One of the more important facets of digital forensics concerns how to document the findings in a formal report. At first glance, this would seem to be rather straightforward: report what you found. Appearances, however, can be deceiving.
In an effort to unmask a leaker who fed a reporter classified information about North Korea, FBI...
Chinese hackers who breached Google’s servers several years ago gained access to a sensitive...
In the past few months, we have analyzed a targeted campaign that tries to steal sensitive...
This is the sixth entry in the Spotlight On series published by the CERT Insider Threat Center. Each entry focuses on a specific area of threat to organizations from their current or former employees, contractors, or business partners and presents analysis based on hundreds of actual insider threat cases cataloged in the CERT insider threat database.
Passware announced that Passware Kit Forensic 12.5 can now recognize hard disk images and containers, such as TrueCrypt, BitLocker, PGP, during a computer scan. For a computer forensic professional this means that no evidence is hidden inside a volume.
Since its release in 2007, the iPhone has been extremely popular. Sales have especially increased within the past three years. With its growing popularity and larger user population, there is a greater chance of coming across a case which involves forensically examining an iPhone.
A privacy watchdog group is going after Snapchat for deceiving users about self-destructing messages that don't actually self-destruct. The smartphone app has become popular with young people for sending messages that a few seconds later disappear. The Electronic Privacy Information Center has filed a complaint with the Federal Trade Commission.
Three months after hackers working for a cyberunit of China’s People’s Liberation Army went silent amid evidence that they had stolen data from scores of American companies and government agencies, they appear to have resumed their attacks using different techniques, according to computer industry security experts and American officials.
Agency cybersecurity teams have not been accepted by IT shops as full partners in the job of supporting agency missions and as a result are falling farther behind in efforts to detect and block threats. Security needs to adopt a more aggressive posture, seeking out threats rather than just detecting them and working with IT departments to follow through on remediation.
It’s the question of the moment inside the murky realm of cybersecurity: Just who — or what — is the Syrian Electronic Army? The hacking group that calls itself the S.E.A. struck again, this time breaking into the Twitter accounts and blog headlines of The Financial Times.
Volatility can analyze memory dumps in the "HPAK" archive format, which is proprietary to the Fast Dump (FDPro.exe) acquisition utility. If you're not the person acquiring memory, there's no telling what tool or format will be used for the acquisition … but you still have to find a way to analyze it.
Recently, I profiled asylumbooter.com, one of several increasingly public DDoS-for-hire services posing as Web site “stress testing” services. Today, we’ll look at ragebooter.net, yet another attack service except for one secret feature which sets it apart from the competition: According the site’s proprietor, ragebooter.net includes a hidden backdoor that lets the FBI monitor customer activity.
In the wake of the AP scandal, in which federal investigators obtained the phone records of journalists using only a subpoena, four lawmakers have introduced legislation in the House that would prevent federal agencies from seizing any phone records without a court order.
Valentin Boanta, sitting in his jail cell, proudly explains the device he has invented which, he says, could make the world's ATMs impregnable even to tech-savvy criminals like himself. Boanta, 33, is six months into a five-year sentence for supplying gadgets an organized crime gang used to conceal ATM skimmers, which can copy data from an unsuspecting ATM user's card so a clone can be created.
The four British Lulzsec hackers — Mustafa "tflow" al-Bassam, Ryan "kayla" Ackroyd, Jake "topiary" Davis, and Ryan "ViraL" Cleary — were sentenced to between 20 and 32 months in jail for crimes committed during Lulzsec's 50 day hacking spree in 2011. The handling of charges of conspiracy to commit fraud brought against all four was also an important issue.
Hackers have become adept at modifying malicious code to avoid detection by signature-based security tools so that even well-known malware such as the Poison Ivy Remote Access Tool can slip past defenses. But even stealthy, well-disguised threats leave tracks that can be discovered through analysis of network traffic.
A certain engineer retired from his job of 37 years at a very productive factory of a very well-known company. Prior to his departure, he trained three young college graduates with engineering degrees on the ins-and-outs of the factory. Because the retiring engineer did not have a college degree his replacements quickly discounted his admonitions as the ramblings of an "old man."
What we have seen in the community for some time is that a new tool is announced or mentioned, and members of the community begin clamoring for their copy of that tool. Many times, one of the first questions is, "where can I download a copy of the tool?"