Thice Security

Nijverheidsweg 3 009, 1613 DZ Grootebroek, The Netherlands
Thice Security

Posts Categorized / Forensics

Meaningful MD5 Collisions: Creating executables

19/01/2015 | Code, CTF, Forensics, Malware | by Thice

More than two years ago I worked on meaningful MD5 collisions, especially creating executables files, but I never finished my write up about this until now (hurray for having a sabbatical 😉 ). The idea behind this project was to create multiple executables with the same MD5, but with different behavior. I ended up creating […]

Motorola Droid 4 – Broken screen and data recovery

11/12/2014 | Forensics, Hardware | by Thice

At the beginning of this year my Motorola Droid 4 phone started dying on me. I looked for help on the XDA Developers Forum where I kept track of the different steps I took. For archiving reasons I created this write up to have a single page containing all information that I found on the […]

Forensic hardware – Don’t just blindly trust it

02/09/2014 | Forensics, Hardware, Mods | by Thice

I recently found two pictures which I took in the last 2 years, of the Logicube Forensic Dossier misbehaving. I decided to write this very short article to show these pictures. Since this seems to be a 6th(!) generation forensic solution I would not expect this behavior. The Logicube hardware is widely accepted as ‘forensically […]

Recovering data from Garmin Edge 500 GPS

24/04/2014 | Forensics, Hardware | by Thice

A friend of me asked me if I wanted to take a look at his Garmin Edge 500 GPS bike computer, since it was missing some of his tracks. After opening the flash drive of the device in FTK Imager I noticed that the Activities directory did not contain any of the track data (.fit files) […]

Reverse Engineering Perl2Exe back to Perl

01/08/2012 | Code, Forensics, Malware | by Thice

In the August issue of the Digital Forensics Magazine (DFM) my article on reverse engineering Perl2Exe can be found. The article describes a way to recover the source code of the Perl program back from the executable created with Perl2Exe program. Reverse Engineering PERL2EXE Back to Perl Perl2Exe is a program which converts Perl source […]

Samsung WB650 Video file Scalpel rule

08/10/2011 | Code, Forensics | by Thice

I recently ran into the issue that my new photo-camera (Samsung WB650) somehow decided to erase all the data of my SD card. Since the SD card was filled with a lot of photos and video files I decided to image the SD card and to try to recover my files. The photo files all […]