I’m just confused as to why mobile vendors, specifically, refuse to adopt a well used format. Cellebrite even reverted to Dar for a while, right? Why not use E01s or AFF4? It’s so frustrating.
Comments
Log in with your Bluesky account to leave a comment
Comments
I supported their mov to a widely used container that with hashing it immediately becomes forensic. Easy to work with and supported by all.
For mobile forensics I prefer more speed & less overhead at the front. Think of memory dumps on Windows instead of imaging a drive.
Of course I'm not opposed to other more "forensic" containers.