Beginning of 2015 PackPub came to Johann and me and ask us if we would like to write a book about Python-based forensic investigations. The idea of writing a book was really interesting for both of us, so we started to work on an agenda and outline. After several discussions with the publisher we created an outline that was acceptable for all of us and less than a year later (since October 2015) the book is available on Amazon and PackPub.
Android RAM Analysis @ IMF2014
Our paper Post-Mortem Memory Analysis of Cold-Booted Android Devices has been accepted at IMF’14 and was presented there last week.
Cracking Android’s full disk encryption
At the end of 2011, Google released version 4.0 of its Android operating system. For the first time, Android smartphone owners were supplied with a disk encryption feature that transparently scrambles user partitions, thus protecting sensitive user information against targeted attacks that bypass screen locks. On the downside, scrambled telephones are a a nightmare for IT forensics and law enforcement, because once the power of a scrambled device is cut any chance to recover data other than bruteforce is lost. Continue reading “Cracking Android’s full disk encryption”