Clik here to view.
Google-ei'd ?!
Hmmm ... I seem to be having some trouble focusing after this latest postEver looked closely at a Google search URL and seen a weird "ei" parameter in there? While it doesn't seem to occur for every...
View ArticleClik here to view.
Reversing Monkey
Reversing may also drive you bananas ... When trying to recover/carve deleted data, some reverse engineering of the file format may be required. Without knowing how the data is stored, we cannot...
View ArticleClik here to view.
Trawling for Windows Phone 8 App Permissions
Trawling for Windows Phone App Permissions can be an Adventure! (Fishnets not mandatory ;)A recent case had monkey researching how to determine which Windows Phone apps might store location data....
View ArticleClik here to view.
Extracting Pictures from MS Office (2007)
It extracts the pictures or it gets the hose! Er, Sorry about that ... Python can be a little unco-operative at times ;)A MS Office (2007) document is comprised of a group of files zipped together into...
View ArticleClik here to view.
Android APK Permissions Script
In this issue ... We take a look at Android Perms... So hawt!An Android app install file (.apk) declares its required permissions in its AndroidManifest.xml binary file.While there is limited official...
View ArticleClik here to view.
Deleted SQLite Parser Script Update (Now With Added DFIR Rockstar!)
Monkey says: "Knowing DFIR Rockstars has its privileges!" (Mari's picture courteousy of her Google+ Profile)This post aims to build upon Mari DeGrazia'ssqlparse Python script which harvests data from...
View ArticleClik here to view.
How u like Base(64)?
Monkey was having such a great time, no one had the heart to tell him he had the wrong type of base ...A recent blog post by Heather Mahalik (@HeatherMahalik) mentioned that a multiple Base64 decoding...
View ArticleClik here to view.
Extracting Ones BLOBs From The Clutches Of SQLite
SQLite BLOB work used to be an adventure ... Not anymore!Did you know that SQLite databases can also hold binary data? BLOB fields can contain pictures, audio, base64 encoded data and any other binary...
View ArticleClik here to view.
Chunky4n6Monkey!
With some substantial assistance from Boss Rob ... Enter the Chunky Monkey! This post is targeted at those particularly interested in Python programming. If you are looking for a forensic wonder-tool...
View ArticleClik here to view.
Finding Geo
Monkey, just keep swimming through the WinPhone data ... ya clown!UPDATE 6OCT2015: Edited FindMyPhone and Multimedia sections + added suspected main Location setting Registry location.A couple of...
View ArticleClik here to view.
Windows Phone 8.10 MMS (for Lumia 530) ...
Now with attachment info! Catch the excitement!We recently noticed that while some commercial forensic tools show Windows Phone 8.10 MMS transaction information (eg Date, Phone number), they do not...
View ArticleClik here to view.
An Initial Peep at Windows 10 Mobile (Lumia 435)
Ooh! Yeah, show me where you keep your store.vol you dirty winphone you!At first glance, the Windows 10 Mobile GUI looks a lot like Windows Phone 8. This post will focus on some key mobile...
View ArticleClik here to view.
The Chimp That Pimps And An Introduction to e.MMC Flash Memory Forensics
Pimpin Ain't Easy?SANS is offering the top 3 referrers to its DFIR Summit 2016 website, an Amazon Echo smart speaker.As of 11 May 2016, this Chimpy McPimpy was number 5 on the list.Chimpy would very...
View ArticleClik here to view.
Panel Beaten Monkey
FYI: A "Panel Beater" = Auto body mechanic in Monkeytown-eseThis Monkey was recently invited to shit himself sit on a SANS DFIR Summit panel discussing Innovation in Mobile Forensics with an All-Star...
View ArticleClik here to view.
A Timestamp Seeking Monkey Dives Into Android Gallery Imgcache
Are you sure?! Those waters look pretty turdy ...UPDATE 4AUG2016: Added video thumbnail imgcache findings and modified version of script for binary timestamps. Did you know that an Android device can...
View ArticleClik here to view.
Google S2 Mapping Scripts
Sorry Monkey - there is just no point to mapping jokes ...Cindy Murphy's recent forensic forays into Pokemon Go (here and here) have inspired further monkey research into the Google S2 Mapping library....
View ArticleClik here to view.
Monkey Plays (LAN) Turtle
OMG! Sooo Turtle-y!The Hak5LAN Turtle recently plodded across our desk so we decided to poke it with a stick and see how effective it is in capturing Windows (7) credentials.From the LAN Turtle...
View ArticleClik here to view.
Monkey Unpacks Some Python
UNPACK-ing Python .. Now with added monkey!Some forensic folks have suggested that a Python tutorial on how to read/print binary data types might be helpful to budding Python programmers in the...
View ArticleClik here to view.
Monkey takes a .heic
The hills are alive ... with the compression of H.265!With iOS 11 and macOS High Sierra (10.13), Apple has introduced a file container format called High Efficiency Image File Format (aka HEIF -...
View ArticleClik here to view.
A Monkey Forays Into USB Flashdrives
What a Feeling Indeed!Recently monkey was tasked with extracting data from a broken USB flash drive that had previously been "repaired" by another party. It still did not work however.The following...
View ArticleClik here to view.
Recovering and Replaying Garmin Voice Instructions
Wait a minute monkey, did you say Carmen or Garmin?We had a damaged Garmin nuvi 56LM GPS unit from which we recovered a text file containing a voice log.It was a bit of an unusual process so we thought...
View ArticleClik here to view.
iOS14 Maps History BLOB Script
Another BLOBBY SQL (Sequel)!A quick post to introduce a new iOS 14 Apple Maps History helper script ...Thanks to Heather Mahalik for sharing her research and for both her and her associate Sahil's...
View ArticleClik here to view.
Monkey Test Drives a Honda Accord
"The red ones go faster!" - original picture sourced from caranddriver.comMonkey recently "test drove" ("test-parsed"?) a data dump from a 2016 Honda Accord (USA).This post will describe that...
View ArticleClik here to view.
Mike & the Monkey Dumpster Dive Into Samsung Gallery3d App Trash
Monkey assists Mike with another dive into the Samsung Gallery3d AppIt all started with a post by Michael Lacombe(iacismikel at gmail.com) on the Physical and RAW Mobile Forensics Google Group in...
View ArticleClik here to view.
Monkey Attempts To Digest Some Google Takeout (DetectedActivitys)
Careful What You Eat, Monkey!One of Monkey's co-workers (Troy) was able to provide investigators with a location of interest by looking at the device owner's Google Takeout "Location...
View Article