ArcPoint Newsletter, July 2022

DF Industry Happenings

This month the ArcPoint Team hosted an online webinar featuring Cesar Quezada. This free event was live. However, if you missed the live event, you can still catch the recorded version of the webinar on the Cyber Social Hub! During this webinar, Cesar shares with the audience his experience entering the DFIR community and how he actively supports the industry now.

The ArcPoint Team attended the DSI National Security Symposium on Digital Forensics this month at the National Harbor in Maryland! Our CEO, Amy Moles, met with customers one on one to discuss current challenges, pipeline solutions, and current solutions while providing live demos of the FTP server and live reporting feature packed into ATRIO!

The rest of this month has been about preparation for the rest of the conference season, including the SANS DFIR Summit in Austin, Texas in August, PFIC 2022 in Nashville, Tennessee in September; and High Crime and Technology Associate Conference in Atlantic City, New Jersey in September.

At the DFIR Summit, Cesar Quezada, Research and Development Engineer from ArcPoint and Jessica Hyde, Founder of Hexordia are presenting Missing Pieces: Tips and Tricks on how to ensure your acquisitions aren’t missing critical data. If you haven’t registered, there is still time to catch the presentation!

ArcPoint Company and Product News

This was a big month for ATRIO as we made some significant performance improvements, added some helpful features that will automatically provide an investigator with even more useful data, added the ability to customize some of the features, and implemented a new smart processing technique that sped up the processing performance by 340% compared to a normal execution!

• EXIF data automatically: ATRIO will now extract EXIF metadata from photos, PDFs, and Microsoft Office Documents. This will provide information such as GPS coordinates, author information, creation and modification timestamps, number of edits, and more automatically.

• Users can now import WIFI settings to connect ATRIO to a WIFI network.

• Custom file extensions: users can add custom file extensions to ATRIO for automatic processing.

• Improved AI translation performance for both CPU and GPU-enabled ATRIO units. 

• Performance comparison w.r.t v1.1.8 (v1.1.9):

  • CPU only (ATRIO): up to 20% faster

  • GPU (ATRIO-X): 50% or faster

• Bulk Extractor was optimized for faster performance.

• ATRIO can now carve an entire DD/E01 if needed.

To stay up to date on product releases, software updates, and other company news subscribe to our Youtube Channel, Twitter, or LinkedIn! On these platforms we release specific customer-driven requests to answer questions and provide product overview videos and other additional insights.

ArcPoint Presents: Unallocated Space

This month we are joined by Josh Brunty on Unallocated Space! This episode aired on our YouTube Channel on July 21st! During this episode, we focus on students entering the DFIR community and technical internships. The dos and don’ts of internships and how intern sponsors can make the most out of the experience for these students.

Josh Brunty is an Associate Professor of Digital Forensics in the School of Forensic & Criminal Justice Sciences at Marshall University in Huntington, WV. Prior to his appointment at Marshall University, he worked as a Digital Forensics Analyst (2005-2007), Quality Assurance Manager (2007-2008), and Technical Leader/Manager (2008-2012) for the West Virginia State Police Digital Forensics Unit at the Marshall University Forensic Science Center. He currently serves on the editorial boards of Forensic Science International: Digital Investigation, and the Journal of Forensic Sciences. He also serves as Executive Secretary and Member of the National Institute of Standards and Technology (NIST) Organization of Scientific Area Committee (OSAC) on Digital Evidence, a position he has served in since 2016. He has also served as Academician Commissioner of the Forensic Science Education Programs Accreditation Commission (FEPAC) since 2020. He is also a Fellow of the Digital and Multimedia Sciences Section of the American Academy of Forensic Sciences (AAFS).

He is currently funded by the United States Secret Service National Computer Forensics Institute (USSS-NCFI) to perform digital forensics and investigative technology research (2020-2023). He is also currently funded by the United States Department of Homeland Security Science Technology (S&T) Directorate to engage in digital forensics tools and techniques in dark web investigations (2021-2023). Additionally, he has received past funding from the National Institute of Justice (NIJ) for Technical Training, Research, and Casework Activities for state and local agencies engaged in digital forensics (2010-2015).

He has published a variety of articles and books, most notably co-authoring the Taylor & Francis textbook Social Media Investigation for Law Enforcement, which is still used in police academies and academic institutions throughout the United States. Additionally, he co-authored the Journal of Forensic Sciences article on the Forensic Inspection of Sensitive User Data and Artifacts from Smartwatch Wearable Devices, which received the 2019 American Academy of Forensic Sciences (AAFS) Digital & Multimedia Sciences Most Outstanding Research Award, in addition to being recognized by the journal as a 2019 noteworthy article.

Next month, we are joined by Alexis Brignoni has been serving the area of Orlando, Florida for the last 15 years as a Special Agent of a Federal Law Enforcement agency. A native of San Juan, Puerto Rico, he has a Bachelor's in Computer Science and an MBA in Management of Information Systems. Before working as a digital forensics examiner, he was a case agent tasked with investigating online crimes against children, network intrusions, intellectual property, and online fraud among others. Currently holding multiple digital forensics certifications, Alexis Brignoni has been focused on mobile app digital forensics as an area of interest due to the ever-evolving challenge of parsing a never-ending stream of new applications for relevant data. He can be reached online via Twitter @AlexisBrignoni and on his blog at abrignoni.com.

Check out our Blog

Once a month ArcPoint releases a blog to help individuals within the community grow and expand their skillsets. Our content is intended to be used as a refresher for experienced examiners and help individuals just getting started to expand their skillsets to make investigations easier. Check out Matching the Hash for Quick Wins with ATRIO on our website. Throughout this blog, we step through some of ATRIO’s unique features to provide real-time results. We dive into how hash matching works to quickly identify files you already know are malicious and maximize efficiency with simultaneous acquisition and exploitation.

Want a Demo? Just Ask!

ATRIO™ is an all-in-one digital forensics hardware/software solution that performs full physical imaging and data exploitation. It is designed to be intuitive and easy to use. Output is immediately accessible in a universally-compatible, non-proprietary format and can be viewed on any computer. There are no additional software programs, dongles, or other peripherals required to operate ATRIO™. Interested in getting demo? Sign up on the ArcPoint website.

Monthly Tech Tip

This month we want to highlight a nice feature within Windows PowerShell. Sometimes there are commands or scripts that pump a lot of data onto the screen which makes it hard to view or search. Well with PowerShell you can pump all that data into a nice interactive grid window using the ‘Out-GridView’ pipe.

In this example, we want to view all installed software on the host machine and then search if they have FTK Imager installed. To do this I ran the Get-WmiObject command and I piped that to Out-Gridview.

Once executed a new window will pop up and display an interactive table view:

Within this table, we can view, sort, and search for specific items. In our example, we are looking for FTK. Once we typed the name in the search bar we found that it was in fact installed on the system:

As you can see with Out-GridView you can easily view and search the results of a command or script. No more scrolling through tons of data on a screen using the command line!