Profile

Cover photo
John Lehr
175 followers|278,177 views
AboutPosts+1's

Stream

John Lehr

Shared publicly  - 
 
Riffbox and Windows 10
I decided to bite the bullet and try out Windows 10. I wanted to learn the new operating system and determine if I could run specific software/hardware combinations under the new Windows that I had been running in Windows 7, specifically Riffbox. I happy ...
1
Add a comment...

John Lehr

Shared publicly  - 
 
Finding Felons with the Find Command
Digital devices are common place. Digital device examiners are not. How does the digital dutch boy prevent the digital device dam from breaking? By sticking his preview thumb into the leak. The point of a forensic preview is to determine if the device yo...
2
1
Devin Stewart's profile photoJeremy Olachea's profile photo
 
Great article. Thanks John!
Add a comment...

John Lehr

Shared publicly  - 
 
Identifying Android Device Owners
I work in a college town.  That means lots of unsecured electronics.  Lots of unsecured electronics means lots of thefts and 'misplaced'-- "I'm not as think as you drunk I am!"-- devices.   I've seen a trend in recovered stolen devices over the past few yea...
I work in a college town.  That means lots of unsecured electronics.  Lots of unsecured electronics means lots of thefts and 'misplaced'--"I'm not as think as you drunk I am!"--devices.   I've seen a trend in recovered stol...
1
Add a comment...

John Lehr

Shared publicly  - 
 
Finding Serial Numbers on Locked iPhones
Apple iDevices have their serial number engraved on the back, right? So why the article? Because it's not true of newer devices like the iPhone 5, 5s, and 5c. Also, original cases can be replaced and serial numbers obliterated through unprotected use or ...
Apple iDevices have their serial number engraved on the back, right? So why the article? Because it's not true of newer devices like the iPhone 5, 5s, and 5c. Also, original cases can be replaced and serial numbers obliterate...
1
1
Duane Vince's profile photoJohn Lehr's profile photoFabiano Querceto's profile photoJeremy Olachea's profile photo
5 comments
 
Just to add at the discussion, i tried with an iPhone 5 locked with a pin
i used a port of libimobiledevice compiled forr windows and the output of the command you suggested ('ideviceinfo -s')
contained (amongst other things) the device "udid", the "ChipID", the device "color", the device "name"
the hardware model, the iOS version (ProductVersion), the WiFi adapter mac address.
Thanks again
Add a comment...

John Lehr

Shared publicly  - 
 
Making Sense of the Senseless
SQLite to the Rescue One of the tasks I’m asked to perform is to geolocate mobile phone calls from Call Detail Reports (CDR). These usually arrive from a carrier as spread sheets: one with details of calls to and from a particular number, and one or more c...
SQLite to the Rescue One of the tasks I’m asked to perform is to geolocate mobile phone calls from Call Detail Reports (CDR). These usually arrive from a carrier as spread sheets: one with details of calls to and from a part...
2
Add a comment...
Have him in circles
175 people
Fraser Phillips's profile photo
Sean Morrissey's profile photo
DƐpɐk Kumar's profile photo
Ralf Märki's profile photo
Paolo Dal Checco's profile photo
Shankar Raman's profile photo
Maggie Gaffney's profile photo
Andy Reyes's profile photo
Santiago Vicente's profile photo

John Lehr

Shared publicly  - 
 
Android SDK on 64-bit Linux
I commonly use adb and fastboot to access Android devices.  Ubuntu has packages for those tools making installation easy: $ sudo apt-get install android-tools-adb android-tools-fastboot But, in recent months, I have encountered instances where the adb and f...
1
Add a comment...

John Lehr

Shared publicly  - 
 
URLs : U R Loaded with Information
In my early days of forensics, I considered URLs in web histories as nothing more than addresses to websites, and strictly speaking, that’s true. But URLs often contain form information supplied by the user and other artifacts that can be relevant to an in...
1
1
Jeremy Olachea's profile photo
Add a comment...

John Lehr

Shared publicly  - 
 
Getting Attached: Apple Messaging Attachments
I sometimes get questions about showing attachments in Apple iDevice messaging databases. The questions, however, seem to come at a time when I don’t have any databases on hand to study the issue. Well, this week I stumbled on the chats.db during an exam ...
I sometimes get questions about showing attachments in Apple iDevice messaging databases. The questions, however, seem to come at a time when I don’t have any databases on hand to study the issue. Well, this week I stumbled o...
4
Jeff Keen's profile photo
 
Hey, thanks for posting this! This really helped me out.
Add a comment...

John Lehr

Shared publicly  - 
 
Searching for Searches
In a recent examination of smart phone content, it became necessary to know the personal interests of the device's owner.  You can browse internet and app history, but that can be extensive to review every URLs to every clicked link and served page.  To get...
In a recent examination of smart phone content, it became necessary to know the personal interests of the device's owner.  You can browse internet and app history, but that can be extensive to review every URLs to every click...
1
1
Jeremy Olachea's profile photo
Add a comment...

John Lehr

Shared publicly  - 
 
Identifying Owners of Locked Android Devices
Locked Devices are not Always Secure I was handed a device I’ve never seen before: A Verizon Ellipsis 7" tablet. The device was suspected to be stolen, but it was password locked with no sd card or sim card installed. USB debugging and mass storage mode w...
Locked Devices are not Always Secure I was handed a device I’ve never seen before: A Verizon Ellipsis 7" tablet. The device was suspected to be stolen, but it was password locked with no sd card or sim card installed. USB de...
2
Add a comment...

John Lehr

Shared publicly  - 
 
iPhone: Recovering from Recovery
I was attempting to brute force an iPhone 4 passcode for data recovery. The phone was in poor condition and had undergone modifications:...
I was attempting to brute force an iPhone 4 passcode for data recovery. The phone was in poor condition and had undergone modifications: the home button had been replaced as well as the back cover, maybe more. I could not rel...
4
Erich Wacha's profile photo
 
hi JOHN PLEASE CONTACT ME erichwacha@googlemail.com
Add a comment...
People
Have him in circles
175 people
Fraser Phillips's profile photo
Sean Morrissey's profile photo
DƐpɐk Kumar's profile photo
Ralf Märki's profile photo
Paolo Dal Checco's profile photo
Shankar Raman's profile photo
Maggie Gaffney's profile photo
Andy Reyes's profile photo
Santiago Vicente's profile photo
Basic Information
Gender
Male
Story
Introduction
I perform Digital Forensics using the Linux operating system.
John Lehr's +1's are the things they like, agree with, or want to recommend.
Chrome Browser - Google
market.android.com

Browse fast with the Chrome web browser on your Android phone and tablet. Sign in to sync your Chrome browser experience from your computer

Google Calendar
market.android.com

Experience Google Calendar on devices running 4.0.3 or later.The Calendar app displays events from each of your Google Accounts that synchro

Blogger
market.android.com

Start blogging on the go with the official Blogger app!Experience the official version of the Blogger app. You can easily publish posts with