The other day I sat down with the guys at Magnet to take a look through some of the new features in the latest update of AXIOM, and how it compares both to previous updates and to their IEF tool.

This review will focus on AXIOM 2.5. The current version at the time of writing is 2.6; with new versions coming out every month, it’s worth keeping an eye on the new features in each release. One of the main ideas behind version 2.5 was to focus heavily on improving speed performance.

IEF has a similar workflow to AXIOM’s, but it is just an artifacts tool, whereas AXIOM is a full forensics tool. In IEF you choose your evidence sources, fill in the case details and hit ‘Find Evidence’. It will then process your evidence and give you a report on the artifacts. The point of IEF is to have everything in front of you in a format that is easy to analyse, making it simpler to find the most important things and deal with those as a priority.

One big difference between IEF and AXIOM is that AXIOM performs acquisitions, whereas IEF will just load sources that have already been acquired.

Read the full review on Forensic Focus

I met Chet Hosmer at DFRWS in Providence, Rhode Island, earlier this year. Over lunch I explained my upcoming digital forensics book to him, and he was very supportive. When I arrived back in England a copy of one of his books was waiting for me, along with an encouraging note.

Well, the DFIR book project has taken a backseat over the last few months due to me taking on a new psychology of religion research project, but maybe it’ll come back. In the meantime I thought I’d take a look at Chet’s book and write a quick review of it.  (more…)

When I had a meeting with BlackBag a while ago, I was pleasantly surprised by how knowledgeable and enthusiastic the representatives seemed about their products. Not only were they open to showing me all sorts of things the tools could do, they also knew the back stories to how they were created, and why they’re necessary for the field.

So when I got the chance to review the latest version of BlackLight, I decided to go for it.  (more…)

A few weeks ago I met up with a representative from BlackBag Technologies in a Breather room in London. He showed me how MacQuisition works and talked me through some of its capabilities.

Then I flew off to various conferences around Europe and the USA, and I finally got back last week so I have posted my review of the product. You can find it on Forensic Focus.

Also, sorry for the lack of posts recently. I’m trying to do about a million things but it’s 35 degrees in London today and they’re predicting it’ll reach 37 on Friday. I cannot brain in this heat.

SQLite forensics is an important part of many digital forensic investigations. Most smartphones and computer operating systems use SQLite, with each device often including hundreds of databases. Despite this extreme proliferation, SQLite forensics is often overlooked in conversations about current trends in digital forensics. Paul Sanderson’s book attempts to redress the balance and bring attention to the importance of SQLite forensics. (more…)

This article is a recap of some of the main highlights from the Techno Security & Forensic Investigation Conference 2018, which took place in Myrtle Beach, SC from the 3rd-6th June 2018.

Under the sunny skies of South Carolina, the digital forensic community got together at the beginning of June this year to discuss topics ranging from international espionage to the admissibility of evidence obtained from the cloud. (more…)

Mobile forensics is a growing subsection of digital forensic investigation. With the proliferation of devices, applications and operating systems available nowadays, it’s increasingly becoming a vital and complex field. The skillset needed to accurately acquire evidence from mobile devices may seem dauntingly wide-ranging, especially when so many of us are dealing with backlogs in the first place. How are we supposed to keep up to date with this ever-evolving challenge?

Luckily we have books like this to help us out. (more…)

One of the most frequent questions I get from digital forensics students is about resources: where can they go to continue learning, where can they find out more about the industry, what are the best blogs and social accounts out there for DFIR people?

The below is by no means an exhaustive list, but here are some of the places I get my computer forensics news from, which you might find helpful.  (more…)