Posts

Image
I bet almost every officer who has worked an ICAC case has dealt with MEGA.nz. You send a request for information to MEGA and you are pleasantly surprised at how fast of a response you get. But there is only one problem, You open a MEGA export zip file. Inside, a maze of JSON files—dense, cryptic, and filled with unfamiliar keys like session_details , bsi_timestamp , and outshares . You know there’s valuable information in there like IP addresses, login times, maybe even evidence of links being sent. But parsing it manually? That’s a full day gone. And worse, you still have to make it understandable to someone who’s never seen a JSON file in their life. I decided to build this parser after I saw multiple cases get ignored because the investigators working them got overwhelmed with the information and felt they couldn't understand it. Much less explain it to a jury.  If that’s you, you’re not alone. As a law enforcement officer, you don’t have time to become a developer just to de...
Post a Comment
Read more

One tool whispers, two tools shout! Life360 Android Locations

Image
INTRODUCTION First post! Yay! I will begin by stating that I discovered these locations accidentally. As with most things in digital forensics, the further you examine, the more you uncover and I consider this a "happy accident". I believe that this is not widely known and why I decided to post the information. I will try and keep this post as short as possible.  I am usually not too picky about locations discovered during an exam as long as they are accurate and can be validated. With that being said, I have always been weary of Cellebrite carved locations and would not recommend using them without having a second source to be used for validation purposes. In my experience, Life360 locations have been present on phone downloads but there are not as many as you would expect. Even with a manual review of the device, the locations seem to be limited and the company is not always responsive to legal process. They will issue statements such as: " Life360 objects to this Lega...
Read more