Chris Ed
@chris-ed.bsky.social
📱 Digital Forensics
🐍 Python
👾 Video Games
🌊 Nature
🐍 Python
👾 Video Games
🌊 Nature
I’m just confused as to why mobile vendors, specifically, refuse to adopt a well used format. Cellebrite even reverted to Dar for a while, right? Why not use E01s or AFF4? It’s so frustrating.
January 4, 2025 at 11:22 AM
I’m just confused as to why mobile vendors, specifically, refuse to adopt a well used format. Cellebrite even reverted to Dar for a while, right? Why not use E01s or AFF4? It’s so frustrating.
It is transparent, but data integrity is still a thing. E01s confer integrated data validity measures which of course raw bins do not provide as well as compression. Also the speed of acquisition between DD and E01 is minimal, according to this paper from 2022: www.diva-portal.org/smash/record...
Need for speed: A study of the speed of forensic disk imaging tools
DiVA portal is a finding tool for research publications and student theses written at the following 50 universities and research institutions.
www.diva-portal.org
January 4, 2025 at 11:20 AM
It is transparent, but data integrity is still a thing. E01s confer integrated data validity measures which of course raw bins do not provide as well as compression. Also the speed of acquisition between DD and E01 is minimal, according to this paper from 2022: www.diva-portal.org/smash/record...
More than one timestamp would be nice 😌
January 4, 2025 at 11:08 AM
More than one timestamp would be nice 😌
And then if a vendor supports a physical extraction, what do we get? A raw bin. As if an existing, well understood forensic data container doesn’t exist. It’s only in the mobile space this happens and I have no idea why.
December 20, 2024 at 6:46 AM
And then if a vendor supports a physical extraction, what do we get? A raw bin. As if an existing, well understood forensic data container doesn’t exist. It’s only in the mobile space this happens and I have no idea why.
I get your point here, but man the prevalence of zip in mobile formats is frustrating. We have had methods of perfectly preserving and representing full file system metadata since the advent of EWF but it’s never been adopted by mobile vendors and so we have to deal with partial information.
December 20, 2024 at 6:43 AM
I get your point here, but man the prevalence of zip in mobile formats is frustrating. We have had methods of perfectly preserving and representing full file system metadata since the advent of EWF but it’s never been adopted by mobile vendors and so we have to deal with partial information.
Are those your “Digital Forensic Lairs” it’s showing on the map? Are they each in an extinct volcano?
November 16, 2024 at 10:47 AM
Are those your “Digital Forensic Lairs” it’s showing on the map? Are they each in an extinct volcano?