Political leaders including President Obama and Senator Dianne Feinstein in recent days have defended snooping on private communications by noting that intelligence agencies were not reading personal messages, but rather information about the messages.
In the wake of discoveries that some medical devices are vulnerable to remote tampering via the...
Malware authors and distributors follow the money. When you consider the growing popularity of...
There’s often a lot of rhetoric in the press and in the security community around threats to the utilities industry, and risk exposure surrounding critical infrastructure. We’ve determined that the utilities industry (power, water, waste) has been, and likely will continue to be, a target for cyber espionage primarily from Chinese APT groups.
Some of the things I'm most interested in when looking at tools for parsing LNK files include completeness/correctness of output, ease of use, the ease with which I can incorporate the output into my analysis processes, etc. I know that some of these aspects may mean different things to different people ... for example, if you're not familiar with parsing shell item ID lists, how do you determine completeness/correctness?
I recently had the opportunity to help a colleague with an iPhone database that was not supported by his automated tools. The application was the TextMe application, and predictably, the texting app stored its chat in a SQLite database. What made the database interesting was the fact that there was no immediately obvious way to identify to whom a message was sent.
US law enfocers are demanding a kill switch on our smartphones that would theoretically brick them after they're stolen. The initiative, dubbed Secure Our Smartphones (SOS), is a coalition of law enforcers from across the country: state attorneys general, district attorneys, major city police chiefs, state and city comptrollers, as well as public safety activists and consumer advocates.
At the Computer and Enterprise Investigations Conference in Orlando, Fla., a number of vendors in computer forensics, cybersecurity, and e-discovery released new products, which make CEIC an annual event for Law Technology News to attend. Cellebrite's UFED series of mobile forensic devices got a new stand-alone application, called UFED Link Analysis.
The secret court that adjudicates national security-related information requests lifted the veil on its operations a tiny bit, ruling that portions of one of its earlier opinions could be disclosed to the public. The ruling came in a case by the San Francisco-based Electronic Frontier Foundation.
Since the Guardian and The Washington Post revealed the existence of the NSA’s PRISM program, there’s been a confusing debate about what exactly the program is and how it works. While the Obama administration has tacitly acknowledged the program’s existence, tech companies have angrily denied that they had given the NSA “direct” or “unfettered” access to their servers. So what’s going on?
Thefts of Apple iPhones have become so widespread that the police have coined the term “Apple picking” to describe the crime. Apple says it has come up with a solution for the problem, and legal officials are already showing thanks to the company.
This is the first in a series of blog posts which will cover basic reversing of a very simple program written in C. The first post will walk through the simple C program and explain how it is constructed and a bit about C syntax and functions.
You might have noticed that we recently posted the course description for the upcoming all-new course, FOR572: Advanced Network Forensics and Analysis. FOR572 will include a lot of tcpdump and Wireshark work, but also goes beyond that, using a "big picture" approach that incorporates evidence and methods covering all kinds of network-based systems and devices.
Recently, an Android application came to us for analysis. At a glance, we knew this one was special. All strings in the DEX file were encrypted, and the code was obfuscated. The file turned out to be a multi-functional Trojan capable of sending SMS to premium-rate numbers; downloading other malware programs, installing them on the infected device and/or sending them further via Bluetooth; and remotely performing commands in the console.
Today's post will discuss a number of plugins that can retrieve forensically interesting information from within the kernel. Keep in mind, you can also use mac_yarascan to search kernel memory with yara signatures and you can use mac_volshell as an interactive tool to print kernel data structures, display kernel memory addresses as bytes, dword, qwords, or disassemble code in kernel space.
Everyone loves a good cyber-espionage story, and we love to put China under the spotlight. Why? Because their methods work. China has some well known hacking groups that have conducted cyber-espionage-oriented attacks, such as the Elderwood Group, Unit 61398 and the Nitro gang.
Pavel Vrublevsky, the owner of Russian payments firm ChronoPay and the subject of an upcoming book by this author, was arrested in Moscow for witness intimidation in his ongoing trial for allegedly hiring hackers to attack against Assist, a top ChronoPay competitor.
The GUI control panel is a long standing feature of Microsoft Windows, facilitating granular changes to a vast collection of system features. It can be disabled via Group Policy but is largely available to most user accounts (administrative permissions are required for some changes). From a forensic perspective, we can audit control panel usage to identify a wide range of user activity.