r/digitalforensics

Can police really get into and download data from phone without password?

So I had a samsung s25 phone that police seized. I didnt give my password to them.I shut the phone down before they took it and I have a 16 digit passcode on it. How likely is it police can get into my phone? Apparently a samsung thats been restarted has an extra layer of security (BFU)?

Location: United kingdom

reddit.com
u/DGH003 — 2 days ago
▲ 25 r/digitalforensics+2 crossposts

My write up for a Memory Forensics/DFIR chall for Macos

https://mooofin.github.io/portfolio/blog/s4nct1m0ny.html

tuts for ISF from kernel DWARF. for vol as well . loginwindow plaintext credential extraction, Chainbreaker 3DES keychain decryption, and full RE of a Swift dropper using machine Hardware UUID as decryption key , ive tried to make it very less jargon and reader friendly

u/mewwwfinnn — 3 days ago
▲ 7 r/digitalforensics+1 crossposts

ChronoVerify: Free tool for photo forensics, C2PA checks & edit detection

Greetings r/digitalforensics,

I built a free tool called ChronoVerify that is useful for photo forensics.

It pulls capture time and metadata from EXIF/XMP, validates C2PA Content Credentials, and runs some basic pixel forensics to spot edits.

You get a plain-language verdict instead of just a bunch of raw data. Everything runs in your browser — no images get uploaded or stored.

There's also a free API tier if you or an agent want to script it.

If you try it, I'd be curious what you think, especially those experienced with forensics. Could this be useful to you or the image forensics community?

Thanks!

chronoverify.com
u/clockspammer4life — 4 days ago

Need advice on investigating a suspected telecom-level compromise and preserving evidence

Hi everyone,

I’m looking for advice from people with experience in mobile network security, incident response, telecom infrastructure, or digital forensics.
Over the past few months I’ve become concerned that I may be the target of a sophisticated attack involving my mobile connectivity. I realize these are extraordinary concerns, so I’m not asking anyone to assume they are true. Instead, I’m looking for guidance on how to investigate them properly and collect evidence.
Some of the questions I have are:
How can I determine whether there is any evidence of telecom-level compromise?
What kinds of logs or records can I legally obtain from my mobile provider?
If someone had unauthorized access to telecom infrastructure, what evidence would typically remain?
Is there any practical way to detect or rule out SS7-related attacks?
Which forensic tools are recommended for iPhone and eSIM investigations?
Should I preserve baseband logs, network traces, or any other artifacts?
Are there independent telecom security experts who perform this type of forensic analysis?
I’m not looking for speculation or conspiracy theories. I’m specifically looking for:
digital forensic methodology;
telecom security expertise;
evidence preservation;
legal documentation standards;
ways to distinguish between normal carrier behavior and actual compromise.
If you’ve worked in telecom security or incident response, I’d really appreciate

reddit.com
u/RefrigeratorLanky642 — 4 days ago

Need advice on investigating a suspected telecom-level compromise and preserving evidence of

Hi everyone,

I’m looking for advice from people with experience in mobile network security, incident response, telecom infrastructure, or digital forensics.

Over the past few months I’ve become concerned that I may be the target of a sophisticated attack involving my mobile connectivity. I realize these are extraordinary concerns, so I’m not asking anyone to assume they are true. Instead,
I’m looking for guidance on how to investigate them properly and collect evidence.

Some of the questions I have are:

How can I determine whether there is any evidence of telecom-level compromise?

What kinds of logs or records can I legally obtain from my mobile provider?

If someone had unauthorized access to telecom infrastructure, what evidence would typically remain?

Is there any practical way to detect or rule out SS7-related attacks?

Which forensic tools are recommended for iPhone and eSIM investigations?

Should I preserve baseband logs, network traces, or any other artifacts?

Are there independent telecom security experts who perform this type of forensic analysis?

I’m not looking for speculation or conspiracy theories. I’m specifically looking for:
digital forensic methodology;
telecom security expertise;
evidence preservation;
legal documentation standards;
ways to distinguish between normal carrier behavior and actual compromise.
If you’ve worked in telecom security or incident response, I’d really appreciate your advice.

Thank you

digitalforense.com
u/RefrigeratorLanky642 — 4 days ago

I need help extracting or improving the audio quality on some recordings. I suspect that I am being targeted by my significant other for murder. Police won't help due to the quality of these recordings. Any ideas?

reddit.com
u/FirefighterDry8743 — 5 days ago

Advice/insight on a path to a new role within DF

Hey everyone. Recently been looking to find another job and figured I would post on her to see if anyone had any advice or ideas. Not looking for a specific role or job posting to fill, rather another area or space within DF that I might enjoy more. Just kind of lost on where to go or what’s out there.

For the past 4 years I've been working at a regional DF lab supporting multiple local, state, and federal LE agencies the US.

I mostly do Mobile Forensics. Analysis, extraction, preservation, and report generation using mainly Cellebrite and Magnet tools, but have experience with a wide range of tools. Have a little experience doing computers, DVRs, and vehicles but we don't get those requests nearly as much. Also have a little experience testifying as an expert. I work on all kinds of cases but getting very burnt out.

For those who started off in a similar setting or with similar experience, what areas of DF did you transition to and do you enjoy it more?

If it helps, my undergrad degree is in CJ, nothing CS related. This was my first job out of college and they trained me and got me my certifications

Thank you in advance. Any advice is greatly appreciated.

reddit.com
u/Immediate_Athlete492 — 5 days ago
▲ 8 r/digitalforensics+1 crossposts

Hypothetical OSINT/infosec: getting fingerprints from a photo?

So a thought crossed my mind just now: how realistic is the possibility of say 3-letter agency getting a photo of a palm off r/PalmReading or similar online sources, and running physical fingerprints lookup?

reddit.com
u/SilverSquirrel6 — 8 days ago
▲ 2 r/digitalforensics+1 crossposts

Mac disk showing HFS file system as an unrecognizable file in a CDFS

Hello, I have had this experience somewhat regularly. A 3.5" floppy disk will image properly using Kyroflux, in this case using the Apple 400k/800k image format, and the resulting IMG disk image will look like this. A CDFS hierarchy containing a functioning disk name, and drilling down reveals a "HFS" file that is nearly useless. When I vew the top-level disk image in a hex editor, it shows some text with quite a lot of garbled content. What is happening?

u/SherbetSuitable5058 — 7 days ago

Confused 😓

Hello guys, I am 29M living in India, doing a job in IT operations (prompt engineering and a bit of database handling)

I have a Master's degree in IT (completed in 2020) now trying to make a career transition into digital forensics. I am in a dilemma whether I should go for another master's of 2 years (M.Sc. in Digital Forensics & Information Security) or look for relevant certification courses which can help me to land in a job related to Digital Forensics. But if I opt for certification courses how will I get hands-on experience on using the forensic tools? How will I perform or learn practical knowledge? Please help 🥺

reddit.com
u/Bond00725 — 8 days ago

How to date a screenshot

I have a few screenshots that were transferref from an iphone x to a laptop. I checked the exif data but i just want to make sure. Is it possible that the exif changed as it was being transferred?

reddit.com
u/Suspicious_Treat_160 — 9 days ago

Capabilities of cellibrite and magnet axiom on third party app recovery of iphone 15 onwards in England

I am carrying out a research project on a case study for my degree on the following information I’m trying to understand the current capabilities and limitations of Cellebrite UFED/Premium and Magnet AXIOM when examining an iPhone 15 (iOS 17/18) in England.
Specifically, I’m interested in what investigators can realistically recover from a passcode-unlocked device during a standard police forensic examination.
Some questions I have:
Can deleted Snapchat chats or disappearing messages be recovered, or is only metadata (timestamps, contacts, etc.) typically available?
What Instagram data is usually recoverable (deleted messages, media, notifications, cached data)?
How much app cache remains available on modern iPhones compared with older devices?
What is normally obtainable from iCloud versus the physical handset?
Are there significant differences between what Cellebrite and Magnet AXIOM can extract on iPhone 15 models?
Are there any recent white papers, webinars, or real-world forensic experiences covering iPhone 15/iOS 17–18?
I’m looking for technically accurate information from digital forensic practitioners rather than speculation. Any insight or links to current documentation would be greatly appreciated.

reddit.com
u/No-Substance953 — 10 days ago
▲ 0 r/digitalforensics+1 crossposts

Automated Evidence Collection

anyone would be interested in Agentic AI based solution for automatic Audit evidence collection system solution such as ISO, SOC2, GDPR etc? Just upload your application list, automatic controls mapping to backend integration to collect evidence and keep it Audit ready. Anyone interested send a note to me

reddit.com
u/Most-Silver-9655 — 9 days ago

Intimate image

Someone (I believe a certain ex but am going to avoid possible defamation lawsuit) made a fake twitter/x profile and posted an intimate image of me on it. The police have been involved and basically told me that this last warrant (this started in 2023) is my last hope but because I’m located in Canada and the platform is US based it’s “difficult” and sometimes our laws are invalid there. I want to know if there is anyway I can find out who it is if the police don’t. This isn’t an image I sent to someone either, this was non consensual or even possibly under the influence as I don’t recognize anything in the background of the image. I just want my life back. I moved, I changed my number, locked down all my social media and have struggled severely with my mental health since. The photo itself has been taken down and from what it appears the account is locked out or something as the profile picture is gone along with every post from the account. They have one follower which is my partner after I blocked the account and they have one person they are following which is some cam girl whom I tried to reach out to. Please, if anyone on here has any idea on how to help me I’d really appreciate it.

reddit.com
u/Fun-Obligation-4159 — 11 days ago

Begriffsdiskussion - Was umfasst eigentlich "Digitale Forensik"?

Abseits der technischen Diskussion will ich mal eine Frage zur Begrifflichkeit stellen und wie ihr sie definiert.

Ich sehe hier viele Themen, die sich auf IT bezogenen Forensik konzentrieren.

Was mir Recruiter allerdings in letzter Zeit berichten ist, dass wenn sie mit dem Begriff Digitale Forensik ausschreiben, sie in letzter Zeit sehr viele Bewerber bekommen, die mit der klassischen IT gar nichts mehr zu tun haben.

Diese Bewerber stellen sich unter dem Begriff Digitale Forensik eher die digitalisierte Forensik vor - Tatortvermessung mit Drohnen, Sturz- und Bewegungsanalysen, digitalisierte Analysen von biologischen Proben, digitale Rekonstruktionen. In Deutschland ist da vorallem Prof. Labudde von der HS Mittweida ein wichtiger Vertreter.

Ich will diesem Gebiet gar nicht seine Bedeutung und auch gar nicht die Nutzung dieses Begriffes absprechen - denn vielleicht befindet sich der Begriff selbst eben auch in Entwicklung und könnte eben auch ein nützlicher Überbegriff sein für verschiedene Felder der Forensik mit digitalen Hilfsmittel oder Untersuchungsobjekte.

Nur sollten wir dann selbst auch die richtigen Begriffe verwenden, wenn wir nach Bewerbern oder Themen, Informationen suchen. Ich persönlich verwende nun eher die Begriffe IT Forensik oder Computer Forensik, wenn ich über die Forensik spreche, die sich auf die IT bezieht. Das sehen meine Recruiter leider noch anders - und verschwenden momentan viel ihrer und die Zeit der Bewerber...

reddit.com
u/SaltyBaseline — 12 days ago

Analysis request

Can anyone analyse an audio recording to establish if there is a mathematical sequence, rhythmic pattern? And establish if the sound is natural. And any data.

reddit.com
u/Quiet-One-1373 — 13 days ago