DF Industry Happenings
April has been a month of preparing for conferences in May! Next month, we will be starting conference season with the Technology Innovation Demonstration Day in Hoffman, North Carolina. This event is hosted on a 300-acre facility featuring solutions for electronic warfare, countering unmanned systems, secure communications, medical improvements, counter GPS, and more. Accel Innovation Corporation and Oak Grove Technologies are hosting this event. Registration is at no cost! If you missed it this year, subscribe to their newsletter for the next upcoming event. We will be meeting with customer sets local to the area supporting in-field operations, and focusing on data at the edge.
After that, we roll right into Techno Security and Digital Forensics Conference in Myrtle Beach, South Carolina. Next, we’ll be at the Special Operations Industry Conference (SOFIC) 2022 in Tampa, Florida, on May 16-19, 2022. We are looking forward to meeting and listening to the challenges our end-users experience in their current DFIR workflow and at the edge support. So join us for our SOFIC Mixer. Sign up here!
In addition to those conferences, we will be attending the North Florida ICAC Task Force Quarterly Meeting. On May 11, 2022, ArcPoint will provide a live webinar for Rapid Acquisition & Tirage with ATRIOTM by Amy Moles, CEO & Co-Founder. Amy will be providing a live demonstration of ATRIOTM while learning about the ICAC community's current challenges.
ArcPoint Company and Product News
The ArcPoint Forensics team is brewing something new behind the scenes! We are prototyping and working on new products to bring our customers more robust DFIR solutions to evolve their workflow and streamline processes for collection and triage. If you are interested in learning more, be sure to find us at an upcoming conference event or sign up online to speak with a member of our team.
Our DEV team has made leaps and bounds with development over the past month, and we are excited to launch our reporting dashboard. This feature allows analysts to see results in real-time to take a deeper dive into forensics artifacts and highlight critical findings quickly to advance in their investigations, all while ATRIOTM is still acquiring and exploiting the data!
Our CTO and Founder, Jared Ringenberg, has been busy traveling from state to state in his mobile lab! His journey continues to Florida next month and then up the East Coast before making his way West. If you are interested in meeting with him to learn more about ArcPoint and our other products or capabilities, request a demo on our website and request an in-person demo. A member of our team will coordinate the details along Jared’s route. This unique opportunity will give you a hands-on experience with ATRIOTM and learn about other prototypes we are working on behind the scenes from the Founder himself!
Our second quarterly mixer is right around the corner in Centro Ybor! Our guests will enjoy the local flavors of the Tampa Bay area while getting the opportunity to ask questions and get live demonstrations of ATRIOTM by our CEO and Co-Founder, Amy Moles. If you are interested in attending, you can sign up here for the event.
ArcPoint Presents: Unallocated Space
This month w we host Brian Moran of BriMor Labs! Brian is a digital forensic analyst currently residing in the Baltimore, Maryland, area. He has approximately 15 years of experience in the cyber security field, with ten years focusing on the DFIR field, both in the United States Air Force and the private sector. His initial exposure to the DFIR field occurred during a 6-month deployment to Mosul, Iraq, in 2004-2005. He served on a team that provided mobile device analytic information supporting tactical military operations.
During his tenure in the Air Force, he has worked with numerous DoD entities and been invited to speak and share information at several intelligence community events. After his military service ended, he entered the private sector and has worked (globally) on a wide range of cases. His favorite aspect of this career field is that it is constantly changing and evolving, and every case has unique problems, questions, and solutions. Check it out on our YouTube Channel and Podcast Platforms, hosted on Spotify and Google Podcast.
Next month we host Jennifer Salvadori, Event Director for the Techno Security & Digital Forensics Conference, an extremely well-rounded trade show/events professional. From exhibit sales to onsite logistics, Jennifer has a keen understanding of what makes an event run smoothly. Her experience in the events industry spans nearly 30 years.
Before entering the events industry, Jennifer seriously considered joining the police academy. Growing up in a military family, Jennifer was raised with a strong value system and commitment to truth and justice. Jennifer’s passion to “help get the bad guys,” combined with her event industry experience, makes her the perfect choice for being the “face of Techno” for over seven years. Her outgoing personality, dedicated approach, and devotion to the brand are apparent to all she meets.
Jennifer will give us the background on the Techno Security & Digital Forensics Conference and why it was started. In addition, she will tell us how she initially got involved with the conference and the impact the show has had on the DFIR industry. She will also talk about the challenges faced behind the scenes and what the future holds for this tradeshow.
Check out our Blog
Once a month, ArcPoint releases a blog to help individuals within the community grow and expand their skillsets. Our content is intended to be used as a refresher for experienced examiners and help individuals just getting started to expand their skillsets to make investigations easier. Also, check out Free iOS Forensics Tools on our website. We look at a few free resources available for iOS examinations throughout this blog. These are excellent resources to use for verification throughout your examinations.
Want a Demo? Just Ask!
ATRIO™ is an all-in-one digital forensics hardware/software solution that performs full physical imaging and data exploitation. It is designed to be intuitive and easy to use. Output is immediately accessible in a universally-compatible, non-proprietary format and can be viewed on any computer. There are no additional software programs, dongles, or other peripherals required to operate ATRIO™. Interested in getting demo? Sign up on the ArcPoint website.
Monthly Tech Tip
Fls is an excellent tool within Sleuthkit that lists files and directory names within a forensic image. In addition, it can list recently deleted files for a given directory, among a few other things. This month we want to show how you can use it to search for a specific file name within an image.
In this situation, we have an E01 that we are waiting to be processed through one of our forensic tools. While waiting, the customer asked if we could quickly tell if a specific file could be found within the user account on the drive. The file in question is ‘Sightings2005.xls’.
Since we only want to look within the user directory, we will use mmls to find the correct partition offset.
$ mmls HD1.E01
The specific partition we want to look at starts at sector offset 1001472. So our next command tells fls to look at the file system at offset 1001472 and search recursively while only displaying file entries. That command is then piped to grep to search for our Sightings2005.xls file.
$ fls -o 1001472 HD1.E01 -rF | grep ‘Sightings2005.xls’
Success! The file was found within the user ‘Sarah M’ Downloads folder. It has to be noted that we only matched on the file’s name and cannot confirm it is the actual file just from this output, but at least it gives us a lead once the image is fully processed.
Next month we will show how easy it is to extract the file from the image using icat.