hello everyone, I have a problem with redmi A2 extraction / oxygen forensic. I extracted Physical image and hardware keys, but bruteforce not start, and also imported image is encrypted, no user data keys.json {"MTK_CHID": "31383934", "MTK_ME_ID": "b4a9cb8971d9efbfaf6a48f087f14e64", "ChainType": "4d543a36373635"} device.ewc ContentType=ANDROID_IMAGE ExtractionEndUtc= ExtractionMethod= ExtractionStartUtc= InternalModelName=MT6765 ProductName=DeviceExtractor ProductVersion=2.12.1 DeviceAlias=MT6765 KeyBagFile=keys.json Partition 1 File=userdata.bin Partition 1 MD5=d083d6e10b5d08a3c4c5d7f75 ..read more

dear all. I need to extract the Whats App chat between two person. Audio files included. The phone is an Android, I don't know anymore. Can someone suggest a cheap tool? Thank ..read more