Posts

Welcoming OpenRelik to the OSDFIR Infrastructure family

By
Image
Authored by Johan Berggren and Wajih Yassine Overview If you’ve been keeping a close eye on the OSDFIR Infrastructure repository over the last few months, you might have noticed a new face in the lineup. While many of you have already begun the migration, we are excited (and perhaps a little overdue!) to announce that OpenRelik is available for use through the OSDFIR Infrastructure project! What is OpenRelik? OpenRelik is an open-source platform designed to support collaborative digital forensic investigations. It provides a modular processing pipeline for DFIR teams, combining an interface for workflow management, real-time collaboration features, and a centralized repository for shared artifacts. The platform addresses challenges related to running disparate tools, managing isolated dependencies, and tracking intermediate data across different systems. The primary goal of OpenRelik is to automate the processing of forensic artifacts while using a resilient, distributed architecture...
Post a Comment
Read more

Plaso 20260512 released

By
  Plaso 20260512 released The Plaso team is delighted to announce a new Plaso release, 20260512. This release has a mixture of new features and under the hood improvements. Notable changes Added support for Apple MobileBackup plist ( #4916 ) with thanks to @rizabudi Added support for iOS WiFi Known Networks plist ( #4925 ) with thanks to @CopasAlpha26 Added support for iOS Accounts (Accounts3.sqlite) SQLite database ( #4926 ) with thanks to @studiawan Added support for IMO HD chat SQLite database ( #4927 ) with thanks to @agusgiinarsa Added support for Apple Burner (burners.sqlite) SQLite database ( #4928 ) with thanks to @brokamal and @SanGit56 Added support for Android Native Downloads (downloads.db) SQLite database ( #4929 ) with thanks to @ChristopherGammaWau and @barpeot Added support for Android App Launch (SimpleStorage) ( #4930 ) with thanks to @FathanAbi and @BeefRa Added support for iOS SIM information plist (com.apple.commcenter.data.plist) ( #4931 ) with thanks to @f...
Post a Comment
Read more

“Forensics tools” where are your tests?

By
“Forensics tools” where are your tests? In the context of digital forensics and incident response (sometimes referred to as DFIR) I regularly see claims about the latest “forensics tools”, “forensics data formats” or “court approved tools”. These claims are mere speculation (or hallucinations so to speak) when they are not accompanied with reproducible tests. Digital forensics is the practice to ensure that its findings are reliable enough to influence legal outcomes that affect human liberty and significant financial assets. The transition from "computer equipment" to "forensic evidence" requires a process that is transparent, auditable, and grounded in the scientific method. Key to a scientific finding is that it can be replicated independently. In the context of digital forensics, this requirement is divided into two distinct but related concepts: Repeatability , which refers to the consistency of results when the same examiner uses the same tool on the same samp...
Post a Comment
Read more

Plaso 20260119 released

By
  Plaso 20260119 released The Plaso team is delighted to announce a new Plaso release, 20260119. This release has a mixture of new features and under the hood improvements. Notable changes Changes for compatibility with OpenSearch 2.5 and later ( #4997 ) with thanks to @jaegeral Added support for Firefox 118+ download end time ( /#5019 ) and improvement to AppCompatCache parser ( #5025 ) with thanks to @Spferical Changes to use pyproject.toml ( #5015 ) Changes to Windows EventLogs parameter expansion ( #5023 ) The full list of cleanups, performance tweaks and bug fixes can be found in the release milestone . Upcoming changes in future releases Extend support for Windows 10 push notification databases ( #4458 ) Continued work on pre-processing and knowledge base ( #4543 ). Move image export to the dfImageTools project ( #1 ). Where/how to get Plaso 20260119? See Plaso's Users' Guide . The development team recommends using Docker to install Plaso without hassle.  If Docker does...
Post a Comment
Read more