Tag: FROST

First Book: (Mastering) Python Forensics

Beginning of 2015 PackPub came to Johann and me and ask us if we would like to write a book about Python-based forensic investigations. The idea of writing a book was really interesting for both of us, so we started to work on an agenda and outline. After several discussions with the publisher we created an outline that was acceptable for all of us and less than a year later (since October 2015) the book is available on Amazon and PackPub.

Read More →

Android RAM Analysis @ IMF2014

Our paper Post-Mortem Memory Analysis of Cold-Booted Android Devices has been accepted at IMF’14 and was presented there last week.

Read More →

Cracking Android’s full disk encryption

At the end of 2011, Google released version 4.0 of its Android operating system. For the first time, Android smartphone owners were supplied with a disk encryption feature that transparently scrambles user partitions, thus protecting sensitive user information against targeted attacks that bypass screen locks. On the downside, scrambled telephones are a a nightmare for IT forensics and law enforcement, because once the power of a scrambled device is cut any chance to recover data other than bruteforce is lost.

Read More →