China's Massistant Tool Secretly Extracts SMS, GPS Data, and Images From Confiscated Phones

Cybersecurity researchers have shed light on a mobile forensics tool called Massistant that's used by law enforcement authorities in China to gather information from seized mobile devices. The hacking tool, believed to be a successor of MFSocket, is developed by a Chinese company named SDIC...

New Mobile Phone Forensics Tool

The Chinese have a new tool called Massistant. Massistant is the presumed successor to Chinese forensics tool, "MFSocket", reported in 2019 and attributed to publicly traded cybersecurity company, Meiya Pico. The forensics tool works in tandem with a corresponding desktop software. Massistant gai...

GPU-Accelerated Interpretable Generalization for Rapid Cyberattack Detection and Forensics

The Interpretable Generalization IG mechanism recently published in IEEE Transactions on Information Forensics and Security delivers state-of-the-art, evidence-based intrusion detection by discovering coherent normal and attack patterns through exhaustive intersect-and-subset operations-yet its...

Cloud Digital Forensic Readiness: an Open Source Approach to Law Enforcement Request Management

Cloud Forensics presents a multi-jurisdictional challenge that may undermines the success of digital forensic investigations DFIs. The growing volumes of domiciled and foreign law enforcement LE requests, the latency and complexity of formal channels for crossborder data access are challenging...

BlueRiSC WindowsSCOPE Cyber Forensics 数据伪造问题漏洞

BlueRiSC WindowsSCOPE Cyber Forensics is a GUI-based memory forensic capture and analysis toolkit from BlueRiSC. BlueRiSC WindowsSCOPE Cyber Forensics suffers from a Data Forgery Issue vulnerability that stems from a lack of constraints in the rv32im circuit, which could lead to a malicious prove...

Chances and Challenges of the Model Context Protocol in Digital Forensics and Incident Response

Large language models hold considerable promise for supporting forensic investigations, but their widespread adoption is hindered by a lack of transparency, explainability, and reproducibility. This paper explores how the emerging Model Context Protocol can address these challenges and support th...

Our capabilities. A story about what we can achieve

Introduction Over the years we have been fortunate to have been called upon to help with some challenging investigations. iPhone prize scams, ransomware attacks that weren't, aiding the Steele Dossier case, and even a fraudulent €14 million transfer. Here we've picked out the most interesting one...

CVE-2024-45412

Yeti bridges the gap between CTI and DFIR practitioners by providing a Forensics Intelligence platform and pipeline. Remote user-controlled data tags can reach a Unicode normalization with a compatibility form NFKD. Under Windows, such normalization is costly in resources and may lead to denial o...

CVE-2022-1522

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-117: Improper Output Neutralization for Logs, which allows an attacker to create false logs that show the password as having been changed when it is not, complicating forensics...

How Private Investigators Handle Digital Forensics?

The world we live in is packed with data. Texts, emails, social media posts, deleted files, you name…...

An In-Kernel Forensics Engine for Investigating Evasive Attacks

Over the years, adversarial attempts against critical services have become more effective and sophisticated in launching low-profile attacks. This trend has always been concerning. However, an even more alarming trend is the increasing difficulty of collecting relevant evidence about these attack...

Correlating Account on Ethereum Mixing Service Via Domain-Invariant Feature Learning

The untraceability of transactions facilitated by Ethereum mixing services like Tornado Cash poses significant challenges to blockchain security and financial regulation. Existing methods for correlating mixing accounts suffer from limited labeled data and vulnerability to noisy annotations, whic...

GPML: Graph Processing for Machine Learning

The dramatic increase of complex, multi-step, and rapidly evolving attacks in dynamic networks involves advanced cyber-threat detectors. The GPML Graph Processing for Machine Learning library addresses this need by transforming raw network traffic traces into graph representations, enabling...

Bringing Forensic Readiness to Modern Computer Firmware

Today's computer systems come with a pre-installed tiny operating system, which is also known as UEFI. UEFI has slowly displaced the former legacy PC-BIOS while the main task has not changed: It is responsible for booting the actual operating system. However, features like the network stack make ...

Modeling Behavioral Preferences of Cyber Adversaries Using Inverse Reinforcement Learning

This paper presents a holistic approach to attacker preference modeling from system-level audit logs using inverse reinforcement learning IRL. Adversary modeling is an important capability in cybersecurity that lets defenders characterize behaviors of potential attackers, which enables attributio...

SoK: Timeline Based Event Reconstruction for Digital Forensics: Terminology, Methodology, and Current Challenges

Event reconstruction is a technique that examiners can use to attempt to infer past activities by analyzing digital artifacts. Despite its significance, the field suffers from fragmented research, with studies often focusing narrowly on aspects like timeline creation or tampering detection. This...

GRR 3.4.9.1

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR...

CVE-2025-32367

The Oz Forensics face recognition application before 4.0.8 late 2023 allows PII retrieval via /statistic/list Insecure Direct Object Reference. NOTE: the number 4.0.8 was used for both the unpatched and patched versions...

CVE-2025-32367

The Oz Forensics face recognition application before 4.0.8 late 2023 allows PII retrieval via /statistic/list Insecure Direct Object Reference. NOTE: the number 4.0.8 was used for both the unpatched and patched versions...

Oz Forensics Oz Liveness 安全漏洞

Oz Forensics Oz Liveness is a leading facial recognition and authentication software from Oz Forensics. A security vulnerability exists in Oz Forensics Oz Liveness versions prior to 4.0.8 late 2023, which stems from an insecure direct object reference that could lead to PII retrieval...