Advertisement
Articles
Subscribe to DFI News

The Lead

Book Excerpt: Checklist: Building a Penetration Testing Lab

October 29, 2014 | by Bruce Middleton | CRC Press/Taylor & Francis Group LLC | Comments

This checklist can help you to build a penetration testing lab. To successfully set up your lab will require attention to detail, redundancy, and a littel bit of paranoia.                   

TOPICS:
View Sample

SUBSCRIBE TO FREE
DFI News
EMAIL NEWSLETTER

Cloud Computing Presents a Unique Forensic Challenge

October 23, 2014 8:00 pm | Comments

Cloud computing raises some unique law enforcement concerns regarding the location of potential digital evidence, its preservation, and its subsequent forensic analysis. Further forensic issues concern the potential effect the cloud services could have on the digital data itself and how the forensic examiner can explain all these indiscretions to the court.

TOPICS:

Investigator Turns Eyewitness

October 20, 2014 8:21 pm | by Benjamin Wright | Comments

In today’s world of social media, investigators are taking on a new role; they are becoming a form of eyewitness. As the eyewitness, an investigator observes evidence that might not be visible to any other available investigator. The investigator is wise to create a record of what he or she sees at any particular point in time, including print outs of screenshots.  

TOPICS:

Who? What? When? Why? Where? And How?

October 17, 2014 8:13 am | by Brett Shavers | Comments

A key factor in placing any person at the scene of a crime is obtaining evidence that can place an identified suspect as it relates to the scene of the crime. Previously discussed methods of physical surveillance and obtaining records are usually the best evidence of placing a suspect at a specific place and at a specific time, but as most investigations involve reacting to incidents, this may not be always possible.

TOPICS:
Advertisement
Malware is an important consideration for examiners working on traditional computer forensic cases. Malware can add complexity to a case, but in some instances, it actually can help investigators. Like any other piece of data, malware can be used as a clu

Understanding Malware

October 8, 2014 9:19 am | by Cindy Murphy | SANS Institute | Comments

Malware is an important consideration for examiners working on traditional computer forensic cases. Malware can add complexity to a case, but in some instances, it actually can help investigators. Like any other piece of data, malware can be used as a clue within a forensic examination.

TOPICS:
The United States Supreme Court’s ruling in Riley v. US may not have been much of a surprise to American law enforcement. Many agencies were already requiring officers to obtain search warrants before searching mobile devices. Ultimately, rather than limi

Mobile Device Search and Seizure in a Post-Riley World

October 1, 2014 8:26 am | by Christa Miller | Cellebrite USA, Inc. | Comments

The United States Supreme Court’s ruling in Riley v. US may not have been much of a surprise to American law enforcement. Many agencies were already requiring officers to obtain search warrants before searching mobile devices. Ultimately, rather than limiting law enforcement, the Riley decision frees agencies to deploy mobile data extraction capabilities across a much wider field of officers.

TOPICS:

Should You Say "I Don’t Know" on the Witness Stand?

September 26, 2014 8:17 am | by Elaine M. Pagliaro | Comments

It goes without saying that the expert will understand the scientific basis of the testing that was done. However, even the most educated and experienced persons have gaps in their knowledge and experience. In most cases, what you don’t know will have no effect on the outcome of a trial.

TOPICS:
Often an examiner will analyze all the digital media only to determine that the probative data was limited to a browser’s history file, an e-mail, a document, the mobile devices’ logs, or an inappropriate graphic video or picture. Finding the critical pro

Streamlining the Digital Forensic Workflow: Part 2

September 24, 2014 8:58 am | by John J. Barbara | Digital Forensics Consulting, LLC | Comments

Often an examiner will analyze all the digital media only to determine that the probative data was limited to a browser’s history file, an e-mail, a document, the mobile devices’ logs, or an inappropriate graphic video or picture. Finding the critical probative data faster in a cost effective manner while reducing or eliminating case backlogs is going to require a more efficient methodology.

TOPICS:

Accurate Data, Forensic Soundness

September 23, 2014 8:27 am | by Ronen Engler and Christa M. Miller | Cellebrite USA, Inc. | Comments

Boot loaders are currently considered the most forensically sound physical extraction method. While they do involve loading a piece of code onto the device, this happens before the forensic tool accesses any evidentiary data. That’s because they replace the device’s normal boot loader, or the first set of operations that kick off the phone’s startup process and hand off to the main controlling program, like the operating system.

TOPICS:
Advertisement

Legal Aspects and Tool Reliability

September 23, 2014 8:13 am | by Gary C. Kessler and Matt Fasulo | Comments

Because of the newness of network forensic activity, network examiners are often left to use existing and emerging tools that have not yet faced the challenge of being proven valid in court. In some respects, the presentation phase of a digital investigation is the most critical; regardless of what has been found, it is worthless if the information cannot be convincingly conveyed to a judge and jury.

TOPICS:
Thrifty attackers, are you tired of investing your dollars in a botnet that's constantly being disrupted by new anti-virus signatures and bot downtime? A "cloudbot" might be just what you seek.

iCloud Hacked!?!

September 23, 2014 6:15 am | by Rebecca Waters | Comments

About a week before this issue went to press, we were treated to a veritable media frenzy surrounding the alleged hacking of iCloud and the news of hundreds of celebrity nude photos leaked. Every news outlet, it seemed, was ready to put forth its own “digital forensics expert”. Now as we prepare to send this page to the printer we are beginning to see the results of the real investigations into the incident.

TOPICS:

Data Storage Issues: Part 4

September 23, 2014 6:12 am | by John J. Barbara | Digital Forensics Consulting, LLC | Comments

Future data storage needs for businesses, corporations, and governments are going to far exceed the ability of current technology to provide those storage devices. Obviously, without major technological advancements, the cost of future data storage could be unprecedented. There are however, a number of technologies under development which may eventually be able to store vast amounts of information, far exceeding today’s devices.

TOPICS:

Using Metadata in Litigation

September 23, 2014 5:37 am | by Andy Spore | Comments

When it comes to metadata as part of a litigation strategy, we mostly see it used as supporting information about the data. It is unusual, but not unheard of, to see metadata used directly as evidence. That is likely to change as more people understand the role metadata can have in developing legal strategy. With proper forensic analysis, metadata can help highlight patterns, establish timelines, and point to gaps in the data.

TOPICS:
One should not expect to find all user information sitting in the default folder or default location for a given type of file (e.g. Application Data or similar folder). Searching the entire hard disk is required in order to locate all unencrypted log and

Retrieving Obscured Files

September 19, 2014 10:00 am | Comments

One should not expect to find all user information sitting in the default folder or default location for a given type of file (e.g. Application Data or similar folder). Searching the entire hard disk is required in order to locate all unencrypted log and history files. 

TOPICS:
First responders must use caution when they seize electronic devices. Improperly accessing data stored on electronic devices may violate Federal laws, including the Electronic Communications Privacy Act of 1986 and the Privacy Protection Act of 1980. Firs

First Responder Electronic Crime Scene Investigation

September 12, 2014 8:50 am | by NIJ | Comments

First responders must use caution when they seize electronic devices. Improperly accessing data stored on electronic devices may violate Federal laws, including the Electronic Communications Privacy Act of 1986 and the Privacy Protection Act of 1980. First responders may need to obtain additional legal authority before they proceed. 

TOPICS:
Over the years, cookies have been overlooked in forensic examinations. For the most part, cookies were used to show that a user account had accessed a website. Since no set structure for cookies existed, determining the content’s meaning was problematic.

Finding Good Cookies

September 5, 2014 12:14 pm | Comments

Over the years, cookies have been overlooked in forensic examinations. For the most part, cookies were used to show that a user account had accessed a website. Since no set structure for cookies existed, determining the content’s meaning was problematic. With the advent of Google Analytics (GA) cookies, that has changed.

TOPICS:

Pages

X
You may login with either your assigned username or your e-mail address.
The password field is case sensitive.
Loading