HK_Dig4nsics

I understand that there are many imaging tools available, both free and commercial, but I wanted to share my testing results using Clonezilla as a digital forensic imaging tool. It may be useful for someone looking to add another reliable option to their forensic toolkit. If you have never heard of or used Clonezilla before, it is a free and open-source tool that can be used to preserve the state of a computer system at a specific point in time. As a digital forensic examiner, I wanted to evaluate it from a forensic acquisition perspective and determine whether it can be trusted for use in our field. Clonezilla Live can be used to create a bootable drive, which allows the examiner to boot directly into the Clonezilla environment without relying on the host operating system. This is important because it minimizes the risk of modifying the target system during acquisition. Once booted, Clonezilla presents several boot options. Each option controls the startup environment, such as nor...

Introduction UpScrolled is an emerging social media platform that continues to gain rapid adoption. As with any social media application, it presents potential evidentiary value in digital forensic investigations. This research documents the identification and structure of UpScrolled chat artifacts recovered from an iOS device using an iTunes-style logical backup extraction. Application Data Application artifacts were successfully recovered via a standard iTunes backup extraction. A preliminary review of the extracted data revealed that UpScrolled application data can be found in the following path within the iOS filesystem: /private/var/mobile/Containers/Data/Application/{UUID} Within this location, user-generated content and application data were stored in the Documents  directory: /private/var/mobile/Containers/Data/Application/{UUID}/ Documents Chat Database UpScrolled stores chat data in a SQLite database named using the format: db_{UserID}.sqlite This naming convention i...