Wednesday, October 30, 2013

Mobile forensic education and training


It si a good news that Celebrite http://www.cellebrite.com has started to formalise training process and procedures. As I have been with their mobile forensic product UFED since 2010 I had some very frustrating experiences delivering UFED trainings, hopefully this is past. Trainign is formalised, well described http://www.cellebritelearningcenter.com/mod/page/view.php?id=16 and finally should provide official edu materials. This will provide us with reference materials which can be translated also hopefully someone will keep documentation in sync with software releases. Horrors of having manuals beeing version 2.4 while software is 3.6 is hopefully behind us.
Requests for trainer certification is finally defined, as for “Cellebrite Certified Instructor Certifications”, still they have some topics to cover. Mobile forensic is young field and vendors has not yet grasped fact about standardisation of interfaces and formats. On the training website one thing is missing, Python programing with physical analyzer product. By my opinion this is maybe too advanced for everyday users but course should be available.

Micro systemation http://www.msab.com/ has such traings approach for quite a long time. Traings are well defined http://www.msab.com/training/training-overview. With other vendors are more or less same, depends how deep vendors grabs mobile forensics. Ill fated Encase Neutrino had once its own very good training. Today Accessdata has its own MPE+ Mobile Forensics product, http://www.accessdata.com/training with elaborate training.
As some other available things and sources for mobile forensics my favourite is http://my.safaribooksonline.com/book/networking/forensic-analysis/9781597495967 “Digital Triage Forensics: Processing the Digital Crime Scene”, By: Stephen Pearson perfect intro into classic mobile devices forensic and Paraben tools.

Monday, October 28, 2013

LTEC 2013 Prag

This is a bit late post about Prag forensic conference LTEC 2013 http://www.lawtecheuropecongress.com/. It is a nice conference with goal to bringing digital forensic practinioer and law practitioners into contact. A lot of panels workshops and presentations, many presenters local and world wide vendors.
My task there was to have a small 2 hour workshop on Encase Forensic v7, to present how things are done in latest Encase, to show some basic set of features , about 20% of functionality.

Slides are on the slideshare http://www.slideshare.net/DamirDelijadamirdeli/ltec-2013-encase-v70801-presentation. It was supposed to be 20 people attending so nice cozy working environment.  Required PCs were supposed to provided by local conference partner in Prag, while we provide EnCase. As it goes in real world delivered workshop machines were so weak and undersized,  it was not possible to run workshop , to be worse machines were delivered late, just evening before start of LTEC. So I've canceled the workshop and went to just doing live presentation of scenario workshop, My colleague  Davorka Foit kept her part on EnCase reporting also as presentation.

Steve Gregory from GuidanceSoftware had very interesting presentation on the TD3 forensic duplicator http://www.tableau.com/index.php?pageid=products&model=TD3 by Tableau. It was masterly done even when IT infrastructure, especially power was giving some troubles. Whole presentation was  about network access to TD3 in write blocking mode, this feature was a bit buggy before last firmware update, but know works perfect. It is interesting idea by FBI, which actually shows reality in the digital forensic field, not enough trained people to go. Steve also helped us with borrowing us one of his usb write blokers for modified workshop/presentation.  


Just to expand my digital forensic knowledge I visited a museum related to historical fact finding methods http://www.museumtortury.cz/en/index.html. It gives a very interesting ideas to solve problems with misdelivered equipement.