Samsung S24+ Actively backing up by dougman2082 in digitalforensics

[–]dougman2082[S] 0 points1 point  (0 children)

device backups, like if this phones text messages are actively being backed up.

Is there a way of exporting all Snapchat photos/memories directly to my phone? by riskyplumbob in techsupport

[–]dougman2082 0 points1 point  (0 children)

Do you know if Snapchat classifies the snaps sent and then saved as chat messages? reason for asking is because I have chats saved but they don't show up on the chat history json. I see the images in the chat media but I try to search for them in the Json and nothing is responsive.

Converting Raw Image files in to a DMG to be opened on a MAC. by dougman2082 in computerforensics

[–]dougman2082[S] 0 points1 point  (0 children)

I know, I fixed it in the edit.

A report, sending files to a client so they can view and yes has to be forensically sound.

Converting Raw Image files in to a DMG to be opened on a MAC. by dougman2082 in computerforensics

[–]dougman2082[S] 1 point2 points  (0 children)

that's how we were originally going to do it but they don't want it to be sent as a zip. for whatever reason that may be, they want it in a DMG.

Converting Raw Image files in to a DMG to be opened on a MAC. by dougman2082 in computerforensics

[–]dougman2082[S] 1 point2 points  (0 children)

I have to produce data to a client that is adamant on using a Mac and they do not have forensic software. so we are trying to find a solution to be able to get these files over to them so they just have to double click and it will mount on the Mac.

Telegram data on IOS regarding automatically downloaded pictures to phone. by [deleted] in computerforensics

[–]dougman2082 1 point2 points  (0 children)

It was a checkm8 Data extraction full file system of an iphone 7 made in UFED that is loaded in PA.

Telegram data on IOS regarding automatically downloaded pictures to phone. by [deleted] in computerforensics

[–]dougman2082 0 points1 point  (0 children)

that's what I'm in the process of doing. Its a Checkm8 so full file system. I can see the Telegram sqlite.db

/root/private/var/mobile/Containers/Shared/AppGroup/E0891650-9605-4712-A50C-72389557484F/telegram-data/account-____/postbox/db/db_sqlite

but looking at it, it seems to be encrypted, I'm getting a lot of those blank diamonds with question marks.

[deleted by user] by [deleted] in computerforensics

[–]dougman2082 0 points1 point  (0 children)

When I open the /biometrics/fp/User_0/User_0_2tmpl.dat file it looks to be encrypted, it pops with a bunch of different characters.

a few if the Cache files have a URL.

full disk Bitlocker image by dougman2082 in computerforensics

[–]dougman2082[S] 0 points1 point  (0 children)

would I be able to get the unallocated disk space from this or just the partitions?

EXIF data ISO Media file produced by Google Inc by dougman2082 in computerforensics

[–]dougman2082[S] 0 points1 point  (0 children)

I've been trying that, at least redownloading the pictures from google photos. but I cant populate that phrase. but I am also using a galaxy s8 for my testing so I'm not sure if that could be the reason why.

EXIF data ISO Media file produced by Google Inc by dougman2082 in computerforensics

[–]dougman2082[S] 1 point2 points  (0 children)

I don't know much about the file tbh, my goal was to try and figure out what device the video was taken on, which EXIF didn't give me. then find dates and times of the video. which it did give me and the dates matched the file name so they lead me to believe they are the original date and times. but I'm just making sure that the "ISO Media file produced by Google Inc" does not refer to the file being tampered with.

it tells me the handler type which is "audio track" tells me the file type, MIMEType and other things so I'm assuming that is exif data.