sleuthkit-users — List to discuss Autopsy and The Sleuth Kit.

[sleuthkit-users] Announcing New DFIR 6, 7 & 8 Streams

[Andrew Z. <sch...@gm...>]

Dear All,

The Association of Cyber Forensics and Threat Investigators invites you to
join our next webinars:

"DFIR Stream 0x6" on Tuesday, April 16 · 4:00 – 5:00 pm (GMT+00:00) UK Time
Title: Operationalizing Machine Learning for Networks,
by Shinan Liu, University of Chicago.
Register@ https://www.acfti.org/news-events/dfir-stream-0x6

"DFIR Stream 0x7" on Tuesday, May 7. 1:30 – 2:30 pm (GMT+00:00) UK Time
Title: Malware Detection in Memory Forensics: Open Challenges and Issues,
by Dr. Ricardo J. Rodríguez, University of Zaragoza.
Register@ https://www.acfti.org/news-events/dfir-stream-0x7

"DFIR Stream 0x8" on Monday, May 13 · 4:00 – 5:00 pm (GMT+00:00) UK Time
Title: Low-Level Hardware Information Assisted Approach Towards System
Security,
by Dr. Chen Liu, Clarkson University.
Register@ https://www.acfti.org/news-events/dfir-stream-0x8

======Housekeeping Notes======

- Note that this event is online only. Hence, You must register to receive
a link to connect. Due to limited availability, we kindly ask you to
register as soon as possible to ensure your participation in the webinar of
your choice.

- For Students, A certificate of successful participation in the event will
be delivered upon request for free (after verifying attendance), indicating
the number of hours of the seminar (please make sure that you add the
correct name in the registration form). This should be sufficient for those
participants who plan to request ECTS recognition from their home
university.

Join Us & stay tuned! #CyberSecurity #MemoryForensics #MachineLearning
#AnomalyDetection

Finally, I would like to remind you that the call for speakers is currently
open on the dedicated DFIR stream website,
https://dfir.stream/call-for-guest-speakers

To get more news about our events, please join our low-traffic announcement
group @ https://groups.google.com/g/acfti

This event is brought to you by CFTIRC (Cyber Forensics & Threat
Investigations Research Community).

Best regards,
Andrew Zayin Ph.D., CISSP, CISM, CRISC, CDPSE, PMP
ACFTI Secretariat

[sleuthkit-users] DFIR Stream release schedule announced

[Andrew Z. <sch...@gm...>]

Dear All,

We're thrilled to announce the schedule of the first and second series of
DFIR Stream.

"DFIR Stream 0x1" is happening on 29th February 2024, with the pioneer of
the software #forensics field.
More information & registration details @
https://www.acfti.org/news-events/dfir-stream-0x1

"DFIR Stream 0x2" is happening on the 1st of March 2024 with pioneers from
the #IoT #security field.
More information & registration details @
https://www.acfti.org/news-events/dfir-stream-0x2

   - Note that this event is online only. Hence, You must register to
   receive a link to connect. Due to limited availability, we kindly ask you
   to register as soon as possible to ensure your participation in the webinar
   topic of your interest.
   - For Students, A certificate of successful participation in the event
   will be delivered upon request, indicating the number of hours of the
   seminar (please make sure that you add the correct name in the registration
   form). This should be sufficient for those participants who plan to request
   ECTS recognition from their home university.

This event is brought to you by CFTIRC (Cyber Forensics & Threat
Investigations Research Community).

To get more news about our events, please join our low-traffic announcement
group @ https://groups.google.com/g/acfti

Thank you in advance for your consideration, We look forward to your
participation in the upcoming webinars and the impact they will have on our
community.

[sleuthkit-users] Invitation Guest Speaker @ ACFTI Cybersecurity stream

[Andrew Z. <sch...@gm...>]

On behalf of the Association of Cyber Forensics and Threat
Investigators (ACFTI), I am pleased to invite you to the new
Cybersecurity stream lecture/seminar series.

The presentation is a maximum of 1 hour in length, with an audience of
about 60+, made up of undergraduate and postgraduate students plus
cybersecurity students from developing countries. Our goal is to shine
a spotlight on the broad array of new advances in cybersecurity
science and operations currently adopted in the industry. This session
will be conducted online. It will be fantastic to have any hands-on
topics related to cyber forensics.

Your discussion on this topic will be a great addition to our event.

Expressions of interest to present from anyone doing research or
applying cybersecurity techniques to practical or theoretical
applications related to the interactions between cyber forensics and
threat investigations can be sent as a summary of your work (c.200
words) to acfti (at) acfti (dot) org by February 15, 2024

Thank you in advance for your consideration, and we are very much
looking forward to hearing from you.

To get more news about our events, please join our low-traffic
announcement group @ https://groups.google.com/g/acfti
________________________________________________________
Association of Cyber Forensics and Threat Investigators
https://www.acfti.org
Twitter: @acfti

[sleuthkit-users] Invitation Guest Speaker @ ACFTI DFIR stream

[Andrew Z. <sch...@gm...>]

On behalf of the Association of Cyber Forensics and Threat
Investigators (ACFTI), I am pleased to invite you to the new DFIR
stream lecture/seminar series.

The presentation is a maximum of 1 hour in length, with an audience of
about 60+, made up of undergraduate and postgraduate students plus
cybersecurity students from developing countries. Our goal is to shine
a spotlight on the broad array of new advances in cybersecurity
science and operations currently adopted in the industry. This session
will be conducted online. It will be fantastic to have any hands-on
topics related to cyber forensics.

Your discussion on this topic will be a great addition to our event.

Expressions of interest to present from anyone doing research or
applying cybersecurity techniques to practical or theoretical
applications related to the interactions between cyber forensics and
threat investigations can be sent as a summary of your work (c.200
words) to
acfti (at) acfti (dot) org by February 15, 2024

Thank you in advance for your consideration, and we are very much
looking forward to hearing from you.

To get more news about our events, please join our low-traffic
announcement group @ https://groups.google.com/g/acfti
________________________________________________________
Association of Cyber Forensics and Threat Investigators
https://www.acfti.org
Twitter: @acfti

[sleuthkit-users] No Web Results were returned after disk image or local disk analysis despite Presence of Web data.

[Pearl L. <pea...@gm...>]

Hello, Sleuthkit-users community,

I am new and starting on digital forensics analysis with Autopsy. Upon
adding the Recent Activity Ingestion Module for the analysis of a disk
image file and a live analysis on a local disk that certainly has a lot of
web history, no results were returned despite a report that no errors were
encountered during analysis. Included in the notification is also this
information below from Autopsy:

       Browser Data on terry-work-usb-2009-12-11.E01: (This is the same for
the local disk analysis as well)

   - Chromium Analyzer: Not Found.
   - Firefox Analyzer: Not Found.
   - Internet Explorer Analyzer: Not Found.
   - Microsoft Edge Analyzer: Found.
   - Safari Analyzer: Not Found.

I have searched for any information to help my case but I did not find
much. I am running Autopsy 4.21.0 on a Windows 11. Any help or pointers
regarding this will be much appreciated.

Kind regards,

[sleuthkit-users] Hi' I am abdiaziz please can i get anyway sleuthkit forensic tool with documentation and source code

[Abdiaziz A. <suh...@gm...>]

Re: [sleuthkit-users] PB au lancement d'un CASE

[Derrick K. <dk...@gm...>]

Bonjour. <Google Translate>

Que se passe-t-il si vous supprimez les dossiers
"C:\Users\<username>\AppData\Local\autopsy" et
"C:\Users\<username>\AppData\Roaming\autopsy" et réessayez ?

On Wed, Jan 18, 2023 at 7:10 AM JRB <jrb...@gm...> wrote:
>
> Bonjour,
> J'ai téléchargé et installé Autopsy sur une VM Windows10
> Je crée un CASE CASE01
> Dossier c: _AUTOPSY\CASE01
> Puis la fenêtre Select Host s'affiche
> Je clique sur Next et là ça bloque !
>
>
> Merci de votre aide
> _______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org

[sleuthkit-users] PB au lancement d'un CASE

[JRB <jrb...@gm...>]

Bonjour,
J'ai téléchargé et installé Autopsy sur une VM Windows10
Je crée un CASE CASE01
Dossier c: _AUTOPSY\CASE01
Puis la fenêtre Select Host s'affiche
Je clique sur Next et là ça bloque !
[image: image.png]

Merci de votre aide

Re: [sleuthkit-users] Issues with parsing image file in command line mode

[fu1crum <fu...@pr...>]

Please note that my Autopsy version is 4.19.2; not 4.18 as mentioned earlier.

------- Original Message -------
On Thursday, July 21st, 2022 at 5:46 PM, fu1crum via sleuthkit-users <sle...@li...> wrote:

> Hello everyone,
>
> I installed Autopsy 4.18 on Debian 10 using the provided zip archive. After some initial troubleshooting with solr, everything worked like a charm. I can add data sources, run ingests and conduct analysis using GUI.
>
> However, when I try to solve the same test case using command line, Autopsy fails to understand the ".img" or ".E01" nature of the image passed using '--dataSourcePath' argument. I'm trying to use the following command:
>
> autopsy --createCase --caseName="TestCase" --caseBaseDir="/mnt/autopsyCases" --addDataSource --dataSourcePath="/mnt/autopsyImages/testImage.E01" --runIngest
>
> I've tried both E01 and raw images from multiple test cases. In each case, the command line Autopsy fails to understand that these are image files. Instead, it simply attempts to carve the image file as a standard file, and thus fails to identify partitions, operating system details, registry details, recent activity, etc. The same image files are processed fine if I add them using GUI.
>
> I should mention that Autopsy doesn't throw any kind of error in either the CLI or the GUI mode.
>
> Any help will be deeply appreciated. Regards.

[sleuthkit-users] Issues with parsing image file in command line mode

[fu1crum <fu...@pr...>]

Hello everyone,

I installed Autopsy 4.18 on Debian 10 using the provided zip archive. After some initial troubleshooting with solr, everything worked like a charm. I can add data sources, run ingests and conduct analysis using GUI.

However, when I try to solve the same test case using command line, Autopsy fails to understand the ".img" or ".E01" nature of the image passed using '--dataSourcePath' argument. I'm trying to use the following command:

autopsy --createCase --caseName="TestCase" --caseBaseDir="/mnt/autopsyCases" --addDataSource --dataSourcePath="/mnt/autopsyImages/testImage.E01" --runIngest

I've tried both E01 and raw images from multiple test cases. In each case, the command line Autopsy fails to understand that these are image files. Instead, it simply attempts to carve the image file as a standard file, and thus fails to identify partitions, operating system details, registry details, recent activity, etc. The same image files are processed fine if I add them using GUI.

I should mention that Autopsy doesn't throw any kind of error in either the CLI or the GUI mode.

Any help will be deeply appreciated. Regards.

[sleuthkit-users] [CFP] 2nd International Workshop on Cyber Forensics and Threat Investigations Challenges CFTIC 2022 (Virtual)

[Andrew Z. <sch...@gm...>]

*2nd International Workshop on Cyber Forensics and Threat Investigations
Challenges*

                     *October 10-11, 2022, Taking Place Virtually from the
UK*

https://easychair.org/cfp/CFTIC2022


Cyber forensics and threat investigations has rapidly emerged as a new
field of research to provide the key elements for maintaining security,
reliability, and trustworthiness of the next generation of emerging
technologies such as the internet of things, cyber-physical systems,
cloud/edge/fog computing, software-defined network, and network function
virtualization. Complicated efforts are required in suitable and timely
manners against any threats detected within these systems. Moreover, new
frameworks are required to collect and preserve potential evidential data
in suitable and timely manners as well. To guarantee proper cyber-defenses
and strategies against the expanding landscape of criminal activities as
well as rapidly advancing emerging technologies.

The main motivation for this Workshop is to bring together researchers and
practitioners working on cyber forensics and threat investigations for
emerging infrastructures to disseminate current research issues and
advances. Original technical papers describing new, state-of-the-art
research, will be considered. The Workshop welcomes submissions that
evaluate existing research results by reproducing experiments. The aim of
this workshop is to provide insight for the discussion of the major
research challenges and achievements on various topics of interest.

*Important Dates*

*Technical Paper Submission Deadline: **15 September 2022*

*Poster and Demo Track Submission Deadline: **20 September 2022*

*Authors Notifications: **30 September 2022*

*Camera Ready due: **05 October 2022*

*The registration is **free-off-charge **for All members of the Association
**(Thanks to our financial supporters who made this possible)*

Scope of The Workshop

*Technical Paper Track*

Papers on practical as well as theoretical topics and problems in various
topics related to cyber forensics and threat investigations are invited,
with special emphasis on novel techniques and tools to collect data from
networked systems and services in emerging technologies (such as the ones
can be found in cyber-physical systems and Internet of things,
cloud/edge/fog computing, software-defined network, and network function
virtualization). Topics include (but are not limited to):

·        Forensics and threat investigations in IoT

·        Forensics and threat investigations in peer-to-peer, and social
networks

·        Forensics and threat investigations in SDN/NFV

·        Forensics and threat investigations in Cloud Computing

·        Forensics and threat investigations in Smart Technologies Systems
(Smart Cars, Smart Homes, Smart Cities)

·        Dark Web Investigations, Forensics, and Monitoring

·        Forensics and threat investigations in Virtual private networks

·        Security and Privacy in Clouds, Fog Computing, and 5G, and 6G

·        Security and Privacy in IoT, SDN/NFV, and Edge Computing

·        Security and Privacy in Smart Technologies Systems (Smart Cars,
Smart Homes, Smart Cities)

·        Forensics and visualization of Big Data

·        Trusted Computing in Smart Technologies Systems (Smart Cars, Smart
Homes, Smart Cities)

·        Tools and services for cyber forensics and threat investigations

·        OSINT (Open Source Intelligence)

·        Cooperative and distributed forensics and threat investigations

·        Advanced threat investigations, forensic and anti-forensic
techniques

·        Attack detection, traceback and attribution in Emerging
Technologies

·        Malware Analysis and Attribution

·        Digital Evidence Extraction/Analysis using Artificial
intelligence, Machine Learning and Data Mining

·        Data exfiltration techniques from networked devices and services
(e.g. cyber-physical systems, and Internet-of-Things)

·        Methods for reconstruction of Digital Evidence in Emerging
Technologies

·        Forensics and threat investigations in E-health/M-health

·        Vulnerability & threat detection and mitigation techniques for
networked services

·        Novel large-scale investigations and Machine Learning techniques
to analyze intelligence data sets and logs

We also encourage contributions describing innovative work in the realm of
cybersecurity, cyber defense, and digital crimes.

*Poster and Demo Track*

CFTIC 2022 solicits the submission of posters and demos on specific aspects
of cyber forensics and threat investigations, particularly related to the
subject areas indicated by the CFTIC 2022 topics of interest. Posters
provide a forum for authors to present their work in an informal and
interactive setting. They allow authors and interested participants to
engage in discussions about their work. In particular, a poster submission
should motivate its relevance to the communities of cyber forensics and
threat investigations, and summarize the main challenges, experiences, and
novel ideas. A demonstration should present an existing tool or research
prototype. Authors are expected to provide a demonstration during the
poster and demonstration session. A demonstration submission should clearly
describe the motivation, the novelty of the contribution, and the
applicability of the tool or prototype to specific use cases. Posters or
demonstrations can be submitted for evaluation in the form of an extended
abstract. Submissions are limited to 1 page including references. All
submissions must present only original and unpublished work that is not
currently under review at any other venue. Demonstrations must include in
the abstract of the paper a link to a video of up to 5 minutes hosted in a
permanent location. The video must show the existing tool or research
prototype in action. Moreover, demonstrations are encouraged to include a
link to a website where the source code of the produced software is
available when it is possible.

Submission

Paper submissions must present original research or experiences.
Late-breaking advances and work-in-progress reports from ongoing research
are also encouraged. Only original papers that have not been published or
submitted for publication elsewhere can be submitted. Also, extended
versions of conference or workshop papers that are already published may be
considered as long as the additional contribution is at least 30% new
content from the original. Each submission must be written in English,
accompanied by a 75 to 200-word abstract, and a list of up to 5 keywords.
There is a length limitation of 4 pages (at least 10pt font, one-column
format) for extended abstracts including (title, abstract, figures, tables,
and references). Submissions must be in ECEASST-CFTIC 2022 template.
Authors should submit their papers electronically via the EasyChair online
submission system <https://easychair.org/conferences/?conf=cftic2022>.

·        ECEASST-CFTIC-Latex-Template
<https://conceptechint.net/ECEASST-cls-XXX-CFTIC-2022.zip>

·        ECEASST-CFTIC-Word-Template
<https://conceptechint.net/ECEASST-%20CFTIC-2022.doc>

The submission processes will be managed by easychair
<https://easychair.org/conferences/?conf=cftic2022> If you have used this
system before, you can use the same username and password. If this is your
first time using EasyChair, you will need to register for an account by
clicking the “I have no EasyChair account” button. Upon completion of
registration, you will get a notification email from the system and you are
ready for submitting your paper. You can upload and re-upload the paper to
the system.

Publication

CFTIC 2022 proceedings are to be published open access via the Electronic
Communications of the EASST Journal (ECEASST) indexed in *Scopus*, *DBLP,* and
listed in the *Directory of Open Access Journals (DOAJ)*. Selected papers
presented at the workshop, after further revision, will have the
opportunity to be published in special issues in indexed and/or high-impact
factor journals (details on the website).

Main Contact

If you have any further questions please contact the workshop organizers
via https://www.acfti.org/contact

This Workshop is Technically Supported by

Association of Cyber Forensics and Threat Investigators (www.acfti.org)

Industrial Cybersecurity Center (www.cci-es.org)

Send by Andrew Zayin on Behalf of CFTIC2022 PC Chairs.

Andrew Zayin Ph.D, CISSP, CISM, CRISC, CDPSE, PMP
________________________________________________________
Association of Cyber Forensics and Threat Investigators
https://www.acfti.org
Twitter: @acfti

Re: [sleuthkit-users] VHDX

[Derrick K. <dk...@gm...>]

Hello.

There are a few ways of doing this. In Linux you could use 'qemu-image' to
convert the VHDX to .E01 or use 'guestmount' from libguestfs-tools to mount
it and then image it. In Windows you could also load the VHDX image up in
X-Ways and image it out to a .E01. I believe Arsenal Image Mounter will
also allow you to expose it to Windows. Finally, if I recall, you can use
disk manager in Windows to attach a vhd/vhdx to the system.


On Tue, May 17, 2022 at 3:46 PM Mark Fisher <new...@gm...> wrote:

> Hi,
> I have been given a VHDX image, and have tried many ways to create an
> .E01 forensics image from this VHDX image, using Access Data's FTK Imager.
> Unfortunately, they all failed to load correctly into Autopsy.
>
> Please could anybody tell me if this should work with a VHDX (not vhd)
> image?
>
> Although the file hashes were preserved, I could see no time-stamps in
> Autopsy using any of the methods I tried.
>
> The versions I have used are
>
> AccessData® FTK® Imager 4.2.1.4
>
> Autopsy 4.17.0 (RELEASE) Sleuth Kit Version: 4.10.1
>
> Many thanks
>
>
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Virus-free.
> www.avast.com
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
> <#m_-7603269990275290925_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
> _______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org
>

[sleuthkit-users] VHDX

[Mark F. <new...@gm...>]

 Hi,
I have been given a VHDX image, and have tried many ways to create an .E01
forensics image from this VHDX image, using Access Data's FTK Imager.
Unfortunately, they all failed to load correctly into Autopsy.

Please could anybody tell me if this should work with a VHDX (not vhd)
image?

Although the file hashes were preserved, I could see no time-stamps in
Autopsy using any of the methods I tried.

The versions I have used are

AccessData® FTK® Imager 4.2.1.4

Autopsy 4.17.0 (RELEASE) Sleuth Kit Version: 4.10.1

Many thanks

<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
Virus-free.
www.avast.com
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

[sleuthkit-users] Support for AFF4 file format

[<dmw...@ve...>]

Hello,

 

Does the latest Sleuthkit process AFF4 file formats? If so, can you point me
to documentation?

 

Thanks,

Dave

[sleuthkit-users] Membership Drive - Association of Cyber Forensics

[Andrew Z. <sch...@gm...>]

The Association of Cyber Forensics and Threat Investigators (ACFTI) is
an ambitious, non-profit technical organisation focusing on the
academics and research of cybersecurity, digital forensics, incident
response, and threat investigations and their influence to the
society. ACFTI started in 2016 as an initiative dedicated to promoting
all areas of cybersecurity, digital forensics, incident response, and
threat investigations in Latin America, but efforts were
systematically consolidated in 2020 to report new developments and
latest proven methodologies and to publish scholarly research
presenting the current research issues and advances in the mentioned
areas. Listed in the Union of International Associations with UIA Org
ID AA1922.

Website: https://www.acfti.org/
Twitter: @acfti
Facebook: https://www.facebook.com/groups/ACFTI/

Association Growth Initiative
----------------------------------

In response to the growing fragmentation of applied knowledge in
cybersecurity, digital forensics, incident response, and threat
investigations, ACFTI has successfully established an international
workshops series, which successfully held two workshops in Dubai and
Germany. ACFTI also maintains a free open-access journal "Journal of
Cyber Forensics and Advanced Threat Investigations". Thanks to our
industry partners, and financial supporters who made this possible.

We are planning to get involved in more projects, events, and
activities more relevant to our areas of interest.

Membership Drive and Volunteers Needed
----------------------------------

To achieve our goals of increasing growth in society, We are seeking
to increase our members and are looking for volunteers to join us and
to establish special interest groups and chapters across different
disciplines and countries. All are welcome (early career researchers,
academics, students, practitioners, experienced researchers, civil
servants), underrepresented groups in cybersecurity are especially
welcome to join us as well.

If you are doing applied research in any of our areas of interest, or
you are simply interested in cybersecurity, feel free to fill out this
Google form as an Expression of Interest in joining the "Association
of Cyber Forensics and Threat Investigators".
https://forms.gle/adUy9cA8yzTzx96z5
After receiving the Expression of Interest, you will be invited to our
communication platform where we can coordinate the community and set
up events and other collaboration opportunities.

What do We Offer
----------------------------------

ACFTI offers the possibility of making an impact by offering
collaboration in joint projects and activities, internships for
students, training and continuing professional education, research
achievement/outstanding service awards to recognize outstanding
individuals who have made a significant contribution to cybersecurity,
digital forensics, incident response, and threat investigations every
year. ACFTI is also in the process of setting up a fellow award to
recognize outstanding leaders of the profession who have made
significant, nationally recognized contributions to cybersecurity,
digital forensics, incident response, and threat investigations. A
fellow is the highest classification of ACFTI membership.

Finally, feel free to forward this email to colleagues or others that
might be interested.

Sent By: Andrew Zayine, on behalf of the President of the association board
Prof. John William Walker
Nottingham Trent University,
Cyber Security Researcher/Consultant, and Practicing Expert Witness,
Cybersec Innovation Partners Ltd, London, SE1 9SG, United Kingdom,

Re: [sleuthkit-users] New Open-Source Forensic Tool for SQLite Data Recovery

[Luís F. N. <lfc...@gm...>]

Good paper, thanks for pointing it out. The tool seems promising. As the
article says it is distributed under MPL v2 or GNU GPL v3, I wonder where
the source code can be found, I just found the binaries in the referenced
site. In the tool GUI just GNU GPL v3 is shown without any reference to the
source...

Best regards,
Luis Nassif

Em sáb, 19 de jun de 2021 16:07, Andrew Zayine <sch...@gm...>
escreveu:

> Hi All,
>
> As an editorial assistant in the International Journal of Cyber
> Forensics and Advanced Threat Investigations (ISSN: 2753-9997), I
> would like to highlight a new open-source tool presented recently in
> the journal.
>
> (FQLite) is a tool to find and restore deleted records in SQLite
> databases. It, therefore, examines the database for entries marked as
> deleted. Those entries can be recovered and displayed. It is written
> with the Java programming language. The program can operate in two
> different modes. It can be started from the command line (CLI mode). A
> simple graphical user interface is also supported (GUI mode).
>
> The program is able to search an SQLite database file for regular as
> well as deleted records.
>
> Official Project Webpage
> ---------------------------------
> Check out the latest binary version (as a runnable jar-Archive) from
> the official project homepage:
> https://www.staff.hs-mittweida.de/~pawlaszc/fqlite/
>
> Technical Background
> ------------------------------
> On overview article highlighting the technical background of FQLite
> can be retrieved from
>
> Pawlaszczyk, D., & Hummert, C. (2021). Making the Invisible
> Visible–Techniques for Recovering Deleted SQLite Data Records.
> International Journal of Cyber Forensics and Advanced Threat
> Investigations, 1(1-3), 27-41.
> DOI: https://doi.org/10.46386/ijcfati.v1i1-3.17
>
> Prerequisites
> ------------------
> To run the tool you need at least a Java Runtime Environment 1.8 or higher.
>
> Example Usage
> ---------------------
> To run the FQLite in GUI mode the executable jar can normally be
> started with a double-click on the jar-archive file. If this does not
> work, since javaw is not linked correctly to .jar files, you can use
> the command line as well:
>
> $>java -jar fqlite.jar
>
> To run the FQLite from the command line you can use the following command:
>
> $>java -cp fqlite.jar fqlite.base.MAIN <database.db>
>
> Licence and Author
> --------------------------
> Author: Dirk Pawlaszczyk paw...@hs...
>
> FQLite for SQLite is bi-licensed under the Mozilla Public License
> Version 2, as well as the GNU General Public License Version 3 or
> later.
>
> You can modify or redistribute it under the conditions of these licenses.
>
> Best Regards
> Andrew Zayine, Ph.D., CISSP, CISM, CRISC, CDPSE, PMP
>
>
> _______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org
>

Re: [sleuthkit-users] New Open-Source Forensic Tool for SQLite Data Recovery

[Ken P. <kd...@gm...>]

Thanks for the info, Andrew. Definitely going to try it out.
Ken

On Sat, Jun 19, 2021, 14:08 Andrew Zayine <sch...@gm...>
wrote:

> Hi All,
>
> As an editorial assistant in the International Journal of Cyber
> Forensics and Advanced Threat Investigations (ISSN: 2753-9997), I
> would like to highlight a new open-source tool presented recently in
> the journal.
>
> (FQLite) is a tool to find and restore deleted records in SQLite
> databases. It, therefore, examines the database for entries marked as
> deleted. Those entries can be recovered and displayed. It is written
> with the Java programming language. The program can operate in two
> different modes. It can be started from the command line (CLI mode). A
> simple graphical user interface is also supported (GUI mode).
>
> The program is able to search an SQLite database file for regular as
> well as deleted records.
>
> Official Project Webpage
> ---------------------------------
> Check out the latest binary version (as a runnable jar-Archive) from
> the official project homepage:
> https://www.staff.hs-mittweida.de/~pawlaszc/fqlite/
>
> Technical Background
> ------------------------------
> On overview article highlighting the technical background of FQLite
> can be retrieved from
>
> Pawlaszczyk, D., & Hummert, C. (2021). Making the Invisible
> Visible–Techniques for Recovering Deleted SQLite Data Records.
> International Journal of Cyber Forensics and Advanced Threat
> Investigations, 1(1-3), 27-41.
> DOI: https://doi.org/10.46386/ijcfati.v1i1-3.17
>
> Prerequisites
> ------------------
> To run the tool you need at least a Java Runtime Environment 1.8 or higher.
>
> Example Usage
> ---------------------
> To run the FQLite in GUI mode the executable jar can normally be
> started with a double-click on the jar-archive file. If this does not
> work, since javaw is not linked correctly to .jar files, you can use
> the command line as well:
>
> $>java -jar fqlite.jar
>
> To run the FQLite from the command line you can use the following command:
>
> $>java -cp fqlite.jar fqlite.base.MAIN <database.db>
>
> Licence and Author
> --------------------------
> Author: Dirk Pawlaszczyk paw...@hs...
>
> FQLite for SQLite is bi-licensed under the Mozilla Public License
> Version 2, as well as the GNU General Public License Version 3 or
> later.
>
> You can modify or redistribute it under the conditions of these licenses.
>
> Best Regards
> Andrew Zayine, Ph.D., CISSP, CISM, CRISC, CDPSE, PMP
>
>
> _______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org
>

[sleuthkit-users] New Open-Source Forensic Tool for SQLite Data Recovery

[Andrew Z. <sch...@gm...>]

Hi All,

As an editorial assistant in the International Journal of Cyber
Forensics and Advanced Threat Investigations (ISSN: 2753-9997), I
would like to highlight a new open-source tool presented recently in
the journal.

(FQLite) is a tool to find and restore deleted records in SQLite
databases. It, therefore, examines the database for entries marked as
deleted. Those entries can be recovered and displayed. It is written
with the Java programming language. The program can operate in two
different modes. It can be started from the command line (CLI mode). A
simple graphical user interface is also supported (GUI mode).

The program is able to search an SQLite database file for regular as
well as deleted records.

Official Project Webpage
---------------------------------
Check out the latest binary version (as a runnable jar-Archive) from
the official project homepage:
https://www.staff.hs-mittweida.de/~pawlaszc/fqlite/

Technical Background
------------------------------
On overview article highlighting the technical background of FQLite
can be retrieved from

Pawlaszczyk, D., & Hummert, C. (2021). Making the Invisible
Visible–Techniques for Recovering Deleted SQLite Data Records.
International Journal of Cyber Forensics and Advanced Threat
Investigations, 1(1-3), 27-41.
DOI: https://doi.org/10.46386/ijcfati.v1i1-3.17

Prerequisites
------------------
To run the tool you need at least a Java Runtime Environment 1.8 or higher.

Example Usage
---------------------
To run the FQLite in GUI mode the executable jar can normally be
started with a double-click on the jar-archive file. If this does not
work, since javaw is not linked correctly to .jar files, you can use
the command line as well:

$>java -jar fqlite.jar

To run the FQLite from the command line you can use the following command:

$>java -cp fqlite.jar fqlite.base.MAIN <database.db>

Licence and Author
--------------------------
Author: Dirk Pawlaszczyk paw...@hs...

FQLite for SQLite is bi-licensed under the Mozilla Public License
Version 2, as well as the GNU General Public License Version 3 or
later.

You can modify or redistribute it under the conditions of these licenses.

Best Regards
Andrew Zayine, Ph.D., CISSP, CISM, CRISC, CDPSE, PMP

Re: [sleuthkit-users] TSK Commands on a Live System

[Niles A. <na...@gm...>]

fls \\.\C:

On Tue, Jun 15, 2021 at 2:00 PM Cheche O.A. <che...@ho...> wrote:

> How can I use The Sleuth Kit Commands on a live system? What option should
> I provide for the disk?
> _______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org
>

[sleuthkit-users] TSK Commands on a Live System

[Cheche O.A. <che...@ho...>]

How can I use The Sleuth Kit Commands on a live system? What option should I provide for the disk?

[sleuthkit-users] Inaugural Issue of the Journal of Cyber Forensics and Advanced Threat Investigations

[Andrew Z. <sch...@gm...>]

Dear   Cybersecurity Researchers,
          Red || Yellow || Blue Teamers,

International Journal of Cyber Forensics and Advanced Threat
Investigations (IJCFATI) is the first open access, peer-reviewed,
scholarly journal, that is dedicated entirely to the study of tools,
techniques, procedures, and methodologies of Red, Yellow, and Blue
teamers.

IJCFATI is a gold-open access journal, which means it does not charge
fees neither to authors nor to readers and is entirely maintained by
the Association of Cyber Forensics and Threat Investigators.

IJCFATI has just published its latest issue at
https://conceptechint.net/index.php/CFATI/issue/view/1 We invite you
to review the Table of Contents here and then visit our website to
review articles and items of interest.

Authors are solicited to contribute to this journal by submitting
articles that illustrate original research, practical, review , case
studies, and legal analysis reports related to all areas of
cybersecurity, digital forensics, incident response, and threat
investigations. Please browse through the journal website to find out
more information about the author's guidelines
https://conceptechint.net/index.php/CFATI/about/submissions#onlineSubmissions

A hallmark of IJCFATI is the developmental approach to reviewing; the
editorial team works closely with authors to help them develop their
works. The goal is to bring good ideas to light, rather than to put up
roadblocks.

Thanks for the continuing interest in our work,

Editorial Assistant
cf...@co...

Vol 1, No 1-3 (2020): Inaugural Issue of the Journal of Cyber Forensics and
Advanced Threat Investigations
DOI: https://doi.org/10.46386/ijcfati.v1i1-3
ISSN: 2753-9997

Table of Contents
https://conceptechint.net/index.php/CFATI/issue/view/1

--------
Editorial
--------
Editorial–Inaugural Issue of the IJCFATI
Pages: 1-2

--------
Research Articles
--------
Title: Impact of Tools on the Acquisition of RAM Memory
Author(s): Marcos Fuentes Martínez
DOI: https://doi.org/10.46386/ijcfati.v1i1-3.12
Pages: 3-17

Title: A Forensic Analysis of Home Automation Devices (FAHAD) Model:
Kasa Smart Light Bulb and Eufy Floodlight Camera as Case Studies
Author(s): Fahad E. Salamh
DOI: https://doi.org/10.46386/ijcfati.v1i1-3.16
Pages: 18-26

Title: Making the Invisible Visible – Techniques for Recovering
Deleted SQLite Data Records
Author(s): Dirk Pawlaszczyk, Christian Hummert
DOI: https://doi.org/10.46386/ijcfati.v1i1-3.17
Pages: 27-41

--------
Hot Spot Notes
--------
Title: The Importance of the Three P's in the Investigation
Author(s): John William Walker
DOI: https://doi.org/10.46386/ijcfati.v1i1-3.15
Pages: 42-46

Title: Data Security for the SME
Author(s): John William Walker
DOI: https://doi.org/10.46386/ijcfati.v1i1-3.19
Pages: 47-52
__________________________________________________________________
Editorial Office
Journal of Cyber Forensics and Advanced Threat Investigations
ISSN: 2753-9997
__________________________________________________________________
Concept Tech Publishing,
Carryduff, United Kingdom.
https://conceptechint.net

Re: [sleuthkit-users] E01 Image not uploading in Autopsy software.

[Nanni B. <dig...@gm...>]

Autopsy and TSK support for many years EWF (E01) format, check your image
file with Ewfverify.
BTW you don't need to convert in DD format, you can use XMount to have a dd
file without converting it and wasting your space. :-)
bye


Dott. Nanni Bassetti

http://www.nannibassetti.com

CAINE project manager - http://www.caine-live.net


Il Ven 30 Ott 2020, 08:15 Nilesh Pawar via sleuthkit-users <
sle...@li...> ha scritto:

> Dear Sir/Madam,
> Iam install autopsy software in my workstation to analyzing the data for
> forensic report but autopsy software not working properly, E01 image not
> uploaded on the system.
> sir please help me solve this issue.
> Thanks and regards
> Nilesh Pawar
> CCPA Cell Pune
>
>
>
> <http://gandhi.gov.in>
> _______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org
>

Re: [sleuthkit-users] E01 Image not uploading in Autopsy software.

[Dāvis V. <dav...@gm...>]

<html><head><style id="outgoing-font-settings">#response_container_BBPPID{font-family: initial; font-size:initial; color: initial;}</style></head><body style="background-color: rgb(255, 255, 255); background-image: initial; line-height: initial;"><div id="response_container_BBPPID" style="outline:none;" dir="auto" contenteditable="false"> <div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width:100%;">Or you can take it to the next level, install Linux and use ewfexport to extract a .dd image from an .E01 file.&nbsp;</div>                                                                                                                                      <div name="BB10" id="response_div_spacer_BBPPID" dir="auto" style="width:100%;"> <br style="display:initial"></div> <div id="blackberry_signature_BBPPID" name="BB10" dir="auto">     <div id="_signaturePlaceholder_BBPPID" name="BB10" dir="auto"><p dir="ltr">D</p></div> </div></div><div id="_original_msg_header_BBPPID" dir="auto">                                                                                                                                             <table width="100%" style="border-spacing: 0px; display: table; outline: none;" contenteditable="false"><tbody><tr><td colspan="2" style="padding: initial; font-size: initial; text-align: initial;">                           <div style="border-right: none; border-bottom: none; border-left: none; border-image: initial; border-top: 1pt solid rgb(181, 196, 223); padding: 3pt 0in 0in; font-family: Tahoma, &quot;BB Alpha Sans&quot;, &quot;Slate Pro&quot;; font-size: 10pt;">  <div id="from"><b>From:</b> mas...@cy...</div><div id="sent"><b>Sent:</b> 30 October 2020 10:24</div><div id="to"><b>To:</b> nil...@go...</div><div id="cc"><b>Cc:</b> sle...@li...</div><div id="subject"><b>Subject:</b> Re: [sleuthkit-users] E01 Image not uploading in Autopsy software.</div></div></td></tr></tbody></table> <br> </div><!--start of _originalContent --><div name="BB10" dir="auto" style="background-image: initial; line-height: initial; outline: none;" contenteditable="false"><div style="font:normal 13px 'arial';color:rgb( 0 , 0 , 0 )">Dear,<br>you can use FTK Imager (free download from <wbr><a href="http://accessdata.com">accessdata.com</a><wbr>) to convert E01 in DD&nbsp;<br><br>Bests from Italy<br><br>MGX&nbsp;<br><br><div>
<div class="xam_msg_class">
<span style="font-family:'arial';font-size:medium"> 
<div class="xam_msg_class">
<span style="font-family:'arial';font-size:medium"><div>--</div><div>Massimiliano Graziani | Founder and CEO CYBERA SRL</div><div><a href="mailto:mas...@cy...">mas...@cy...</a></div><div>--</div><div>IICFIP Certified Forensic Investigation Professional (CFIP)</div><div>ACFE Certified Fraud Examiner (CFE)</div><div>IISFA Certified Information Forensics Investigator (CIFI)</div><div>ISECOM Osstmm Professional Security Analyst (OPSA)</div><div>AccessData Certified Examiner (ACE)</div><div>IICFIP Certified Digital Forensics Professional (CDFP)</div><div>Bsi Lead Auditor BS7799-2:2002 (ISO 27001:2013)</div><div>Tenable Certified Nessus User (TCNU)</div><div>--</div><div>Member of: ACFE IISFA ISECOM OWASP CLUSIT IICFIP ONIF</div><div>WREP - Web Reporters European Press tessera 9100</div><div>--</div><div><wbr><a href="https://www.cybera.it">https://www.cybera.it</a><wbr></div><div><wbr><a href="http://it.linkedin.com/in/mgraziani">it.linkedin.com/in/mgraziani</a><wbr></div><div>--</div><div><a href="tel:+393334180077">+39 333 4180077</a></div><div>--</div></span>
</div>
</span>
</div>
</div><br><br><div class="xam-quoted-text"><div><br>
<div><span style="font-family:'arial';font-size:11px;color:#5f5f5f">From</span><span style="font-family:'arial';font-size:12px;color:#5f5f5f;padding-left:5px">: "Nilesh Pawar via sleuthkit-users" <a href="mailto:sle...@li...">sle...@li...</a></span></div>
<div><span style="font-family:'arial';font-size:11px;color:#5f5f5f">To</span><span style="font-family:'arial';font-size:12px;color:#5f5f5f;padding-left:5px">: <a href="mailto:sle...@li...">sle...@li...</a></span></div>
<div><span style="font-family:'arial';font-size:11px;color:#5f5f5f">Cc</span><span style="font-family:'arial';font-size:12px;color:#5f5f5f;padding-left:5px">: </span></div>
<div><span style="font-family:'arial';font-size:11px;color:#5f5f5f">Date</span><span style="font-family:'arial';font-size:12px;color:#5f5f5f;padding-left:5px">: Fri, 30 Oct 2020 12:19:23 +0530 (IST)</span></div>
<div><span style="font-family:'arial';font-size:11px;color:#5f5f5f">Subject</span><span style="font-family:'arial';font-size:12px;color:#5f5f5f;padding-left:5px">: [sleuthkit-users] E01 Image not uploading in Autopsy software.</span></div>
<br>

<div class="xam_msg_class">
<div style="font-family:'arial' , 'helvetica' , sans-serif"><div>Dear Sir/Madam,</div><div>Iam install autopsy software in my workstation to analyzing the data for forensic report but autopsy software not working properly, E01 image not uploaded on the system.</div><div>sir please help me solve this issue.</div><div>Thanks and regards</div><div>Nilesh Pawar</div><div>CCPA Cell Pune</div><div><br></div><div><br></div></div>
<br>
<a href="http://gandhi.gov.in"><img src="https://email.gov.in/videos/images/log-4.png" height="80"></a>
<br>

</div>
</div></div></div><!--end of _originalContent --></div></body></html>

Re: [sleuthkit-users] E01 Image not uploading in Autopsy software.

[Patrick B. <pa...@ba...>]

Verify the integrity of your E01 disk image,  E01 (with compression) is
supported.

Regards


Op 30-10-2020 om 09:07 schreef mas...@cy...:
> Dear,
> you can use FTK Imager (free download from accessdata.com) to convert
> E01 in DD 
>
> Bests from Italy
>
> MGX 
>
>
>
>
> From: "Nilesh Pawar via sleuthkit-users"
> sle...@li...
> To: sle...@li...
> Cc:
> Date: Fri, 30 Oct 2020 12:19:23 +0530 (IST)
> Subject: [sleuthkit-users] E01 Image not uploading in Autopsy software.
>
> Dear Sir/Madam,
> Iam install autopsy software in my workstation to analyzing the data
> for forensic report but autopsy software not working properly, E01
> image not uploaded on the system.
> sir please help me solve this issue.
> Thanks and regards
> Nilesh Pawar
> CCPA Cell Pune
>

Re: [sleuthkit-users] E01 Image not uploading in Autopsy software.

[<mas...@cy...>]

Dear,
you can use FTK Imager (free download from accessdata.com) to convert E01 in DD 

Bests from Italy

MGX 



 

--
Massimiliano Graziani | Founder and CEO CYBERA SRL
mas...@cy...
--
IICFIP Certified Forensic Investigation Professional (CFIP)
ACFE Certified Fraud Examiner (CFE)
IISFA Certified Information Forensics Investigator (CIFI)
ISECOM Osstmm Professional Security Analyst (OPSA)
AccessData Certified Examiner (ACE)
IICFIP Certified Digital Forensics Professional (CDFP)
Bsi Lead Auditor BS7799-2:2002 (ISO 27001:2013)
Tenable Certified Nessus User (TCNU)
--
Member of: ACFE IISFA ISECOM OWASP CLUSIT IICFIP ONIF
WREP - Web Reporters European Press tessera 9100
--
https://www.cybera.it
it.linkedin.com/in/mgraziani
--
+39 333 4180077
--







From: "Nilesh Pawar via sleuthkit-users" sle...@li...
To: sle...@li...
Cc: 
Date: Fri, 30 Oct 2020 12:19:23 +0530 (IST)
Subject: [sleuthkit-users] E01 Image not uploading in Autopsy software.




Dear Sir/Madam,
Iam install autopsy software in my workstation to analyzing the data for forensic report but autopsy software not working properly, E01 image not uploaded on the system.
sir please help me solve this issue.
Thanks and regards
Nilesh Pawar
CCPA Cell Pune