Chewing the FAT

In the final episode of Chewing the FAT, Phil & Adam discuss bringing Chewing the FAT to a close, plus we run through some of the recent Digital Forensics industry news. Phil & Adam also introduce their new podcast Forensics Reformatted where you can continue to be conscious of time.SANS - Truth about USB and Disk Drive serial numbers https://www.sans.org/blog/the-truth-about-usb-device-serial-numbers/ Github - DFIR Community Book https://github.com/Digital-Forensics-Discord-Server/CrowdsourcedDFIRBook/ Github - Control-F - MIFT (newly open sourced tool) https://github.com/controlf/mift New(ish) Command Line tools for Linux https://jvns.ca/blog/2022/04/12/a-list-of-new-ish--command-line-tools/ Examining A Malware-Infected Android Phone. This Android Is Not Alright. https://thebinaryhick.blog/2022/04/09/examining-a-malware-infected-android-phone-this-android-is-not-alright/ The Unified Cyber Ontology Transitions to Linux Foundation https://cyberdomainontology.org/2021/12/07/UCO-transitions-to-LF.html Magnet Summit 2022 https://twitter.com/hashtag/MagnetSummit2022?src=hashtag_click [Air]Tag You're It! - Chris Vance @cScottVance https://blog.d204n6.com/2022/04/airtag-youre-it.html GalliumOS - A fast and lightweight Linux distro for ChromeOS devices https://galliumos.org What's the Buzz - Bumble on iOS - Kevin Pagano https://www.stark4n6.com/2022/04/whats-buzz-bumble-on-ios.html CWA:Article link https://www.cencenelec.eu/news-and-events/news/2022/eninthespotlight/2022-04-12-for-mobile/ Download link https://www.cencenelec.eu/media/CEN-CENELEC/CWAs/RI/cwa17865_2022.pdf Forensics Reformatted - The new show:https://anchor.fm/4n6reformatted Hosted on Acast. See acast.com/privacy for more information.

In episode number 11 of Chewing the FAT, Phil & Adam discuss Finding Flags and Pulling Pints with special guest Kevin Pagano! plus we run through some of the recent Digital Forensics industry news along with the Faux Pas.Due to the amount of news and links please view the description on our YouTube Page for full links:Chewing the FAT - YouTubeFormobile:https://formobile-project.eu/ Hosted on Acast. See acast.com/privacy for more information.

In episode number 10 of Chewing the FAT, Phil & Adam discuss Formobile & Forensic Freebies with special guest Phil Cobley! plus we run through some of the recent Digital Forensics industry news along with the Faux Pas. Due to the amount of news and links please view the description on our YouTube Page for full links:Chewing the FAT - YouTubeFormobile:https://formobile-project.eu/ Hosted on Acast. See acast.com/privacy for more information.

In episode number 9 of Chewing the FAT, Phil & Adam discuss ribbons, RabbitHoles and rock with special guest Alex Caithness plus we run through some of the recent Digital Forensics industry news along with the Faux Pas.Alex Caithness:Shouty Band Sailing Stones | LongFallBoots (bandcamp.com)RabbitHole:RabbitHole | CCL Solutions GroupCCL GitHub:https://github.com/cclgroupltdMusic:Oscillator Sink - YouTubeINDUSTRY NEWS:Microsoft Mitigate Record Breaking 3.47 Tbps DDoS on Azure Customers:https://thehackernews.com/2022/01/microsoft-mitigated-record-breaking-347.htmlUsing Graphics Card Fingerprints to Identify Web Users:https://thehackernews.com/2022/01/your-graphics-card-fingerprint-can-be.htmlDFIR Artifact Museum - Andrew Rathbun Github:https://github.com/AndrewRathbun/DFIRArtifactMuseumAndroid ABX - Binary XML - Alex Caithness (with Alexis Brignoni and Josh Hickman):https://www.cclsolutionsgroup.com/post/android-abx-binary-xmlAndroid 12 - Snooping on Android 12's Privacy Dashboard - Josh Hickman:https://thebinaryhick.blog/2022/01/22/snooping-on-android-12s-privacy-dashboard/Android Airtags - Josh Hickman:https://thebinaryhick.blog/2022/01/08/androids-airtags-oof/FireFox on Android - Kevin Pagano:https://www.stark4n6.com/2022/01/firefox-on-android-cookies-permissions.htmlIntro to Windows Registry Artifact Analysis - TryHackMe Walkthrough - TryHackMe (Joshua James - DFIR Science):https://tryhackme.com/room/windowsforensics1Decrypting Secret Calculator Vault - The Incidental Chew Toy:https://theincidentalchewtoy.wordpress.com/2022/01/27/decrypting-secret-calculator-photo-vault/Please see YouTube for all other links: Hosted on Acast. See acast.com/privacy for more information.

In episode number 8 of Chewing the FAT, Phil & Adam discuss turning up and following through with special guest Andrew Rathbun plus we run through some of the recent Digital Forensics industry news along with the Faux Pas.Featured topics:Andrew Rathbun section:Connect with me:https://twitter.com/bunsofwrath12https://www.linkedin.com/in/andrewrathbun/Digital Forensics Discord Serverhttps://aboutdfir.com/a-beginners-guide-to-the-digital-forensics-discord-server/AboutDFIRhttps://aboutdfir.comAndrew's Current GitHub Projects:https://github.com/AndrewRathbun/VanillaWindowsRegistryHiveshttps://github.com/AndrewRathbun/VanillaWindowsReferencehttps://github.com/nasbench/EVTX-ETW-Resourceshttps://github.com/AndrewRathbun/DFIRRegexhttps://github.com/AndrewRathbun/DFIRMindMapshttps://github.com/AndrewRathbun/DirectoryOpus-DFIRConfighttps://github.com/AndrewRathbun/EventTranscript.db-ResearchKAPE Related GitHub Repositories:https://github.com/AndrewRathbun/Awesome-KAPEhttps://github.com/AndrewRathbun/KAPE-EZToolsAncillaryUpdaterhttps://github.com/EricZimmerman/KapeFileshttps://github.com/EricZimmerman/SQLECmdhttps://github.com/EricZimmerman/evtxhttps://github.com/EricZimmerman/RECmdhttps://github.com/AndrewRathbun/ForensicImageKAPEOutputDigital Forensics Discord Server GitHub Repositories:https://github.com/Digital-Forensics-Discord-Server/GitHubLearningPlaygroundhttps://github.com/Digital-Forensics-Discord-Server/LawEnforcementResourceshttps://github.com/Digital-Forensics-Discord-Server/DFIRGlossary-----------------------------Open Source Digital Forensic Conference:https://www.osdfcon.org/Using ArtEx to conduct an extraction of a jailbroken iPhone - Ian Whiffin:https://doubleblak.com/blogPosts.php?id=26Log4j - Rob Berends:https://www.linkedin.com/feed/update/urn:li:activity:6876120706095058944Log4j:https://thehackernews.com/2021/12/extremely-critical-log4j-vulnerability.htmlSANS Cyber Threat Intelligence Conference:Join us for the FREE Virtual Cyber Threat Intelligence Summit 2022!Logo-ls A new GitHub repo that combines the Linux LS CMD with logos and icons:https://github.com/Yash-Handa/logo-ls?utm_source=tldrnewsletterJosh Hickman, The Binary Hick - Android 12 Image:https://thebinaryhick.blog/2021/12/17/android-12-image-now-available/Kevin Pagano - Stark4N6 - Forensic4Cast Nominations:https://www.stark4n6.com/2021/12/my-2022-forensic-4cast-awards.htmlForensic4Cast Nomination Page:https://docs.google.com/forms/d/e/1FAIpQLScX-pt0uo9_0GUv-AG-ty7Ya8bZzdRlW8-eP3oABHCsSCQrGQ/viewformFORMOBILE:https://formobile-project.eu/ Hosted on Acast. See acast.com/privacy for more information.

In the seventh episode of Chewing the FAT, Phil & Adam discuss Mental Health and Working within Digital Forensics plus we run through some of the recent Digital Forensics industry news along with the Faux Pas.Featured topics:Sarah Edwards - Apple Pay & Wallet:https://objectivebythesea.com/v4/talks/OBTS_v4_sEdwards.pdfJosh Hickman iOS 15 Powered off tracking and remote wipe & XML Binary findings:https://thebinaryhick.blog/2021/10/27/ios-15-powered-off-tracking-remote-bombs/https://twitter.com/josh_hickman1/status/1456730376030859265 Ian Whiffin - Geofences & Metadata Adjustment:https://www.doubleblak.com/m/blogPosts.php?id=22https://www.doubleblak.com/m/blogPosts.php?id=23Frida & Use case by Christine Fossaceca:https://objectivebythesea.com/v4/talks/OBTS_v4_cFossaceca.pdfhttps://frida.reDFIR Science - Joshua James:https://dfir.science/2021/11/WIN-100USD-and-PRIZES-Nov-DFIR-Dev.htmlhttps://www.youtube.com/watch?v=mM4rbFh4rqg&feature=youtu.behttps://swag.dfir.science/listing/DFIR-Stickers-IDFE?product=661iOS 15 Notes:https://support.apple.com/en-gb/guide/iphone/iphe4d04f674/iosAlex Caithness at CCL:https://github.com/cclgroupltdAlexis Brignoni - all the LEAPPshttps://abrignoni.blogspot.com/R:pple Suicide Prevention:https://www.ripplesuicideprevention.com/FORMOBILE:https://formobile-project.eu/ Hosted on Acast. See acast.com/privacy for more information.

In the sixth episode of Chewing the FAT, Phil & Adam host special guest Alexis Brignoni l to discuss Coding, Community, & Collaborations plus we run through some of the recent Digital Forensics industry news along with the Faux Pas.Digital Evidence & the Crime ScenePaper by Graeme Horsman, exploring the concept of devices being "Digital witnesses", & methodologies & theories regarding scene examination.https://reader.elsevier.com/reader/sd/pii/S1355030621001295?token=FC1BB7A6B9AD84CDC4B95A9700B00F080FB2220C608BA7EAFB46FA280387E70EC79D7B05C0F9C42CF5D0D370218EAFAC&originRegion=eu-west-1&originCreation=20211013063720 Microsoft releases Linux version of Sysadminhttps://www.bleepingcomputer.com/news/microsoft/microsoft-releases-linux-version-of-the-windows-sysmon-tool/amp/ Samsung Power Off Reset Logs & iOS TrackingKevin Pagano, who produces the Start.me! While doing the Cellebrite CTF there was a question on Samsung phone battery life, & Kevin created a parser for ALEAPP to parse the power off log files.https://www.stark4n6.com/2021/10/samsung-power-off-reset-logs.html?m=1https://www.stark4n6.com/2021/10/restore-log-tracking-ios-update-history.html Encouraging different perspectives in Digital Forensicshttps://www.forensicfocus.com/articles/encouraging-different-perspectives-in-digital-forensics-september-research/ AFF4 Evidential Containers - explained by Magnethttps://www.forensicfocus.com/webinars/the-aff4-evidence-container-why-and-whats-next/ Recognizing people in photos through private on-device machine learning - Applehttps://machinelearning.apple.com/research/recognizing-people-photos Brignoni on Teaching and Learning Python https://www.forensicfocus.com/podcast/alexis-brignoni-on-teaching-and-learning-python-why-its-important-and-whats-involved/ Brignoni Blog & YouTubehttps://abrignoni.blogspot.comhttps://www.youtube.com/c/AlexisBrignoni Hosted on Acast. See acast.com/privacy for more information.

In the fifth episode of Chewing the FAT, Phil and Adam host special guest Tom Farrell QPM l to discuss Online child safety and available automated protection systems plus we run through some of the recent Digital Forensics industry news. For the fifth Forensic Faux Pas segment to air, special guest Tom shares a great story of ensuring your spoof address is actually spoofed! Links for some of the content we discussed during the show:The Binary Hick - Josh Hickman - Detecting Android Factory Resethttps://thebinaryhick.blog/2021/08/19/wipeout-detecting-android-factory-resets/ProtonMail - iOS application decryption - Matthew Regneryhttps://xperylab.medium.com/protonmail-forensic-decryption-of-ios-app-8e9ae9f50953Apple delays plays to scan your iCloud - BBChttps://www.bbc.co.uk/news/technology-58433647.ampTom's response to Apples delay - SafeToNet https://safetonet.com/en-gb/2021/08/24/apple-continue-to-raise-eyebrows/ForMobileThis project has received funding from the European Union's Horizon 2020 - Research and Innovation Framework Programme, H2020-SU-SEC-2018, under grant agreement no. 832800.https://formobile-project.eu/ Hosted on Acast. See acast.com/privacy for more information.

In the forth episode of Chewing the FAT, Phil and Adam host special guest Josh Hickman l to discuss Images, Imaging, and Inevitable Investigation Issues plus we run through some of the recent Digital Forensics industry news. For the forth Forensic Faux Pas segment to air, special guest Josh shares a great story of when he joined Kroll. Links for some of the content we discussed during the show: Forensics Start Me Page (DFIR Resource Links) by Kevin Pagano https://start.me/p/q6mw4Q/forensics Digital Forensic Research Workshop - CTF https://dfrws.org/dfrws-2021-challenge/ Windows 365 https://windowsreport.com/windows-365-high-demand/ Apple to scan iPhones for child sex abuse images https://www.bbc.co.uk/news/technology-58109748> https://www.apple.com/child-safety/ Josh Hickman Blog https://thebinaryhick.blog/Kroll & KAPEhttps://www.kroll.com/en/insights/publications/cyber/kroll-artifact-parser-extractor-kapeForMobileThis project has received funding from the European Union's Horizon 2020 - Research and Innovation Framework Programme, H2020-SU-SEC-2018, under grant agreement no. 832800.https://formobile-project.eu/ Hosted on Acast. See acast.com/privacy for more information.

In the third episode of Chewing the FAT, Phil and Adam host special guest Kevin Mansell to discuss training, certification and competence plus we run through some of the recent Digital Forensics industry news.For the third Forensic Faux Pas segment to air, special guest Kevin shares a couple of their embarrassing stories of things that went wrong from their days training days.Links for some of the content we discussed during the show:ETW on Windows 11 - Initial thoughtshttps://blog.tofile.dev/2021/07/01/windows11.htmlHansken - Digital Forensics as a Service?https://www.sciencedirect.com/science/article/pii/S2666281720300706https://www.forensicfocus.com/articles/automating-and-sharing-digital-forensics-knowledge-through-hansken/MSAB Ravenhttps://www.msab.com/raven/Resetting Your IoT Device Before Reselling It Isn't Enoughhttps://gizmodo.com/resetting-your-iot-device-before-reselling-it-isnt-enou-1847220178New blog from Josh - Find My & iCloud's Throne of Lies• iCloud location data lies!• Highlights importance of network isolation during seizure and possession of deviceshttps://thebinaryhick.blog/2021/06/25/apples-find-my-iclouds-throne-of-lies/Android Apps with 5.8 Million Installs Caught Stealing User's Facebook Passwordshttps://thehackernews.com/2021/07/android-apps-with-58-million-installs.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Cyber+Security+Blog%29ControlFhttps://www.controlf.net/This project has received funding from the European Union's Horizon 2020 - Research and Innovation Framework Programme, H2020-SU-SEC-2018, under grant agreement no. 832800. Hosted on Acast. See acast.com/privacy for more information.

In the second episode of Chewing the FAT, Phil and Adam host special guest Heather Mahalik to discuss SANS coming together with the leading industry vendors to produce a validation guide plus we run through some of the recent Digital Forensics industry news.For the second Forensic Faux Pas segment to air, special guest Heather shares a couple of their embarrassing stories of things that went wrong from their early days plus some great stories from our listeners.Links for some of the content we discussed during the show:The State of Android Health Data (Part 1) – Garmin https://thebinaryhick.blog/2021/05/22/the-state-of-android-health-data-part-1-garmin/ Rabbit Hole from CCL (Alex Caithness) https://uploads-ssl.webflow.com/5f02f2c93eab87a6ea84e2f3/60364c14ce5f0e240b78de9c_RabbitHole_DD_2021.pdf MSAB partner with Detego: https://www.forensicfocus.com/news/detego-joins-forces-with-msab-in-strategic-digital-forensics-partnership/#:~:text=Detego%C2%AE%20Joins%20Forces%20With%20MSAB%20In%20Strategic%20Digital%20Forensics%20Partnership,-17th%20May%202021&text=Detego%2C%20global%20leaders%20in%20rapid,in%20mobile%20device%20digital%20forensics. Should encryption be curbed to combat child abuse? https://www-bbc-co-uk.cdn.ampproject.org/c/s/www.bbc.co.uk/news/business-57050689.amp Impacts of COVID 19 on the risk of online child sexual exploitation: https://www.arts.unsw.edu.au/sites/default/files/documents/eSafety-OCSE-pandemic-report-salter-and-wong.pdf Microsoft and UK government make it easier for public sector to use Azure: https://news.microsoft.com/en-gb/2021/05/11/microsoft-and-uk-government-make-it-easier-for-public-sector-organisations-to-use-the-azure-cloud/ Heather's link to DFIR Summit: https://www.sans.org/event/digital-forensics-summit-2021Six Steps to Mobile Validation – Working Together for the Common Good A joint effort with collaboration from across several major DF vendors resulted in a joint standards paper being released by SANS shortly afterwards, promoting good practice. https://www.sans.org/blog/six-steps-to-successful-mobile-validation-paper/Signal Story:Original claim and reply posted in Dec 2020, about "breaking signal encryption"https://signal.org/blog/cellebrite-and-clickbait/ 21st April 2021, posted new blog outlining vulnerabilities in Cellebrite software.https://signal.org/blog/cellebrite-vulnerabilities/Cellebrite response: https://www.cellebrite.com/en/our-mission-remains-clear/We would like to say a special thanks to the EU Formobile Project for supporting and helping fund this project. Without their support we would not have been able to get this off the ground.You can visit the Formobile website at: https://formobile-project.eu/This project has received funding from the European Union's Horizon 2020 - Research and Innovation Framework Programme, H2020-SU-SEC-2018, under grant agreement no. 832800. Hosted on Acast. See acast.com/privacy for more information.

In the first ever episode of Chewing the FAT, Phil and Adam introduce themselves, run through some of the recent Digital Forensics industry news, and share their thoughts on some recently published digital evidence guidance. For the first Forensic Faux Pas segment to air, Phil and Adam share a couple of their embarrassing stories of things that went wrong from their days in the lab.Links for some of the content we discussed during the show:ACPO - https://library.college.police.uk/docs/acpo/digital-evidence-2012.pdfISO 17025 - https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/912389/107_FSR-C-107_Digital_forensics_2.0.pdfForMobile - https://formobile-project.eu/COP Report - https://www.college.police.uk/article/consultation-extracting-data-electronic-devices-releasedCTF Twitter - https://twitter.com/ChewintheFATPodDFIR Twitter # - https://twitter.com/hashtag/dfirForensic Discord Server - https://discord.com/invite/JUqe9EkJosh Hickman - https://thebinaryhick.blog/Heather Mahalik - https://www.cellebrite.com/en/ios-location-artifacts-explained/Jessica Hyde, Magnet Forensics - https://www.magnetforensics.com/blog/ways-to-share-in-dfir/Oleg Afonin, Elcomsoft - https://blog.elcomsoft.com/2021/02/ios-recovery-mode-analysis-reading-ios-version-from-locked-and-disabled-iphones/MSAB - https://www.msab.com/2020/09/17/super-fast-iphone-extraction-times/Belkasoft - https://belkasoft.com/forensic_extraction_of_data_from_mobile_apple_devicesPhill Moore, ThisWeekin4n6 https://thisweekin4n6.com/Android Triage - https://www.andreafortuna.org/2021/04/10/android-triage-a-really-useful-forensic-tool-by-mattia-epifani/Autospy - https://www.cybertriage.com/2021/our-100-unbiased-4cast-awards-nominations/Alexis Brignoni, Realm - https://abrignoni.blogspot.com/search?q=realmMagnet Forensics, Chromebook Acquisition Assistant - https://www.magnetforensics.com/resources/magnet-chromebook-acquisition-assistant/We would like to say a special thanks to the EU Formobile Project for supporting and helping fund this project. Without their support we would not have been able to get this off the ground. You can visit the Formobile website at: https://formobile-project.eu/This project has received funding from the European Union's Horizon 2020 - Research and Innovation Framework Programme, H2020-SU-SEC-2018, under grant agreement no. 832800. Hosted on Acast. See acast.com/privacy for more information.