The user downloaded what they thought was the SysInternals tool suite, double-clicked it, but the tools did not open and were not accessible. Since that time, the user has noticed that the system has « slowed down » and become less and less responsive. Goal is to determine what happened, and when. Files can be downloaded HERE…
Windows Forensics Workshop CASE OVERVIEW: You have been given a system that has been used for some illegal activity were the user accessed confidential files that the user was not supposed to access. The system has two user accounts which are the main suspects involved in this case (« joker » and « IEUser »). You are required to…
iCloud Shared Photo Library lets you share photos and videos seamlessly with up to five other people, so everyone can collaborate on the collection and enjoy more complete memories. With an iPad (iOS 15.5) I created an album named “Test” where I put 3 pics & 1 video that I shared with my iPhone’s Apple…
Since iOS 9.3 you can secure notes that have your personal data, like financial details, medical information, or website logins — with a password, Face ID, or Touch ID. For decryption you will need of hashcat, Strawsberry, script pearl to get locked note’s hash and a dictionnary. First, install Strawsberry and launch perl script to…
Like Qualcomm chipsets, Kirin chipsets that equip many Huawei/Honor devices have a secondary boot loader (SBL) that puts the device in Boot ROM mode and opens the COM port. Some forensic tools use it to extract user data. I used Passware Kit Mobile to perform an extraction of Huawei P40e lite (ART-L29) kirin 710 chipset,…