Our seminars from 18 - 29 November in Frankfurt on the topic of IT forensics

Our seminars from 18 to 29 November in Frankfurt on the subject of IT forensics, which focused on tools such as Detego Global and MOBILedit, and in particular the analysis and manual checking of SQLite databases, offered the following topics
A comprehensive introduction to digital preservation and analysis of evidence. Both technical and legal aspects are of central importance here. A detailed overview of the topics covered is provided below.

Detego Global

The Detego® Unified Forensics Platform is a powerful digital forensics solution designed specifically for rapid collection, analysis and reporting. It enables:

  • Forensically securing data from thousands of devices such as smartphones, computers and IoT devices.
  • AI-supported analyses to identify connections between people, devices and cases.
  • The use of functions such as GPS data analysis, hash value matching and automated workflows for efficient investigations.

MOBILedit is a versatile tool for extracting and analysing data from mobile devices and smartwatches. It offers:

  • Physical and logical data acquisition.
  • Recovery of deleted data.
  • Support for numerous apps such as WhatsApp, Instagram and Snapchat and many more.
  • Advanced functions such as password cracking and decryption.

Both tools are designed to secure evidence for use in court by avoiding changes to the original data.

Analysing SQLite databases

SQLite databases are widely used in applications such as mobile phones, messenger services and operating systems. Their forensic analysis includes:

  • The recovery of deleted data records, often including temporary files such as write-ahead logs (WAL).
  • The use of specialised software such as MobilEdit or Rabbithole to analyse database content.
  • The possibility of reconstructing activities and time sequences, which makes them an important source of evidence.

Rooting a mobile phone is often necessary to enable deeper levels of access for forensic investigations. This involves unlocking administrator rights to access protected areas of the operating system. Methods include:

  • The use of custom recovery apps and root kits.
  • However, it is essential to ensure that no data is changed. This is ensured by comparing hash values before and after the examination.

Ensuring the integrity of the evidence

A key aspect of IT forensics is ensuring that the analysed data cannot be changed:

  • Creation of forensic copies (1:1 copies) of the data carriers.
  • Documentation of all steps in a court-proof expert report.
  • Use of hash values to check data integrity.

The seminar taught important basics for IT forensic analyses: the use of specialised tools such as Detego and MOBILedit, the analysis of SQLite databases and techniques for rooting mobile devices. The focus on the integrity of evidence ensures that results remain usable in court. Such training is essential for digital forensics professionals to meet the demands of modern investigations.

Related posts

No Results Found

The posts you requested could not be found. Try changing your module settings or create some new posts.