22·
13 days agoI have no issue with this, I personally wouldn’t use it but I get that they need to make money (which is why i have a recurrent donation every month).
If this helps them to do that, then so be it
- 1 Post
- 4 Comments
Joined 2 years ago
Cake day: June 15th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Can confirm i am a melanated individual who doesn’t use sunblock as often as i should (but im also never outside LMFAO)
But yes you’re absolutely correct but I just wanted to clarify that we should be using sunblock but nevertheless it’s still not as much of a risk to us
No, having certain skintones doesn’t magically make you immune to skin cancer, wear your fucking sunscreen.
Complete protection? Certainly not, but melanin does provide some protection from UV radiation. Still important to wear sunscreen because if a melanated individual where to get skin cancer it usually has a higher mortality rate because they’re often caught late.
Epidemiological data strongly support the photoprotective role of melanin as there exists an inverse correlation between skin pigmentation and the incidence of sun-induced skin cancers (1) and subjects with White skin are approximately 70 times more likely to develop skin cancer than subjects with Black skin (67). The shielding effect of melanin, especially eumelanin, is achieved by its ability to serve as a physical barrier that scatters UVR, and as an absorbent filter that reduces the penetration of UV through the epidermis (68). The efficacy of melanin as a sunscreen was assumed to be about 1.5-2.0 sun protective factors (SPF);
Okay so I’ll try my best to convey what I know (I studied DFIR in college, but I work as a security engineer now):
There are two types of mobile device forensic acquisitions/collections/extractions: BFU and AFU.
BFU (Before first unlock) extractions simply refer to what Cellebrite is able to pull from the phone when it has been turned on but not unlocked for the first time, similarly AFU (after first unlock) is what it can collect after its been unlocked.
You can think about this as your phone being in two states: when you first boot it up (and I’m talking from the Android perspective, because I have never owned an iPhone) you’re required to use your pin/password to unlock the device and then it will complete its boot. Any time after that first unlock though, you can unlock with stuff like biometrics and its much faster (i know my phone when i unlock for the first time after a boot will display an “Android is Starting” or something like that while it loads up).
Bringing this back to your main question: depending on the OS version and device, what is pulled from AFU/BFU will vary. So looking at the image you linked:
If you were an incident responder, you’d probably read this chart left to right. Lets say i have a Samsung S23 running presumably android 13 or 14, I’d first look at the samsung rows, choose the second one for the version, and then id have to determine if the device is in BFU or AFU mode, and see which options are available to me. In this instance, it doesn’t make a difference because I can get user data from either (because i can brute force the password on the lockscreen for this specific device). Otherwise, a BFU extraction might only pull out surface level information from the device because everything may not have been decrypted yet.
I feel like I’m rambling but I hope it’s shedding some light, your point about the password is important but not everything. Companies like Cellebrite and Magnet pay a lot of money for zero day vulns that they can build exploits for into their software, meaning that if theres something critical (like a pin code bypass) then they could just use that and get all your data. But, there’s a lot of various data on cellphones, take Signal for example (and this is just an example, I don’t actually know): it’s possible that if signal is encrypting messages stored on the device, that even if an examiner pulled that database out, they might still not be able to do anything about it.
My final point, there’s also a high degree of secrecy around these tools. Obviously Cellebrite and Magnet are incentivised to keep their exploits quiet so they continue working, otherwise Google or Apple could just issue a security patch and render them useless. Often, they’ll have different tools that are available to different organizations: a company may have a few cellebrite dongles for internal investigations and litigation support, the details of which are kept under NDA, but they’re still likely to be separate from what an organization like the FBI would have access to. This is why it’s often hard to find information on these tools, especially updated or recent information