Cookie Policy This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies.

Continue Learn more

Reality Net System Solutions

News

30 05 2016

Windows Phone 8 Forensics on Digital Forensics Magazine

An article on Windows Phone 8 forensics written by Mattia Epifani and Francesco Picasso has been published on Digital Forensics Magazine.

More information and article abstract are available on Digital Forensics Magazine website

01 02 2016

iOS 9 Forensics on Digital Forensics Magazine

An article written by Mattia Epifani and Pasquale Stirparo has been published on Digital Forensics Magazine.

More information and article abstract are available on Digital Forensics Magazine website

17 12 2015

“Life on Clouds, a forensics overview” presentation at DFRWS 2016 EU

Our presentation proposal titled “Life on Clouds, a forensics overview” has been accepted for the next DFRWS 2016 EU that will take place in Lausanne from March 29th until April 1st 2016.

Presentation abstract

Nowadays most part of our life is “on the cloud”: each personal device (PC, smartphone, tablet, digital camera, etc.) is constantly connected with cloud services, like Dropbox, Google Drive, iCloud and others.
In the last few years al lot of commercial tools were released to acquire data from cloud services in a forensically sound manner, but most of them are properly focused on data acquisition and do not include extraction of metadata added by cloud service providers.
In our research we tried to retrieve as much as possible information from service providers using official APIS released by vendors.
In this presentation, we will show the result of our research, focusing in particular on Dropbox and Google services, presenting some python scripts, analyzing actual functions and future development.
We will analyze connection details and metadata than can be accessed using APIS, discovering, for example, that using Google APIS it is possible to retrieve various information like Google Photo metadata (even if such files are not visible on Google Drive clients) or Comments on shared files.
Moreover we will present some interesting findings about the possibility to retrieve files and metadata also on public files that were accessed by a user though Google drive.

 

16 12 2015

“Discovering Windows Phone 8 artifacts and secrets” presentation at DFRWS 2016 EU

Our presentation proposal titled “Discovering Windows Phone 8 artifacts and secrets” has been accepted for the next DFRWS 2016 EU that will take place in Lausanne from March 29th until April 1st 2016.

Presentation abstract

The mobile operating system Windows Phone 8 has reached during 2015 in Europe the third position after Android and iOS for number of devices sold. The aim of this short presentation is to describe the techniques in use to extract data from Windows Phone 8 devices and obtain, when possible, a forensic image of the internal NAND and provide an overview of the most interesting artifacts that can be recovered. In particular partition structure, file system artifacts, native applications (address book, call history, SMS/MMS messages, internet history/cache/cookies, calendar), multimedia files (images, audio, videos, documents), configurations (Windows Registry) and third party apps (e.g. WhatsApp, Facebook and Skype) will be discussed. The presentation will also describe how to crack the Windows Phone pin, obtain the windows user password and decrypt ActiveSync credentials like password and Oauth. Tools to automatically perform these actions are available on authors GitHub page (https://github.com/dfirfpi/hotoloti/) and related posts are available and continuously updated on http://blog.digital-forensics.it/